You encounter the following error message and the internal Mail Transfer Agents fail to deliver mails on InterScan Messaging Security Virtual Appliance (IMSVA).
Connection concurrency limit exceeded
The Postfix mail log shows the following:
/var/log/maillog "postfix/smtpd: warning: Connection concurrency limit exceeded: 101 from unknown[10.240.104.44] for service smtp”
This means client 10.240.104.44 has already established the 100th connection and tried to establish the 101st connection.
The issue happens because specific MTAs create too many connections to IMSVA simultaneously. IMSVA then blocks the connection and attempts to protect itself.
The setting for connection concurrency limit is smtpd_client_connection_count_limit in main.cf. The default value is 50.
For more information on Postfix configuration, refer to the following topic: Postfix Configuration Parameters.
Note: The parameter smtpd_client_connection_count_limit should not be used to limit legitimate traffic otherwise mails will be delayed. The limits are designed to protect the smtpd(8) server against abuse by out-of-control clients.
To resolve the issue:
- Log in to the IMSVA web console.
- Go to Administration > IMSVA Configuration > SMTP Routing > Message Rule.
- Under Permitted Senders of Relayed Mail, select Specified IP addressesand add any of the following IP addresses:
- Click Save.
This will add the IP addresses to "mynetworks" parameter in the main.cf file.
- Make sure the parameter smtpd_client_event_limit_exceptions has not been modified manually:
- Log in to IMSVA with root privileges through the local console or an SSH connection.
- Run the following commands:
# postconf |grep smtpd_client_event_limit_exceptions
smtpd_client_event_limit_exceptions = $
The output should be as follows: