I'm wondering if I have my rate limiting set up correctly. Note I have that perl script that sniffs out dynamic IP addresses, so I am not sure how this user is even getting concurrent connections.
From the main.cf: smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_reverse_client_hostname_access pcre:/etc/postfix/fqrdns.pcre, reject_unknown_reverse_client_hostname, check_client_access hash:/etc/postfix/spamsources smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unknown_address, check_sender_access hash:/etc/postfix/spamsources smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service unix:private/policy #lines added after hacker attack smtpd_error_sleep_time = 2s smtpd_soft_error_limit = 3 smtpd_hard_error_limit = 6 smtpd_client_connection_rate_limit = 3 smtpd_client_auth_rate_limit = 20 smtpd_client_connection_count_limit = 3 smtpd_client_new_tls_session_rate_limit = 3 smtpd_client_recipient_rate_limit = 40 smtpd_recipient_limit = 20 From the maillog: Jan 10 08:39:32 mydomain postfix/smtpd[29789]: connect from unknown[121.238.5.110] Jan 10 08:39:32 mydomain postfix/smtpd[29789]: warning: Connection concurrency limit exceeded: 4 from unknown[121.238.5.110] for service smtp Jan 10 08:39:32 mydomain postfix/smtpd[29789]: disconnect from unknown[121.238.5.110] commands=0/0 Jan 10 08:39:32 mydomain postfix/smtpd[29783]: warning: hostname 110.5.238.121.broad.nt.js.dynamic.163data.com.cn does not resolve to address 121.238.5.110: Name or service not known Jan 10 08:39:32 mydomain postfix/smtpd[29783]: connect from unknown[121.238.5.110] Jan 10 08:39:32 mydomain postfix/smtpd[29783]: warning: Connection concurrency limit exceeded: 4 from unknown[121.238.5.110] for service smtp Jan 10 08:39:32 mydomain postfix/smtpd[29783]: disconnect from unknown[121.238.5.110] commands=0/0 Jan 10 08:39:32 mydomain postfix/smtpd[29786]: lost connection after AUTH from unknown[121.238.5.110] Jan 10 08:39:32 mydomain postfix/smtpd[29786]: disconnect from unknown[121.238.5.110] ehlo=1 auth=0/1 commands=1/2 Jan 10 08:39:32 mydomain postfix/smtpd[29790]: warning: hostname 110.5.238.121.broad.nt.js.dynamic.163data.com.cn does not resolve to address 121.238.5.110: Name or service not known Jan 10 08:39:32 mydomain postfix/smtpd[29790]: connect from unknown[121.238.5.110] Jan 10 08:39:32 mydomain postfix/smtpd[29790]: warning: Connection rate limit exceeded: 10 from unknown[121.238.5.110] for service smtp Jan 10 08:39:32 mydomain postfix/smtpd[29790]: disconnect from unknown[121.238.5.110] commands=0/0 Jan 10 08:39:32 mydomain postfix/smtpd[29785]: warning: hostname 110.5.238.121.broad.nt.js.dynamic.163data.com.cn does not resolve to address 121.238.5.110: Name or service not known Jan 10 08:39:32 mydomain postfix/smtpd[29785]: connect from unknown[121.238.5.110] Jan 10 08:39:32 mydomain postfix/smtpd[29785]: warning: Connection rate limit exceeded: 11 from unknown[121.238.5.110] for service smtp
