From 6a847b1db1a89f47b949a872d060cf7df0a1e122 Mon Sep 17 00:00:00 2001 From: Christoph Date: Sun, 6 Feb 2022 13:56:46 +0100 Subject: [PATCH] install_postfix_advanced.sh: add 'Rate limit' configurations. --- install_postfix_advanced.sh | 150 ++++++++++++++++++++++++++++++++++++ 1 file changed, 150 insertions(+) diff --git a/install_postfix_advanced.sh b/install_postfix_advanced.sh index 7381d72..633baea 100755 --- a/install_postfix_advanced.sh +++ b/install_postfix_advanced.sh @@ -1644,6 +1644,156 @@ virtual_alias_maps = virtual_alias_domains = +#======= Rate Limiting ============ + +# anvil_rate_time_unit (default: 60s) +# +# The time unit over which client connection rates and other rates are +# calculated. +# +# The default interval is relatively short. Because of the high frequency of +# updates, the anvil(8) server uses volatile memory only. Thus, information is +# lost whenever the process terminates. +# +# Specify a non-zero time value (an integral value plus an optional one-letter +# suffix that specifies the time unit). Time units: s (seconds), m (minutes), +# h (hours), d (days), w (weeks). The default time unit is s (seconds). +# +# !! Note: +# I basically only included it for conciseness. +# +#anvil_rate_time_unit = 60s + + +# smtpd_soft_error_limit (default: 10) +# +# The number of errors a remote SMTP client is allowed to make without +# delivering mail before the Postfix SMTP server slows down all +# its responses. +# +#smtpd_soft_error_limit = 10 + + +# ----- +# Stay off of blacklists: Limit postfix recipients +# ================================================ +# +# see also: +# https://grovetech.co/blog/stay-off-of-blacklists-limit-postfix-recipients/ +# ---- + +# smtpd_recipient_limit (default: 1000) +# +# The maximal number of recipients that the Postfix SMTP server accepts per +# message delivery request. +# +# Note: +# You can't restrict this to a to/cc/bcc field – it's for all recipients. +# +smtpd_recipient_limit = 50 + + +# smtpd_recipient_overshoot_limit (default: 1000) +# +# The number of recipients that a remote SMTP client can send in excess of +# the limit specified with \$smtpd_recipient_limit, before the Postfix SMTP +# server increments the per-session error count for each excess recipient. +# +smtpd_recipient_overshoot_limit = 51 + +# smtpd_hard_error_limit (default: normal: 20, overload: 1) +# +# The maximal number of errors a remote SMTP client is allowed to make +# without delivering mail. The Postfix SMTP server disconnects when the +# limit is reached. Normally the default limit is 20, but it changes under +# overload to just 1. Valid values are greater than zero. +# +#smtpd_hard_error_limit = 20 + +# --- +# So you technically need to consider the 3 values here which affect both +# inbound & outbound mail. Then there’s the throttling tools. +# --- + + +# smtpd_client_recipient_rate_limit (default: 0) +# +# The maximal number of recipient addresses that any client is allowed to +# send to this service per time unit, regardless of whether or not Postfix +# actually accepts those recipients. The time unit is specified with the +# anvil_rate_time_unit configuration parameter. +# +# By default, a client can send as many recipient addresses per time unit +# as Postfix can accept. +# +# To disable this feature, specify a limit of 0. +# +# WARNING: +# The purpose of this feature is to limit abuse. It must not be used to +# regulate legitimate mail traffic. +# +smtpd_client_recipient_rate_limit = 50 + +# smtpd_client_connection_rate_limit (default: 0) +# +# The maximal number of connection attempts any client is allowed to make +# to this service per time unit. The time unit is specified with the +# anvil_rate_time_unit configuration parameter. +# +# By default, a client can make as many connections per time unit as Postfix +# can accept. +# +# To disable this feature, specify a limit of 0. +# +# WARNING: +# The purpose of this feature is to limit abuse. It must not be used to +# regulate legitimate mail traffic. +# +smtpd_client_connection_rate_limit = 10 + +# smtpd_client_message_rate_limit (default: 0) +# +# The maximal number of message delivery requests that any client is allowed +# to make to this service per time unit, regardless of whether or not Postfix +# actually accepts those messages. The time unit is specified with the +# anvil_rate_time_unit configuration parameter. +# +# By default, a client can send as many message delivery requests per time unit +# as Postfix can accept. +# +# To disable this feature, specify a limit of 0. +# +# WARNING: The purpose of this feature is to limit abuse. It must not be used +# to regulate legitimate mail traffic. +# +#smtpd_client_message_rate_limit = 10 + + +default_extra_recipient_limit = 50 +duplicate_filter_limit = 50 + +# default_destination_recipient_limit (default: 50) +# +# The default maximal number of recipients per message delivery. This is the +# default limit for delivery via the lmtp(8), pipe(8), smtp(8) and virtual(8) +# delivery agents. +# +#default_destination_recipient_limit = 50 + +# smtp_destination_recipient_limit (default: \$default_destination_recipient_limit) +# +# The maximal number of recipients per message for the smtp message delivery +# transport. This limit is enforced by the queue manager. The message delivery +# transport name is the first field in the entry in the master.cf file. +# +# Note: +# Setting this parameter to a value of 1 changes the meaning of +# smtp_destination_concurrency_limit from concurrency per domain into concurrency +# per recipient. +# +#smtp_destination_recipient_limit = \$default_destination_recipient_limit + + #======= smtpd Restrictions ============ # - Order of evaluating smtpd restriction lists: