I've been told that the scanner has a limit of 5000 inbound connections at any given time. I am seeing Message Rejected by MTA in my Message Audit logs, for trusted senders. I'm wondering if my Scanner is running into the 5000 connection limit. We are a fairly large site. Two scanners at this location see 40 million spam per day. I have a case open, but I thought I'd ask the community as well.
From Support login, I've run a netstat -n > file command and have imported it into Excel. A piviot table shows
| State |
DNS-Local |
STMP In |
Loopback |
Other |
SMTP Out |
Grand Total |
| CLOSE_WAIT |
|
8 |
|
|
|
8 |
| CLOSING |
|
39 |
|
|
|
39 |
| ESTABLISHED |
5 |
1471 |
28 |
8 |
6 |
1518 |
| FIN_WAIT1 |
|
270 |
|
|
|
270 |
| FIN_WAIT2 |
|
40 |
|
|
|
40 |
| LAST_ACK |
|
13 |
|
|
|
13 |
| SYN_RECV |
|
90 |
|
|
|
90 |
| SYN_SENT |
|
|
|
|
1 |
1 |
| TIME_WAIT |
|
6275 |
|
|
|
6275 |
| Grand Total |
5 |
8206 |
28 |
8 |
7 |
8254 |
Q: Does connections in the Time_Wait status contribute to the 5000 connection limit?
Q: Is it possible to reduce the time connections spend in Time_Wait? I am aware of the STMP / Advanced / Inbound "Session Timeout" setting but I believe that this is idle time between verbs during an open connection (HELO/Mail from/Rcpt to/ etc), and would not affect TCP/IP session timeouts.