APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Setting Maximum Service Connections in Kerio Mailserver

When you configure Services in Kerio Mailserver, you can restrict the number of allowed connections. See Service Parameter Settings in Kerio's on-line manual if you aren't already familiar with this.

One of the questions I often get is how to set those service limits. For example, how many concurrent https connections should we allow? You could just set it to an arbitrarily high number, but that can expose you to Denial of Service attacks where the machine is so busy with https that it can't do much else. On the other hand, you don't want your users unable to connect because you have set it too low.

There's no absolute answer, but I'd start with 5 times the number of users. That's probably much more than you need, but we can easily check how many are actually being used. For Mac and Linux, the tool we need is "lsof". You'll run this as root:


lsof -i:https | wc -l
lsof -i:25 | wc -l
 

The first will tell you how many https connections are open right now. The second counts smtp (port 25) connections. Note that we can use service names or port numbers.

Replace "wc -l" with "more" to see the actual connections.

For Windows, it's not so easy. A "netstat -a" will show posts, but that's hardly convenient. This Cports utility looks a little better, but like most Windows tools, it does both more and less than we want. No, I don't like Windows, really I do not. But this could just be my ignorance: there may be an easy way to duplicate the ease and power of lsof - or maybe even someone has taken the trouble to port it? Please leave a comment if you know an easy way to do this in Windows.

Anyway,, if I had 50 Kerio mail users, I might set the number of concurrent https connections to 250. Random "lsof -i:443 | wc -l" invocations might show me that usually there are 100 or so connections in use, so I might drop it to 150 if that were true. I'd want to count these during high activity periods: 9:00 AM, just after lunch, perhaps again in the late afternoon. That should give me a good idea of what is normal for these users. I'll want to add a few extra to allow for growth and unusual usage days.

The same tools can be used for every service. If you don't get a lot of inbound mail, you might limit smtp more than https. If you hardly every use NNTP, that can be throttled down.

Be sure to watch logs to be sure your users usage patterns haven't changed.



Got something to add? Send me email.





(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> -> Setting Maximum Service Connections in Kerio Mailserver




Increase ad revenue 50-250% with Ezoic


More Articles by

Find me on Google+

© Anthony Lawrence



Kerio Connect Mailserver

Kerio Samepage

Kerio Control Firewall

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us





I can’t go to a restaurant and order food because I keep looking at the fonts on the menu. (Donald Knuth)

The idea that Bill Gates has appeared like a knight in shining armour to lead all customers out of a mire of technological chaos neatly ignores the fact that it was he, by peddling second rate technology, led them into it in the first place, and continues to do so today. (Douglas Adams)







This post tagged: