The following is a list of directives that can be used for limiting a denial of service attack:
smtpd_client_connection_rate_limit— The maximum number of connection attempts any client is allowed to make to this service per time unit (described below). The default value is 0, which means a client can make as many connections per time unit as Postfix can accept. By default, clients in trusted networks are excluded.anvil_rate_time_unit— This time unit is used for rate limit calculations. The default value is 60 seconds.smtpd_client_event_limit_exceptions— Clients that are excluded from the connection and rate limit commands. By default, clients in trusted networks are excluded.smtpd_client_message_rate_limit— The maximum number of message deliveries a client is allowed to request per time unit (regardless of whether or not Postfix actually accepts those messages).default_process_limit— The default maximum number of Postfix child processes that provide a given service. This limit can be overruled for specific services in themaster.cffile. By default the value is 100.queue_minfree— The minimum amount of free space in bytes in the queue file system that is needed to receive mail. This is currently used by the Postfix SMTP server to decide if it will accept any mail at all. By default, the Postfix SMTP server rejectsMAIL FROMcommands when the amount of free space is less than 1.5 times the message_size_limit. To specify a higher minimum free space limit, specify a queue_minfree value that is at least 1.5 times the message_size_limit. By default the queue_minfree value is 0.header_size_limit— The maximum amount of memory in bytes for storing a message header. If a header is larger, the excess is discarded. By default the value is 102400.message_size_limit— The maximum size in bytes of a message, including envelope information. By default the value is 10240000.
No comments:
Post a Comment