Setting Maximum Service Connections in Kerio Mailserver

When you configure Services in Kerio Mailserver, you can restrict the number of allowed connections. See Service Parameter Settings in Kerio's on-line manual if you aren't already familiar with this.

One of the questions I often get is how to set those service limits. For example, how many concurrent https connections should we allow? You could just set it to an arbitrarily high number, but that can expose you to Denial of Service attacks where the machine is so busy with https that it can't do much else. On the other hand, you don't want your users unable to connect because you have set it too low.

There's no absolute answer, but I'd start with 5 times the number of users. That's probably much more than you need, but we can easily check how many are actually being used. For Mac and Linux, the tool we need is "lsof". You'll run this as root:

lsof -i:https | wc -l
lsof -i:25 | wc -l

The first will tell you how many https connections are open right now. The second counts smtp (port 25) connections. Note that we can use service names or port numbers.

Replace "wc -l" with "more" to see the actual connections.

For Windows, it's not so easy. A "netstat -a" will show posts, but that's hardly convenient. This Cports utility looks a little better, but like most Windows tools, it does both more and less than we want. No, I don't like Windows, really I do not. But this could just be my ignorance: there may be an easy way to duplicate the ease and power of lsof - or maybe even someone has taken the trouble to port it? Please leave a comment if you know an easy way to do this in Windows.

Anyway,, if I had 50 Kerio mail users, I might set the number of concurrent https connections to 250. Random "lsof -i:443 | wc -l" invocations might show me that usually there are 100 or so connections in use, so I might drop it to 150 if that were true. I'd want to count these during high activity periods: 9:00 AM, just after lunch, perhaps again in the late afternoon. That should give me a good idea of what is normal for these users. I'll want to add a few extra to allow for growth and unusual usage days.

The same tools can be used for every service. If you don't get a lot of inbound mail, you might limit smtp more than https. If you hardly every use NNTP, that can be throttled down.

Be sure to watch logs to be sure your users usage patterns haven't changed.

Got something to add? Send me email.

(OLDER) <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> -> Setting Maximum Service Connections in Kerio Mailserver

Increase ad revenue 50-250% with Ezoic

More Articles by

Find me on Google+

© Anthony Lawrence

Kerio Connect Mailserver

Kerio Samepage

Kerio Control Firewall

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us

privacy policy