When searching the net for “postfix rate limit” one will most likely come across articles like Rate Limiting with Postfix with lots of useful remarks about reasons to apply such restrictions.
It may be worth to add a link to the Postfix manual about smtpd_client_message_rate_limit.
The procedure to configure this feature in UCS is comparable but we have to remember that we should apply the change to
main.cf.local rather than
main.cf as we did for example in HowTo: adjust the time until warnings or errors for temporarily undeliverable messages are sent.
cat >> /etc/postfix/main.cf.local <<EOF smtpd_client_message_rate_limit = 2 anvil_rate_time_unit = 60s EOF ucr commit /etc/postfix/main.cf service postfix restart
From my perspective the limit of 2 allowed messages within 60 seconds is a good approach for human senders.
It might be worth to have a look at
/var/log/mail.log to see what happens once the limit applies:
Jan 27 13:21:40 ucs01 postfix/smtpd: connect from some.client.hostname.tld[184.108.40.206] Jan 27 13:21:41 ucs01 postfix/smtpd: warning: Message delivery request rate limit exceeded: 3 from some.client.hostname.tld[220.127.116.11] for service submission
This log entry also shows, that the limit is counted by the ip address of the client. This means that it is only useful to apply a limit if we allow - hopefully - authenticated mail submissions for mailclients like Thunderbird. Locally installed Webmail systems will not be limited in most scenarios. Remote Webmail systems may run into the limit though, so using this restriction is rather counterproductive.
We also have to take into account that any IP from
mail/postfix/mynetworks) is not restricted. It is btw not really a good idea to place the whole local network into
mynetwork as it opens the doors much to wide.
smtpd_client_message_rate_limitis a good start and better than no protection. If we need more fine grained rules for the Limts we might consider a policy daemon like mtpolicyd which requires a bit more effort.