Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
LoopingFred
New Contributor

Fortimail - 421 4.7.0 Too many concurrent connections

Hi All, 

 

Brand new here :)

 

I need a hand to an issue I am having with my Fortimail appliance, where large volume emails (legitimate!) are being refused by Fortimail.

Error: 

Deferred Queue              (host %FORTIMAIL%[%FORTIMAIL IP%] refused to talk to me: 421 4.7.0 Too many concurrent connections.)

This is doing my head in, as I cannot find the option anywhere to increase throttling!

Fortimail: 400E

My Session and SMTP limits are put to the maximum, but the issue still persist. I keep reading the cookbook, but I cannot find where to increase throttling overall, or for a particular SMTP address (That would be FireEye in our case).

Any ideas or pointers?

 

Many thanks, 

 

Fred

2 Solutions
abelio
Valued Contributor

Hi Fred,

smtp connections is a matter related with sessions, look your logs in order to get info about which policy is triggering that message.

After identified the relevant access list/policy, dig into session profile controlling it.

 

regards


__ Abel

View solution in original post

Bromont_FTNT

 

Session Profile: Conection Settings ---> Maximum concurrent connections for each client: 

View solution in original post

5 REPLIES 5
abelio
Valued Contributor

Hi Fred,

smtp connections is a matter related with sessions, look your logs in order to get info about which policy is triggering that message.

After identified the relevant access list/policy, dig into session profile controlling it.

 

regards


__ Abel

Bromont_FTNT

 

Session Profile: Conection Settings ---> Maximum concurrent connections for each client: 

LoopingFred

Thank you both for the quick reply.

 

So, I checked my Session settings. I already have my SMTP limits set to match Exchange (1000 mails/session, 2000 recipients session). These limits are way over any scenarios for mass mails.

 

Now, following the last comment, Max concurrent connections for each client is set to 10 (default I believe), but that is for local clients, not SMTP inbound right?

 

Thanks again, 

 

Fred

Bromont_FTNT

 

Max Concurrent connections is for each IP connecting... Incoming e-mail usually won't have multiple connections unless it's spammers. Are you running into this on inbound or outbound mail?

emnoc
Esteemed Contributor III

Typically you set max-conn and max-delivery per mail-sender. This will help reduce "abuse" and not really for spam since the sender should already be denied by the AS-functions.

 

 

FWIW if you have trusted  mail-sender that relay  thru make sure to trust or eliminate any max-connection or other throttling .

Ken

 

PCNSE 

NSE 

StrongSwan