Isn’t the real email delayed with this configuration? If your server is under attack with a lot of incoming connections, limiting the number of processes would result in blocking real smtp servers from connecting to you.

I think a better configuration would be to limit the number of incoming smtp connections made form one ip in a certain time interval from the firewall. That would limit the attacks but still let the real email messages in without delay.
You might also want to consider using DNS block lists before accepting a connection but I don’t know how to do this with postfix.