Kerio® connect mail server has several tuning features that can help improve mail server performance and may even help eliminate some spam. Unfortunately, setting these features requires careful analysis and thought. You can't just charge into this without knowing what you are doing and why you are doing it.
Please also note that I cannot make specific recommendations for your server because even the data analysis is not sufficient to make these decisions: you also need to know the habits of your users and their email correspondents.
However, there are real gains to be made, so this can be worth your time and trouble. With all that in mind, let's dive in and look at some of your options.
SMTP Server Options
The first place we'll look is in the Security Options tab of Configuration->SMTP Server.
Here we have set a very low number of concurrent SMTP connections from one IP address. That's probably far too low for most businesses, but in this particular case the server only handles two users, so it is unlikely that a sending server should need or want to make a great deal of simultaneus connections.
Note that if a server did try more than five, mail should not be lost, only delayed. The length of the delay depends on their configuration. Under extremely pathological conditions, mail could end up being permanently rejected if the sending server had reason to keep trying more than five connections and the excess connections always were for the same message. At some point (dependent upon them, again), they'd give up.
You'd think we might also set a low number for the maximum number of messages per hour from one address, but that's not necessarily wise: consider an active conversation where two or more people are emailing back and forth for some period of time. If the maximum per hour is set too low, it could interfere with that conversation.
Another place where we can set limits is in each service that we accept:
If set too high, someone could tie up all your resources in a DOS (Denial of Service) attack. Every process and every thread requires RAM and CPU and may need disk access also; an excessive number of SMTP connections could tie up your system enough to make user's HTTP or IMAP access muddy and slow.
However, setting lower limits can cause a service specific denial of service. You are protecting the system resources, but if there are 200 legitimate connnections and you have set the limit at 100, you are creating a denial of service for that specific service. If set too low, you could cause delayed mail, frustrated users and even lost mail due to rejections.
How can you decide how to set these limits? Some clues can come from Status->Charts:
For example, here we see that most of the time, SMTP connections were well under 100, only peaking above that rarely. That chart is in 30 minute intervals, so concurrent connections were likely far less. We could go back to the logs to see what actually happened during those peaks; in this case the spikes were caused by spammers.
What happens when spammers get temporarily rejected? Well, they may do what a legitimate mail server would do: come back and try again at a later time. On the other hand, they may not, but even if they do, temporary rejections may still have value as annoyance and providing a little more time for a new spammer to get added to a real-time blacklist. Limiting also prevents one service from hogging all the servers time (though of course it doesn't prevent your network from being swamped by attempts)
If your limits are exceeded, you will see a message in the "Warning" log:
[30/May/2012 15:09:48] Connection attempt to service HTTPS from IP
address 184.108.40.206 rejected: too many connections. Connection
limit is 10.
If you don't have any POP3 users, you'd probably shut that off entirely. If you don't expect to have any but think that possibly someone might have to configure one temporarily or on an emergency basis, you might leave it enabled but severely limit the maximum connections (and remember that current versions can also limit specific users from specific services).
Operating System Reports
Your operating system can give you more insight into connections and resource usage. Tools like Linux "sar", Windows Performance Monitor and Mac Activity Monitor can show you snapshots and historical data as can system logs.
Even a simple script like this can be useful (Linux or Mac):
# while true
> lsof -i:25 | wc -l
> sleep 15
That just counts SMTP connections every 15 seconds. It could give you a quick feel for what's normal on your server.
The Status-> Active Connections can also show you what's happening now.
Given all those sources of information, you should be able to apply reasonable limits. You should allow for growth and you need to keep an eye on these over time as your needs may change.
Also see Optimizing spam protection in Kerio MailServer at Kerio's Knowledge Base.
If this page was useful to you, please help others find it:
Kerio®, and related trademarks, names and logos are the property of Kerio Technologies, Inc. and are registered and/or used in the U.S. and other countries. Used under license from Kerio Technologies, Inc.
More Articles by Anthony Lawrence
- Find me on Google+
Have you tried Searching this site?
Unix/Linux/Mac OS X support by phone, email or on-site:
This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.
Publishing your articles here
Jump to Comments
Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.
Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.
We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.