On Thu, Mar 22, 2018 at 1:41 PM, Joseph Tam jtam.home@gmail.com wrote:
On Thu, 22 Mar 2018, Markus Eckerl wrote:
The problem is, that he misconfigured the servers of these customers. In
detail: their servers are trying to fetch email every 2 - 5 seconds. For every email address.
In the past I contacted the technician and told him about his mistake. He was not very helpful and simply told me that he is doing the same configuration since several years at all of his customer servers. Without problems. It is up to me to fix my problem myself.
Seems to me you're bending over backwards to fix someone else's problem, and what you really need is an "attitude adjustment" tool for obnoxious clients who use your service like they're the only ones that matter.
Apart from what others can suggest (I think dovecot allows delegation of usage to a separate policyd service), you can perhaps use firewall throttling e.g.
https://making.pusher.com/per-ip-rate-limiting-with-iptables/
It can't do it per user, but perhaps it is better to set a global limit and let your downstream client better manage and conserve a limited resource.
Might be a good use of the new authpolicy stuff. You could run a local weakforced with 1 minute windows and break auth for certain IPs that do more than one login per minute.