I wanted to pass this along. I'm sure it may be nothing new to most of you,
but it has greatly reduced sasl attacks and spam.
I found most of it here:
https://scottlinux.com/2011/05/26/prevent-postfix-brute-force/
I added the fail2ban rule and modified my postfix main.cf as follows:
smtpd_client_connection_rate_limit = 3
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions permit_mynetworks,
reject_non_fqdn_helo_hostname,
reject_invalid_helo_hostname,
permit
smtpd_sender_restrictions permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit
smtpd_recipient_restrictions reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit_mynetworks,
reject_unauth_destination,
check_sender_access
hash:/etc/postfix/access,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
check_policy_service unix:postgrey/socket,
permit
smtpd_client_connection_count_limit = 3
smtpd_client_message_rate_limit = 5
smtpd_client_recipient_rate_limit = 60
smtpd_client_event_limit_exceptions = $mynetworks
smtpd_client_new_tls_session_rate_limit = 3
smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20
Has knocked down all the spam and about 99% of the sasl attacks.
If anyone would like to add to this, please do so.
TIA
