postfix: raise smtpd_client_connection_rate_limit 10 → 100

[prim-8]

Summary

• Raises smtpd_client_connection_rate_limit from 10 to 100 connections per anvil_rate_time_unit (60s)
• Adds a comment explaining the reasoning

Why

Load testing with 20 concurrent users all originating from a single source IP hit the 10-connection-per-minute limit during ramp-up. Users 11–20 had their initial connections reset, producing ~9 consistent connection-level errors per ramp-up window regardless of NLB path. This was identified by cross-referencing the consistent error count across Run 3 and Run 4 with the anvil rate limit configuration.

100 connections per minute is still protective against external DoS while giving realistic headroom for load testing at 50+ concurrent users.

Test plan

• Deploy updated image to staging
• Run full suite at 20+ users — expect ramp-up connection resets to drop from ~9 to ~0
• Confirm sustained phase error rate improves accordingly

[greptile-apps]

Greptile Summary

This PR raises smtpd_client_connection_rate_limit from 10 to 100 connections per anvil_rate_time_unit (60 s) and adds an inline comment documenting the rationale. The existing smtpd_client_message_rate_limit = 50 still caps message throughput per IP, so the relaxed connection rate does not proportionally increase spam capacity.

Confidence Score: 5/5

Safe to merge — single-line config change with clear justification and complementary rate limits intact.

No logic errors, security regressions, or correctness issues. The change is well-scoped, thoroughly explained, and the remaining rate limits (message, recipient, concurrent connection count) continue to constrain abuse potential.

No files require special attention.

Important Files Changed

Filename	Overview
postfix/postfix-main.cf.template	Raises smtpd_client_connection_rate_limit from 10 to 100 with a clear explanatory comment; no other settings changed.

_{Reviews (2): Last reviewed commit: "postfix: raise smtpd_client_connection_r..." | Re-trigger Greptile}