Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Wednesday, October 20, 2010

To anyone who bought a 3Com NIC

One of the reasons Unix system appear to work better than windows is they
have better defaults.  Unix (freebsd, hpux etc) have the TcpTimedWaitDelay
set to 30 and the MaxUserPort set rather high.
The TcpTimedWaitDelay sets the time after a connection is closed that the
system will wait until that socket is available again.  MaxUserPort sets the
highest port number (there are 65k ports) that can be used by an application
(imail) User ports start around 1024.  With windows defaults if you were
under a dictionary attack and had around 4k connections (at once) it would
be about 4 minutes until the next connection could occur. Since normal mail
does not have thousands of connections at once you normally only see the
errors occurring in the logs every so often. I use 30 for my time wait and
65534 for my max port and do not have any errors occurring.  I also found
that the Imail SMTP Advanced option of Delay between recipients should be
set to 0, the delay actually occurs before the recipient so if it was set to
60 it would cause imail to run and wait 60 seconds (with the socket open)
before accepting the message causing even more overhead.  These settings
will help all windows server applications.

Thanks, Doug
Sanford Whiteman's post about TCP registry settings:
I've  narrowed  it  down  to  too  many  TCP  sockets remaining in a time_wait state during mail delivery.

Clearing TIME_WAIT sockets more quickly:


Data type

0x1E 0x12C (30–300 seconds)

Default value
0xF0 (240 seconds = 4 minutes)

Allocating more outbound (client) sockets:


Data type


Default value
SpamAssassin plugs into Declude!

Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases!
After changing these two values 
(TcpTimedWaitDelay: 60 seconds /
MaxUserPort > = 25000 ports) 
there was not more one single "MX connect failed" or "status=3" in the logfiles. 
All messages was delivered immediately.

No comments: