aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Joe Banks <[email protected]>2024-07-31 13:19:57 +0100
committerGravatar Joe Banks <[email protected]>2024-07-31 13:25:56 +0100
commitdb78d8affd2d69d9aec0401637c68da328d6b012 (patch)
treeb5a5cfa30448ad350bff9d378202b82583fed342
parentpostfix: update security parameters for mail sending (diff)
postfix: basic anti-abuse parameters
Diffstat
-rw-r--r--ansible/roles/postfix/templates/main.cf.j216
1 files changed, 16 insertions, 0 deletions
diff --git a/ansible/roles/postfix/templates/main.cf.j2 b/ansible/roles/postfix/templates/main.cf.j2
index 05c78da..7d0d7ca 100644
--- a/ansible/roles/postfix/templates/main.cf.j2
+++ b/ansible/roles/postfix/templates/main.cf.j2
@@ -63,3 +63,19 @@ mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
+
+# Basic anti-abuse ratelimits.
+# The time window is specified with anvil_rate_time_unit,
+# which defaults to 60 seconds.
+smtpd_client_auth_rate_limit = 1000
+smtpd_client_connection_rate_limit = 1000
+smtpd_client_message_rate_limit = 1000
+smtpd_client_new_tls_session_rate_limit = 1000
+smtpd_client_recipient_rate_limit = 100
+# Sleep for $smtpd_error_sleep_time (default 1s) after getting 1 junk command.
+smtpd_junk_command_limit = 1
+# One error counts $smtpd_junk_command_limit junk commands received.
+# Once the client has performed enough bullshit, disconnect.
+smtpd_hard_error_limit = 10
+anvil_rate_time_unit = 24h
+anvil_status_update_time = 12h
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-20 23:20:30 +0000