Show/Hide Toolbars

To get to this page, to to ServicesSMTP Server → Load Limiting

smtp_loadlimiting_zoom50

VPOP3 accepts multiple SMTP connections at once. Especially if you allow access from outside your network, this has the potential to allow remote computers to perform a Denial Of Service (DOS) attack on VPOP3, because it can be forced to process lots of messages at once. The Load Limiting settings for the SMTP service allow you to restrict how many SMTP connections VPOP3 will handle at once. Excess connections are refused with an SMTP error indicating the sender should try again later. For incoming mail this should not cause a problem because legitimate senders will be prepared for this type of behaviour so will simply queue the message and try sending it again a few minutes later.

It can be tempting to increase these limits, but doing so can be counterproductive. Increasing the limits too far will cause VPOP3 to process messages slowly, which may mean that the message sender times out and retries the message later. In this case, VPOP3 will still continue to process the original message, so now VPOP3 has to process that message twice (or more times) increasing the server load further, slowing things down further, meaning more senders time out, and so on.

The Maximum Incoming Sessions setting tells VPOP3 how many incoming connections it should allow. At connection time VPOP3 determines whether a connection is local or not from the IP Access Restrictions - any IP address which is allowed to send anonymously (with Allow Unauth enabled) is considered to be a local address. Some of these allowed sessions may be reserved for specific IP addresses - see below. So, the number available to arbitrary senders is the Maximum Incoming Sessions - Number of Sessions to Reserve.

For the next four settings, VPOP3 decides whether the connection is local or not depending on whether the IP address is allowed to send outgoing messages, so if the IP address is allowed to send anonymously or the user has authenticated, then the session is a local session not an incoming session.

The Maximum messages per incoming session setting tells VPOP3 how many messages are allowed in a single incoming connection. Usually this would be quite small, because a particular sender shouldn't send many messages to you, but if your incoming mail arrives via a third party SMTP relay server, you may want to increase this number.

The Maximum messages per local session setting tells VPOP3 how many messages are allowed in a single local session. Usually this would be quite small because users will generally only send one or two messages at once. If you have an automated program which sends lots of messages in a single session, you may want to increase this number.

The Maximum recipients per incoming message setting tells VPOP3 how many recipients are allowed in a single incoming message. This is the number of RCPT TO commands, so if an incoming message is to a VPOP3 list, that will only count as one recipient, even though there may be many final recipients.

The Maximum recipients per local message setting tells VPOP3 how many recipients are allowed in a single locally sent message.

The Maximum Incoming Sessions per client setting tells VPOP3 how many connections are allowed from a single IP address. Usually this will be a small number to try to prevent a single remote computer from taking up all the available connections. If your incoming mail arrives via a third party SMTP relay server, you may want to increase this number. In this case whether a connection is local or not is the same as for the Maximum Incoming Sessions setting.

The Reserve Sessions for and Number of Sessions to Reserve options let you specify that a number of the available incoming sessions are reserved for particular IP addresses. So, in the example above, 50 incoming sessions are allowed. 20 of those are for arbitrary IP addresses, and 30 are reserved for the IP addresses 192.168.1.10 and 192.168.1.11. There is no way to reserve one quantity to one IP address and a different quantity to a different IP address, the reserved connections go into a 'pool' which can be used by any of the specified IP addresses. * and ? wildcards are allowed in the Reserve Sessions for setting - eg 192.168.1.* would reserve connections for any IP addresses in the 192.168.1.0/24 network.

 

The Send SMTP Keep Alive response every x seconds is an option to tell VPOP3 to send interim SMTP responses every few seconds to the message sender while a message is being processed. This can prevent the sender timing out the connection, but is not recommended because it can cause interoperability problems. Firstly, some mail sender do not support interim SMTP responses after message content has been sent, and secondly the way this option does things does not strictly conform to the SMTP standards (it is allowed to send interim SMTP responses, but the response code should be the same as the final response, and because VPOP3 does not know the final response the interim responses may have a different response code - most email senders seem to use the last response code meaning it works OK, but this may not always be the case).

 

 

If you think this help topic could be improved, please send us constructive feedback