From 71fb4a4f845a6d4a58f010e5d3146ab8406ead78 Mon Sep 17 00:00:00 2001
From: prim-8 <prim-8@users.noreply.github.com>
Date: Mon, 4 May 2026 14:33:36 -0700
Subject: [PATCH] =?UTF-8?q?postfix:=20raise=20smtpd=5Fclient=5Fconnection?=
 =?UTF-8?q?=5Frate=5Flimit=2010=20=E2=86=92=20100?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 postfix/postfix-main.cf.template | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/postfix/postfix-main.cf.template b/postfix/postfix-main.cf.template
index c8e44b7..6a90044 100644
--- a/postfix/postfix-main.cf.template
+++ b/postfix/postfix-main.cf.template
@@ -31,7 +31,11 @@ command_time_limit = 30s
 maillog_file = /var/log/postfix.log
 
 # Rate limiting - prevent abuse/DoS
-smtpd_client_connection_rate_limit = 10
+# Connection rate limit is per source IP per anvil_rate_time_unit.
+# 10 was too low for load testing (20 concurrent users from one IP exhausted
+# the limit in ~10s, causing connection resets for users 11-20). 100 allows
+# realistic concurrency headroom while still protecting against DoS.
+smtpd_client_connection_rate_limit = 100
 smtpd_client_message_rate_limit = 50
 smtpd_client_recipient_rate_limit = 100
 anvil_rate_time_unit = 60s