Configure Postfix Resource Usage to Limit Denial of Service Attacks

An XCCDF Group

Details
Profiles
Prose

Description

Edit /etc/postfix/main.cf. Edit the following lines to configure the amount of system resources Postfix can consume:

default_process_limit = 100
smtpd_client_connection_count_limit = 10
smtpd_client_connection_rate_limit = 30
queue_minfree = 20971520
header_size_limit = 51200
message_size_limit = 10485760
smtpd_recipient_limit = 100

The values here are examples.

warning alert: Warning

Note: The values given here are examples, and may need to be modified for any particular site. By default, the Postfix anvil process gathers mail receipt statistics. To get information about about what connection rates are typical at your site, look in /var/log/maillog for lines with the daemon name postfix/anvil.

ID: xccdf_org.ssgproject.content_group_postfix_server_dos
Child Items: 0
Updated: about 1 year ago