Typical mail server with Postfix and Dovecot if well configured, rejects efficiently vast majority of spammers attempts. There are two things though, which are not dealt with in typical configurations I worked with:
- scripts that attempt "forever", even if not DOSing the server, they still waste resources
- brute force attempts, to which the same as above applies plus the potential threat of eventually breaking-in
I've checked the ubiquitous fail2ban
approach but it never really won my heart ;-) Feels "brittle" (to say the least) to me. Now, that's not to denigrate the work that went into fail2ban
and it's supplied jails/configs. It's just that depending on parsing logs, which nobody (?) can guarantee to remain the same, for security related aspects doesn't rank high in my books. I've also found a few settings in:
https://www.postfix.org/TUNING_README.html
especially:
https://www.postfix.org/TUNING_README.html#slowdown
yet it's not exactly what I'd be looking for. Namely banning the offenders quickly, without generally affecting the server's performance. Right – something like fail2ban
but without its downsides ;-)
I can imagine a kind of "reverse proxy" for mail services, which would take on the external traffic, track IP addresses and talk to Postfix/Dovecot, handling responses/errors on protocol level w/o resorting to logs parsing.
Or what would you suggest?