From 94514235cdb545559d64360109ee95230384a1f4 Mon Sep 17 00:00:00 2001
From: Deon George <deon@dege.au>
Date: Fri, 25 Apr 2025 16:06:55 +1000
Subject: [PATCH] Use sender verification instead of recipient verification,
 limit connections

---
 include/01-custom.cf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/01-custom.cf b/include/01-custom.cf
index 66ec6d6..7b9c5ec 100644
--- a/include/01-custom.cf
+++ b/include/01-custom.cf
@@ -1,4 +1,5 @@
 smtp_host_lookup = native,dns
+smtpd_client_connection_rate_limit = 5
 message_size_limit = 25600000
 queue_minfree = 51200000
 smtpd_helo_required = yes
@@ -24,10 +25,9 @@ smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, rej
 #reject_rhsbl_helo           @SPAMHAUS_DQS_KEY@.zrd.dq.spamhaus.net=127.0.2.[2..24],
 #reject_rhsbl_reverse_client @SPAMHAUS_DQS_KEY@.zrd.dq.spamhaus.net=127.0.2.[2..24],
 #reject_rbl_client           @SPAMHAUS_DQS_KEY@.zen.dq.spamhaus.net=127.0.0.[2..255],
-  reject_unverified_recipient,
   check_policy_service unix:private/policyd-spf
 rbl_reply_maps = lmdb:/etc/postfix/custom/dnsbl-reply-map
-smtpd_sender_restrictions = permit_sasl_authenticated, check_sender_access lmdb:/etc/postfix/custom/sender_access, reject_non_fqdn_sender, reject_unknown_sender_domain
+smtpd_sender_restrictions = permit_sasl_authenticated, check_sender_access lmdb:/etc/postfix/custom/sender_access, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unverified_sender
 unverified_recipient_reject_code = 450
 unverified_recipient_reject_reason = No user at this address
 postscreen_greet_action = enforce