7th July 2013 20:27Hrs Sockets, sockets, SOCKETS and sockets !! reduce and clear unused sockets as quick as possible. You really only need to give then leway if you are using a dialup connection on your server, which your not. Apache keepalive should be a maximum of 30, probably more like 15 on your connection. I use keepalive 30 in inetcfg.ini simply as I have no need or reason to lower that value but you can reduce it to 10 for a loaded server. I normally set Apache's keep alive to the same value as is in inetcfg.ini This impacts ALL other tcpip programs. The lower Keepalive is, the quicker sockets will be returned to the pool. Not many servers or connections will be so slow that they need to keep a socket open in idle state for 30 seconds these days, unless there is an outage. A lot of the above information has been written down by myself with sums done in my head, if something isnt correct let me know and I'll correct it. It's the weekend, I've been busy, so forgive the grammar but let me know and I'll fix it. WEASEL ====== OS/2 has finite resources, it was never ment to be a big commercial server grade operating system but it certainly does a good job for a small enterprise. NOTE: Figures are rounded up, pointless being precise. Setup Basic tab =============== SMTP Timeout = 15 but depends on your connection speed/lag etc Max users = ie, 10,000 incoming SMTP connections per day = 417 per hour = 7 per minute give each connection 15 seconds to be idle, and say 10 seconds to send data on average will give you a round figure of say 30 seconds per SMTP connection on average so you are looking at a figure of 14 users, double this number for an ideal world = 30 ! 10,000 SMTP connections per DAY = 30 users 100,000 = 300 users 1,000,000 = 3000 Fix your firewall or get a Unix box with big stuff. 10,000,000 = Fix your firewall or get a Unix box with big stuff. I let the firewall remove a lot of junk SMTP connections and that should always be the first place you look to shape what is going to hit your server applications. POP Timeout = 15 but depends on your connection speed/lag etc AND the customers connection. If you have webmail on the same server, set this for 30-60, also set the webmail POP refresh rate for 3 to 5 MINUTES. Max users = see above but users should only be checking email at a greater setting than 1 minute, ALL my users are told they face being blacklisted if they set it for anything smaller than 5 minutes as its for their own protection. Mobile users are directed to there manual for setting up POP check times. If a mobile user doesnt change there POP check time from something stupid like 30 seconds I LOCK there acccount for 5 minute periods then tell them it's due to contention between their desktop client and their mobile phone trying to access the account at the same time, just make sure they are using both, easy to do using a firewall remote GUI IMAP ==== Timeout = 180 (I only have one person using IMAP) It's normally a good idea to have a higher IMAP timeout anyway due to the increased number of reads etc to be done off the HD but I could probably reduce 180 lower, just make sure you have an equal or lower setting in your webmail or IMAP client. Logging ======= I log to one file only, on a SEPERATE harddisk with the least access/write usage. I do not log to screen as I normally only check the logs across the network, when I do check logs I want to see more than just a screens worth. Filters ======= If you use a cmd file for filtering, consider converting it to an EXE using REXX2EXE. Options 1 ========= Bad password limit ticked and 5 limit POP login authenticates SMTP for is NOT ticked as I dont have external SMTP users. makes it easier to blacklist those trying to auth SMTP from outside :) Options 2 ========= Number of outbound mail threads = 16 outbound threads finish quickly, if not then they timeout and try again later.. it's a balancing act between keepalives, threads, and sockets. Say an average of 10 seconds per outbound thread, 16 will do 96 per minute. 32 outbound threads = 192 emails per minute going out. 64 outbound threads = 384 emails per minute going out. Having run a big email list of over 1,000 users, and still running email lists that are currently low volume, most emails go out in under ONE SECOND. Using 24 mail threads worked fine for me back then, I now use 16. My wife likes to send out movie and PPS files to all her friends, and even those clear out very quickly, some at 20m in size. My Experience - outbound mail threads ============= Say an average of 2 seconds per outbound thread, 16 will do 480 per minute. 32 outbound threads = 960 emails per minute going out. 64 outbound threads = 1920 emails per minute going out. Anything more and you WILL deplete your sockets and cause problems so you will want Keepalive to be something like 5 seconds. If not, you might want to look at relaying all your outgoing emails via an upstream SMTP server. If you are sending out more than 1000 emails per minute all the time I suggest you get yourself onto a Unix box with commercial grade software. [I thought you said your customers were sending there emails out via there providers SMTP servers ?] Blacklists ========== I use rbl.comkal.net (internal - includes China, Korea etc) rbl2.comkal.net.in (internal - includes anyone I dont like, or places I'm not likely to want email from) zen.spamhaus.org bl.spamcop.net safe.dnsbl.sorbs.net I also blacklist anyone touching 20,21,22,23,25,42,80,110,443 ports on IP address's that they should not be attempting access on, at either end of my range, and in the middle. If you wish a DNS zone file similiar to rbl.comkal.net, see I dont share rbl2.comkal.net.in as it is a very individual file, what is good for me won't be good for you, anyone that uses BIND can create there own blacklist zone file, its not hard. FIREWALL ======== Order of rules is important for when/if they are excecuted. Ask me and I am happy to provide a copy of my InJoy FW FIRERULE.CNF file, and my current BLACKLST.CNF file that contains my current permanent blacklists IP ranges. I should clean it up and join ranges, bit like my httpd.conf file's rewrite rules, one day..