Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4733
Views
0
Helpful
4
Replies

Throttling email from a sender

Go to solution
GRAHAM CAREY
Level 1
Level 1

‎06-01-2016 03:48 AM

Hi Guys,

Our Ironport C170 just got hammered by high amount of inbound emails sent with the same subject from one sender to one recipient.

What we want to do is create a rule "if sender sends more than 100 messages in a minute return code 425". We don't want the sender to be static.

Is there any way we can achieve this?

Regards

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
martin.eppler
Level 1
Level 1
In response to GRAHAM CAREY

‎06-01-2016 04:54 AM

Hello Graham,

the counter is tied to the envelope sender address (mail-from SMTP command) and will count the envelope recipients (rcpt-to SMTP command) in the SMTP sessions. So if sender@example.com sends a one mail to user1@test.com, two mails to user2@test.com and one mail to user3@test-test.com the counter will read 4.

The AsyncOS 9.7 user guide on page 7-17 explains the parameter as follows:

Max. Recipients per Time Interval

The maximum number of recipients during a specified time period that this listener will receive from a unique envelope sender, based on the mail-from address. The number of recipients is tracked globally. Each listener tracks its own rate limiting threshold; however, because all listeners validate against a single counter, it is more likely that the rate limit will be exceeded if messages from the same mail-from address are received by multiple listeners.

Best regards,

Martin

View solution in original post

0 Helpful
4 Replies 4

Go to solution
martin.eppler
Level 1
Level 1

‎06-01-2016 04:34 AM

Hello Graham,

I think the "Rate Limit for Envelope Senders" option in the Mail Flow Policy section "Mail Flow Limits" could help you further here.  

Best regards,

Martin

0 Helpful

Go to solution
GRAHAM CAREY
Level 1
Level 1
In response to martin.eppler

‎06-01-2016 04:45 AM

Hi Martin,

Thank for you answer but want to make sure if i understand you correctly.

Even though sender sends high amount of emails to one recipient each email is treated as separate recipient for Ironport?

e.g. setting "Max. Recipients Per Time Interval:" to 100 will allow only 100 emails to be sent to example@example.com from sender@example.com ?

Best Regards

0 Helpful

Go to solution
martin.eppler
Level 1
Level 1
In response to GRAHAM CAREY

‎06-01-2016 04:54 AM

Hello Graham,

the counter is tied to the envelope sender address (mail-from SMTP command) and will count the envelope recipients (rcpt-to SMTP command) in the SMTP sessions. So if sender@example.com sends a one mail to user1@test.com, two mails to user2@test.com and one mail to user3@test-test.com the counter will read 4.

The AsyncOS 9.7 user guide on page 7-17 explains the parameter as follows:

Max. Recipients per Time Interval

The maximum number of recipients during a specified time period that this listener will receive from a unique envelope sender, based on the mail-from address. The number of recipients is tracked globally. Each listener tracks its own rate limiting threshold; however, because all listeners validate against a single counter, it is more likely that the rate limit will be exceeded if messages from the same mail-from address are received by multiple listeners.

Best regards,

Martin

0 Helpful

Go to solution
GRAHAM CAREY
Level 1
Level 1
In response to martin.eppler

‎06-02-2016 07:24 AM

Hi Martin,

Thank you it did the trick. Is there any way to get notification sent to an email address when sender is blocked? The only way we found is go to Monitor -> Rate limit and add "Top Offenders by Rejected Recipients" to the Dashbord

0 Helpful
Customers Also Viewed These Support Documents