You should use fail2ban to block failed login attempts (dovecot, postfix, roundcube) and postfwd to limit outgoing (incoming) e-mails ...
e.g.
Code
- nano /etc/postfix/postfwd.cf
- # limit sasl authenticated user 150 emails 60 minutes
- id=R002
- sasl_username=~/./
- action=rate(sasl_username/150/3600/REJECT 4.7.1 - message rate limit exceeded.)
- # any other
- id=ratelimit006
- sender=~/.*/
- action=rate(recipient_domain/150/3600/REJECT 4.7.1 - message rate limit exceeded.)