Re: AUTH rate limit
On 2021 Nov 03, at 04:08, Markus Schönhaber wrote: > 03.11.21, 10:53 +0100, @lbutlr: > >> postfix/smtps/smtpd[5554] warning: AUTH command rate limit exceeded: 4 >> Where is this limit set? I looked through postconf -d | grep auth looking >> for something but did not find anything. > > My guess would be > http://www.postfix.org/postconf.5.html#smtpd_client_auth_rate_limit Thanks, don't know how I missed that. -- Instant karma's going to get you!
Re: AUTH rate limit
On Wed, 3 Nov 2021, post...@ptld.com wrote:
Just a FYI programs that change the firewall like fail2ban and sshguard
can put a high burdern on the server in the event your firewall blocks
a large amount of IP space AND you are on a very limited CPU.
Touching the firewall can lock out the server for seconds as the firewalld
I assume
creates some efficient table of IP space to block. Once the firewall is
established it isn't much of a CPU load but changing the inputs to it
does burden the CPU.
Have you checked out ipset? It is fast and light weight, allowing you to
add/remove IP's to block without touching the firewall (no restart/reload) or
having to change rules. Ipset is integrated into the kernel, you just add a
one time rule to your firewall to block anything contained by ipset. One of
ipset's features is auto expire time limits, you can tell it to ban an IP
between 1 second to 3 weeks, or no timer and ban until the IP is manually
removed.
With nftables (which unfortunately does not combine with ipset, which was a
great tool indeed), blocking an ip/range is effectively an immediate action.
My fail2ban block script does "nft add element inet filter fail2ban { }",
where fail2ban is a "set" (in the terminology of nftables).
Cheers,
Bernardo
Re: AUTH rate limit
Just a FYI programs that change the firewall like fail2ban and sshguard can put a high burdern on the server in the event your firewall blocks a large amount of IP space AND you are on a very limited CPU. Touching the firewall can lock out the server for seconds as the firewalld I assume creates some efficient table of IP space to block. Once the firewall is established it isn't much of a CPU load but changing the inputs to it does burden the CPU. Have you checked out ipset? It is fast and light weight, allowing you to add/remove IP's to block without touching the firewall (no restart/reload) or having to change rules. Ipset is integrated into the kernel, you just add a one time rule to your firewall to block anything contained by ipset. One of ipset's features is auto expire time limits, you can tell it to ban an IP between 1 second to 3 weeks, or no timer and ban until the IP is manually removed.
Re: AUTH rate limit
On Wed, 3 Nov 2021 17:40:30 +0100 Matus UHLAR - fantomas wrote: > >>03.11.21, 10:53 +0100, @lbutlr: > >> > >>> postfix/smtps/smtpd[5554] warning: AUTH command rate limit > >>> exceeded: 4 > >>> > >>> Where is this limit set? I looked through postconf -d | grep auth > >>> looking for something but did not find anything. > > >Markus Schönhaber wrote:- > >>My guess would be > >>http://www.postfix.org/postconf.5.html#smtpd_client_auth_rate_limit > > On 03.11.21 16:32, Matthew Richardson wrote: > >What might be useful would be a setting which rate limits clients > >based on the number of FAILED AUTH requests made, probably over a > >long period of time. > > > >I don't see one, but may be missing something... > > so far you can use fail2ban > Just a FYI programs that change the firewall like fail2ban and sshguard can put a high burdern on the server in the event your firewall blocks a large amount of IP space AND you are on a very limited CPU. In my case I am using a VPS with one CPU core. I have found sshguard would send my CPU usage to 100% when it added and removed IPs to be blocked. It was fare better just to let Postfix anvil to do the rate limiting. I do geofencing and block a number of hosting sites. Touching the firewall can lock out the server for seconds as the firewalld I assume creates some efficient table of IP space to block. Once the firewall is established it isn't much of a CPU load but changing the inputs to it does burden the CPU. Most of my experience is with sshguard rather than fail2ban though I believe the net effect of the programs is the same. Before I removed sshguard I would find vi unresponsive at times. Using logs I traced the problem the sshguard and the firewall. This is a case where the cure was worse than the disease. I never detected real email being slowed down by this postfix rate limiting.
Re: AUTH rate limit
03.11.21, 10:53 +0100, @lbutlr: postfix/smtps/smtpd[5554] warning: AUTH command rate limit exceeded: 4 Where is this limit set? I looked through postconf -d | grep auth looking for something but did not find anything. Markus Schönhaber wrote:- My guess would be http://www.postfix.org/postconf.5.html#smtpd_client_auth_rate_limit On 03.11.21 16:32, Matthew Richardson wrote: What might be useful would be a setting which rate limits clients based on the number of FAILED AUTH requests made, probably over a long period of time. I don't see one, but may be missing something... so far you can use fail2ban -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. LSD will make your ECS screen display 16.7 million colors
Re: AUTH rate limit
Markus Schönhaber wrote:- >03.11.21, 10:53 +0100, @lbutlr: > >> postfix/smtps/smtpd[5554] warning: AUTH command rate limit exceeded: 4 >> >> Where is this limit set? I looked through postconf -d | grep auth looking >> for something but did not find anything. > >My guess would be >http://www.postfix.org/postconf.5.html#smtpd_client_auth_rate_limit What might be useful would be a setting which rate limits clients based on the number of FAILED AUTH requests made, probably over a long period of time. I don't see one, but may be missing something... -- Best wishes, Matthew
Re: AUTH rate limit
03.11.21, 10:53 +0100, @lbutlr: postfix/smtps/smtpd[5554] warning: AUTH command rate limit exceeded: 4 Where is this limit set? I looked through postconf -d | grep auth looking for something but did not find anything. My guess would be http://www.postfix.org/postconf.5.html#smtpd_client_auth_rate_limit -- Regards mks
AUTH rate limit
postfix/smtps/smtpd[5554] warning: AUTH command rate limit exceeded: 4 Where is this limit set? I looked through postconf -d | grep auth looking for something but did not find anything. -- You're so bad at doing acid!
