Heiko Schlittermann <hs@???> (Mi 25 Sep 2019 13:12:45 EDT):
> Maybe we use ratelimit to restrict the numbers of distinct
> sender_host_addresses that are allowed to do (successful)
> authentication.
We can.
> The challenge will be to find the right balance between being too sloppy
> and too strict.
cl_check_mail:
deny authenticated = *
ratelimit = 2/1d / per_conn/unique=$sender_host_address / $authenticated_id
Of course, 2/1d is a way strict :)
Maybe you can scan your log files to get an idea about a good choice.
--
Heiko
