What to set for Max Inbound Connections? 100? 200?

What to set for Max Inbound Connections? 100? 200?

Post by Paul » Sun, 15 Dec 2002 10:54:33



We have Exchange 5.5, sp4
A month ago we fixed our server to stop relaying spam.

We have an internal email app that sends administrative
alerts which has begun failing with a Max Connections
Reached message because of all the spammers that are
connecting to our server to attempt to relay and are being
blocked.

We had Max Incomming Connections set to 30, and set it to
100.  This allowed our internal app go get a connection
and function properly, however we are getting hammered by
these attempts to relay (approx 72,000 per hour)!

Watching the connections using perfmon this evening we see
that the inbound connections increase to over 80, and we
do not know how high it will go yet on a heavy day. SO:

What to use for Max Inbound Connections?

Is there a way to stop these "people" from connecting to
us?  It's got to be killing our server's performance.

Thanks

 
 
 

What to set for Max Inbound Connections? 100? 200?

Post by Rich Matheisen [MVP » Mon, 16 Dec 2002 01:05:34



>We have Exchange 5.5, sp4
>A month ago we fixed our server to stop relaying spam.

>We have an internal email app that sends administrative
>alerts which has begun failing with a Max Connections
>Reached message because of all the spammers that are
>connecting to our server to attempt to relay and are being
>blocked.

>We had Max Incomming Connections set to 30, and set it to
>100.  This allowed our internal app go get a connection
>and function properly, however we are getting hammered by
>these attempts to relay (approx 72,000 per hour)!

Are you sure you're not still listed in some DNS bloacklist? Spammers
use them to locate open relays, just like we should use them to block
open relays.

Quote:>Watching the connections using perfmon this evening we see
>that the inbound connections increase to over 80, and we
>do not know how high it will go yet on a heavy day. SO:

>What to use for Max Inbound Connections?

>Is there a way to stop these "people" from connecting to
>us?  It's got to be killing our server's performance.

Block the IP address so a connection is never accepted. Do it at the
firewall and your server will never see a thing for them again.

www.spews.org has two IPChains formatted lists of addresses and
networks you can use. That should knock off quite a few of the SOB's.

But you'll have to resort to third-party software on Exchange, or put
a SMTP relay out front and fit it with the appropriate software
(Linux, SpamAssassin, sendmail, procmail, qmail, etc.) to work with
DNS blacklists (relays.osirusoft.com, bl.spamcop.net, etc.).

--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm

 
 
 

What to set for Max Inbound Connections? 100? 200?

Post by Paul W » Tue, 17 Dec 2002 08:25:33


Thanks Rich,
Yes I have checked make sure I am not on any blacklists,
no problem there.  They must still have my address from
before.  I will see if I can grab all their IP addresses
from the logs, and put those in my firewall as you
suggested.  
I'm not familliar enough with Exchange to add the third
party software you suggested.  Some kind of auto-blocking
of attempted relayers would be an excellent feature for
Exchange.

I would still like to find out what a reasonable figure
would be for Max Inbound Connections.  What do you use?

>-----Original Message-----

>>We have Exchange 5.5, sp4
>>A month ago we fixed our server to stop relaying spam.

>>We have an internal email app that sends administrative
>>alerts which has begun failing with a Max Connections
>>Reached message because of all the spammers that are
>>connecting to our server to attempt to relay and are
being
>>blocked.

>>We had Max Incomming Connections set to 30, and set it
to
>>100.  This allowed our internal app go get a connection
>>and function properly, however we are getting hammered
by
>>these attempts to relay (approx 72,000 per hour)!

>Are you sure you're not still listed in some DNS

bloacklist? Spammers

- Show quoted text -

Quote:>use them to locate open relays, just like we should use
them to block
>open relays.

>>Watching the connections using perfmon this evening we
see
>>that the inbound connections increase to over 80, and we
>>do not know how high it will go yet on a heavy day. SO:

>>What to use for Max Inbound Connections?

>>Is there a way to stop these "people" from connecting to
>>us?  It's got to be killing our server's performance.

>Block the IP address so a connection is never accepted.
Do it at the
>firewall and your server will never see a thing for them
again.

>www.spews.org has two IPChains formatted lists of
addresses and
>networks you can use. That should knock off quite a few
of the SOB's.

>But you'll have to resort to third-party software on
Exchange, or put
>a SMTP relay out front and fit it with the appropriate
software
>(Linux, SpamAssassin, sendmail, procmail, qmail, etc.) to
work with
>DNS blacklists (relays.osirusoft.com, bl.spamcop.net,
etc.).

>--
>Rich Matheisen
>MCSE+I, Exchange MVP
>MS Exchange FAQ at

http://www.swinc.com/resource/exch_faq.htm

- Show quoted text -

Quote:>.

 
 
 

What to set for Max Inbound Connections? 100? 200?

Post by Rich Matheisen [MVP » Tue, 17 Dec 2002 11:26:02



>Thanks Rich,
>Yes I have checked make sure I am not on any blacklists,
>no problem there.  They must still have my address from
>before.  I will see if I can grab all their IP addresses
>from the logs, and put those in my firewall as you
>suggested.  
>I'm not familliar enough with Exchange to add the third
>party software you suggested.  Some kind of auto-blocking
>of attempted relayers would be an excellent feature for
>Exchange.

>I would still like to find out what a reasonable figure
>would be for Max Inbound Connections.  What do you use?

When we ran 5.5 I think I allowed about 100 inbound connections and
about 50 outbound on each of the three servers that handles SMTP mail.
On occasions when spammers would *the inbound connections I'd
open 'em up a bit more until the problem was over (or until I got fed
up and blocked their IP address or domains).

The servers were Dell 4200's with 256MB and 512MB of memory and
2x300MHz CPU's.

--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.veryComputer.com/

 
 
 

What to set for Max Inbound Connections? 100? 200?

Post by Paul » Tue, 17 Dec 2002 17:29:55


I should be fine with 100 inbound then, Thanks again Rich.
 
 
 

1. SMTP Settings - Max no. of inbound connections

We are having problems with people not being able to
connect to port 25 on our server...only about 20% of
attempts are accepted. This situation has just cropped up
this week, and is already critical.

I would like to know what the real effect on my server
will be to change the "Max no. of inbound connections" and
the "max no. of connections to a single host". What are
the disk space/processor/memory effects of increasing
these numbers?

Thanks!

2. Connect Outlook 2001 (mac) to Exchange server 5.5

3. Article Q225538 "Max No. of Inbound Connections",

4. Outlook98 / Exchange 5.5 Signatures

5. outlook 200 and exchange 200 error

6. Proposed Network Setup

7. IMS Inbound Connection limit setting on Exchange 5.5

8. exchange 5.5 server name change....

9. Setting the sharing of 100 calenders efficiently?

10. Max Connections

11. Max Message Size Setting for DL

12. Set the max number of user accessing the Organization form library

13. max mailbox size, max pub folder size