Hi All,
Brand new here :)
I need a hand to an issue I am having with my Fortimail appliance, where large volume emails (legitimate!) are being refused by Fortimail.
Error:
Deferred Queue (host %FORTIMAIL%[%FORTIMAIL IP%] refused to talk to me: 421 4.7.0 Too many concurrent connections.)
This is doing my head in, as I cannot find the option anywhere to increase throttling!
Fortimail: 400E
My Session and SMTP limits are put to the maximum, but the issue still persist. I keep reading the cookbook, but I cannot find where to increase throttling overall, or for a particular SMTP address (That would be FireEye in our case).
Any ideas or pointers?
Many thanks,
Fred
Solved! Go to Solution.
Hi Fred,
smtp connections is a matter related with sessions, look your logs in order to get info about which policy is triggering that message.
After identified the relevant access list/policy, dig into session profile controlling it.
regards
/ Abel
Session Profile: Conection Settings ---> Maximum concurrent connections for each client:
Hi Fred,
smtp connections is a matter related with sessions, look your logs in order to get info about which policy is triggering that message.
After identified the relevant access list/policy, dig into session profile controlling it.
regards
/ Abel
Session Profile: Conection Settings ---> Maximum concurrent connections for each client:
Thank you both for the quick reply.
So, I checked my Session settings. I already have my SMTP limits set to match Exchange (1000 mails/session, 2000 recipients session). These limits are way over any scenarios for mass mails.
Now, following the last comment, Max concurrent connections for each client is set to 10 (default I believe), but that is for local clients, not SMTP inbound right?
Thanks again,
Fred
Max Concurrent connections is for each IP connecting... Incoming e-mail usually won't have multiple connections unless it's spammers. Are you running into this on inbound or outbound mail?
Typically you set max-conn and max-delivery per mail-sender. This will help reduce "abuse" and not really for spam since the sender should already be denied by the AS-functions.
FWIW if you have trusted mail-sender that relay thru make sure to trust or eliminate any max-connection or other throttling .
Ken
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.