Email Security: Options to reduce Mail Volume Overhead / Improve SMTP performance

09/27/2022 1,036 People found this article helpful 484,622 Views

Description

Resolution

Options to reduce Mail Volume Overhead / Improve SMTP performance

This article is assuming that there are no issues with basic mailflow and that it is currently up and running.

Resolution or Workaround:

Make sure that these false alerts are not occurring due to misconfigurations or optimizing options due to maiflow volume or environment related performance.

Q: When configuring my inbound mailflow, should I opt for proxy or mta? Which option is right for me? (Proxy vs. MTA)

A: Generally speaking, proxy may have a slight improvement in response from Email Security, but should be reserved for lower volume deployments as high volume may result in slower response time. Choosing MTA helps offset the overhead being placed on your mailserver as Email Security effectively becomes a store and forward option. This is more efficient when than proxy in high volume scenarios.

Q: What are some other settings I can adjust for to help reduce the overhead on my SMTP engine and allow for faster response times?

A: Some features of the product when enabled along with other features can cause additonal overhead and cause the "Not Responding to SMTP Alerts" to take place more frequently. A lot of these settings may be set depending on mailflow volume and environmental needs and will vary from each environment. (These setting suggestions are basic changes to reduce the impact of frequent SMTP alerts. Should you have any questions about these settings and the effect on your environment, please contact technical support).

Make sure you do not have any probe accounts listed. Removing these will not have any ill affect on your mailflow.

Disable any third party RBL's. The most common error is listing a thrid party Blacklist service without properly going through the service level agreement of that Blacklist service. More often times than not, these thrid party Blacklist services will require soem sort of registration or subscription and can result in throttling of your traffic if certain treshholds are met.

Q: What other performance settings are available to increase SMTP operability and efficiency?

(This feature is only available in versions 7.x and up).

A: In addition, to reduce performance overhead on your Email Security server, you can enable GRID Network IP Reputation. GRID Network IP Reputation is the reputation a particular IP address has with members of the SonicWall GRID Network. When this feature is enabled, email is not accepted from IP addresses with a bad reputation. When SonicWall Email Security receives a connection from a known bad IP address, it responds with a 554 No SMTPd here error and the SMTP session is rejected.This will reduce overhead performance by dropping SMTP connections based on IP reputation from our GRID network. With this feature enabled, it will allow for unwanted SMTP sessions to be dropped at the conenction level before the message passes through our filtering process making for efficent performance.

Navigate to Manage> Security services > Connection Management

NOTE: This feature is useful only for Email Security servers that are running as the "first touch" server (receiving email directly from the internet). SonicWall recommends disabling GRID Network IP Reputation if Email Security is not first touch. Please note, this feature is only available in versions 7.x +.

Another few minor tweaks to reduce unnecessary load on your Email Security server are the Throttling options and the Greylisting options. These option can all be found on the Security services > Connection Management page. You want to be careful when setting the threshholds for Throttling as these setting should be dependent on you environment. Every deployment of Email Security will vary on the amount of mailflow volume during certain peaks hours. Not taking these things into account and without prior monitoring to baselinge the peaks and valleys of daily mailflow may result in critical delays in mailflow.

Q: What is Greylisting?

A: Greylisting discourages spam without permanently blocking a suspicious IP address. When greylisting is enabled, Email Security assumes that all new IP addresses that contact it are suspicious, and requires those addresses to retry connecting before it will accept the email. (This feature is only available in version 6.2.X and up).

CAUTION: Enabling greylisting may cause good email to be delayed. The mail should be delivered within 15 minutes, depending on the configuration of the sending MTA. This feature is useful only for Email Security servers that are running as the "first touch" server (receiving email directly from the internet). SonicWall recommends disabling greylisting if Email Security is not first touch.

Q. Policy Filters

A: Have minimal policy filters as much as 20. Instead having multiple contidions in a single policy filter make use of dictionary wherever it is applicable.

NOTE: After all of these steps have been taken, and the alerts are still taking place, we will need to review the MlfAsgSMTP.logs to determine what is taking place with our SMTP engine. To do this, it would be most helpful to collect the mlfasgsmtp.log in log level 2. You can find this log and the log setting on the Advanced page under the System section.

Not Finding Your Answers?

ASK THE COMMUNITY

Was This Article Helpful?

YES NO

Email Security: Options to reduce Mail Volume Overhead / Improve SMTP performance

Description

Resolution

Related Articles

Categories

Not Finding Your Answers?

Was This Article Helpful?

Article Helpful Form

Article Not Helpful Form

Follow Us

Subscribe to newsletter

Stay In Touch