OzPHB wrote:the iptables 'recent' module tracks the IP of the attacker/good-guy, and the rule is set to only apply to new, not established or related, so it will not block legitimate connections to your mailserver, even if there are many of them simultaneously. You probably want a count higher than 3, at least initially, to ensure you don't drop valid traffic.
Or lower time? Say, a count 3 on time 1 would block any IP who tries to establish more than 3 per second?