Use Cases & Guidance for Configuring Simultaneous Connections and Idle Timeout

Question

Hello,Wanted to ask for some guidance on configuring the Simultaneous Connections and Idle Timeout parameters, especially for untrusted or Public-Facing SMTP Servers.Didn't find anything on the web, so asked ChatGPT, and this is his response. But I wouldn't take it for granted, so I'm here for some expert opinion1. Internal Mail Server Relaying Mail to FortiMail (e.g., Exchange, Postfix)Scenario: An internal mail server handles high-volume email relay, such as sending newsletters, transactional messages, or processing bulk emails.Recommended Configuration:Max Simultaneous Connections: 20–50Rationale: High-volume mail servers may open multiple simultaneous connections to efficiently deliver a large number of emails. A higher number allows for quicker throughput.Reference: FortiMail’s Session Profile Configuration suggests adjusting connection limits based on your mail system’s throughput requirements.Idle Timeout: 300–600 seconds (5–10 minutes)Rationale: Allows for temporary pauses while the server processes mail, but drops idle connections to optimize resources.2. Partner or Trusted External Mail Server (e.g., B2B Systems, Application Servers)Scenario: External trusted mail servers that send automated system or transactional emails regularly through FortiMail.Recommended Configuration:Max Simultaneous Connections: 10–20Rationale: A moderate limit ensures that trusted external servers can send mail efficiently without overloading FortiMail, while still safeguarding resources.Reference: FortiMail’s Session Profile Configuration offers insights into limiting connections from external sources to prevent abuse.Idle Timeout: 300 secondsRationale: Prevents idle connections from consuming resources for long periods and helps to manage connection slots effectively.3. Untrusted or Public-Facing SMTP Servers (e.g., Mail from the Internet)Scenario: FortiMail serving as an MX server to receive email from the broader internet.Recommended Configuration:Max Simultaneous Connections: 5–10Rationale: Restricting the number of concurrent connections from untrusted sources helps mitigate potential spam or DoS attacks. Lower limits reduce the risk of resource exhaustion.Reference: FortiMail Connection Limits ensure efficient handling of public-facing traffic, helping to prevent overload from unknown sources.Idle Timeout: 120–300 secondsRationale: A shorter idle timeout minimizes the impact of potentially malicious or unresponsive connections, freeing up server resources quickly.

AEK · Answer

One day I had a problem with a remote server, and since then here is what I use as solution for timeouts.

config system mailserver
  set timeout-connect 60
  set timeout-greeting 120
end

I set max concurrent connections per client to 10.

1. Internal Mail Server Relaying Mail to FortiMail (e.g., Exchange, Postfix)

Recommended Configuration:

2. Partner or Trusted External Mail Server (e.g., B2B Systems, Application Servers)

Recommended Configuration:

3. Untrusted or Public-Facing SMTP Servers (e.g., Mail from the Internet)

Recommended Configuration:

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded