postfix: add rate-limiting exceptions for our own nodes

This commit is contained in:
Armaël Guéneau 2024-11-19 20:13:12 +01:00
parent e5cc0db639
commit 31568fc8a2
2 changed files with 19 additions and 2 deletions

View file

@ -83,11 +83,14 @@ smtpd_forbid_unauth_pipelining = yes
smtpd_discard_ehlo_keywords = chunking smtpd_discard_ehlo_keywords = chunking
smtpd_forbid_bare_newline = yes smtpd_forbid_bare_newline = yes
smtpd_client_connection_rate_limit = 2
#=== #===
# Rate limiting # Rate limiting
#=== #===
smtpd_client_connection_rate_limit = 2
# do not rate-limit ourselves
# in particular, useful for forgejo who opens a lot of SMTP connections
smtpd_client_event_limit_exceptions = $mynetworks /etc/postfix/rate-limit-exceptions
slow_destination_recipient_limit = 20 slow_destination_recipient_limit = 20
slow_destination_concurrency_limit = 2 slow_destination_concurrency_limit = 2

View file

@ -382,6 +382,20 @@ job "email" {
destination = "secrets/postfix/transport" destination = "secrets/postfix/transport"
} }
template {
data = <<EOH
{{- range ls "diplonat/autodiscovery/ipv4" }}
{{- with $a := .Value | parseJSON }} {{ $a.address }}
{{- end }}
{{- end }}
{{- range ls "diplonat/autodiscovery/ipv6" }}
{{- with $a := .Value | parseJSON }} [{{ $a.address }}]
{{- end }}
{{- end }}
EOH
destination = "secrets/postfix/rate-limit-exceptions"
}
# --- secrets --- # --- secrets ---
template { template {
data = "{{ with $d := key \"tricot/certs/smtp.deuxfleurs.fr\" | parseJSON }}{{ $d.cert_pem }}{{ end }}" data = "{{ with $d := key \"tricot/certs/smtp.deuxfleurs.fr\" | parseJSON }}{{ $d.cert_pem }}{{ end }}"