On Wed, 3 Nov 2021 17:40:30 +0100
Matus UHLAR - fantomas <uh...@fantomas.sk> wrote:
> >>03.11.21, 10:53 +0100, @lbutlr:
> >>
> >>> postfix/smtps/smtpd[5554] warning: AUTH command rate limit
> >>> exceeded: 4
> >>>
> >>> Where is this limit set? I looked through postconf -d | grep auth
> >>> looking for something but did not find anything.
>
> >Markus Schönhaber <postfix-us...@list-post.mks-mail.de> wrote:-
> >>My guess would be
> >>http://www.postfix.org/postconf.5.html#smtpd_client_auth_rate_limit
>
> On 03.11.21 16:32, Matthew Richardson wrote:
> >What might be useful would be a setting which rate limits clients
> >based on the number of FAILED AUTH requests made, probably over a
> >long period of time.
> >
> >I don't see one, but may be missing something...
>
> so far you can use fail2ban
>
Just a FYI programs that change the firewall like fail2ban and sshguard
can put a high burdern on the server in the event your firewall blocks
a large amount of IP space AND you are on a very limited CPU. In my
case I am using a VPS with one CPU core. I have found sshguard would
send my CPU usage to 100% when it added and removed IPs to be blocked.
It was fare better just to let Postfix anvil to do the rate limiting.
I do geofencing and block a number of hosting sites. Touching the
firewall can lock out the server for seconds as the firewalld I assume
creates some efficient table of IP space to block. Once the firewall is
established it isn't much of a CPU load but changing the inputs to it
does burden the CPU.
Most of my experience is with sshguard rather than fail2ban though I
believe the net effect of the programs is the same.
Before I removed sshguard I would find vi unresponsive at times. Using
logs I traced the problem the sshguard and the firewall. This is a case
where the cure was worse than the disease. I never detected real email
being slowed down by this postfix rate limiting.
