I found this in "man iptables-extensions" <BEGIN QUOTE> Examples:
# allow 2 telnet connections per client host
iptables -A INPUT -p tcp --syn --dport 23 -m connlimit
--connlimit-above 2 -j REJECT
<END QUOTE>
It could be adapted to offer basic DoS protection for postfix.
Unfortunately my MXhost does not have the extension module :-(
Allen C
