How to configure maximum connection time setting?

Unanswered Question
Mar 16th, 2010

Cisco Spam & Virus Block Log  as below :

16 Mar 2010 17:52:53 (GMT +08:00) Protocol SMTP interface Data 2 (Wan Port) (IP 192.168.x.253) on incoming connection (ICID 519210) from sender IP 210.1.2.x. Reverse DNS host verified yes.
16 Mar 2010 17:52:53 (GMT +08:00) (ICID 519210) ACCEPT sender group UNKNOWNLIST match sbrs[-1.0:10.0] SBRS 5.3
16 Mar 2010 17:52:54 (GMT +08:00) Start message 50150 on incoming connection (ICID 519210).
16 Mar 2010 17:52:54 (GMT +08:00) Message 50150 enqueued on incoming connection (ICID 519210) from [email protected].

16 Mar 2010 17:52:54 (GMT +08:00) Message 50150 on incoming connection (ICID 519210) added recipient.

16 Mar 2010 18:07:52 (GMT +08:00) Incoming connection (ICID 519210) disconnected address 202.1.2.x. Maximum connection time exceeded.
16 Mar 2010 18:07:52 (GMT +08:00) Message 50150 aborted: Receiving aborted

how can fix it ? or where can i config maximum connection time ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Martin Eppler Tue, 06/29/2010 - 13:15


this time limit can be set in the GUI under Network -> Listeners -> Edit Global Settings. The parameter you're looking for is most likely the 'Total Time Limit for All Inbound Connections' which is set to 15 minutes by default. However, the posted mail flow is most likely based on a network bandwidth issue where the sending mail server is not able to transmit the data in the session fast enough - or - the message is extremely large in size and cannot be transmitted within 15 minutes.

Even when raising the connection time limit to a higher value seems to be a good idea at the first glance, it is not. Please consider that overly long pending connections will decrease the available pool of 'Maximum Concurrent Connections' configured and you may end up with a decreased performance when increasing the connection time limit without prior analysis why the sending mail server requires too much time to deliver the message in. When the number of concurrent connections is reached, no additional incoming connection will be accepted by the appliance.

In case your 'Timeout for Unsuccessful Inbound Connections' is also configured to 15 minutes (it is 5 minutes by default), then I'd suggest to investigate if Path MTU Discovery (RFC1191) is blocked between the sender and your appliance, as this might also be a valid reason why the sender runs into a timeout as the ICMP response is blocked.

Hope this helps.




This Discussion