|Applies To||RSA Product Set: DLP|
RSA Product/Service Type: Data Loss Prevention, Network
RSA Version/Condition: 9.6, 9.6 SP2
O/S Version: EL6
|Issue||Connection throttling on MTA for Interceptor outgoing email. MTA running on the Interceptor is Sendmail. there are throttling control available on the MTA level and on Interceptor.|
Smarthostmaxconnection in nwsystemconfiguration.xml on Interceptor limits the number of connections to outgoing MTA. However, it is possible to get into situation where too many Sendmail processes are processing queues. These queue processors are children of the mail Sendmail process. If there are more than 20 connections observed at a time then MTA throttling can be controlled via this Sendmail M4 variable "confMax_queue_children".
M4 variable: MaxQueueChildren
Limits the maximum number of concurrent queue runners active. This is to keep system resources used within a reasonable limit.
nwsystemconfig.xml configuration: smarthostmaxconnection
By default the value is set at 20, this is the maximum smarthost connection on the Interceptor
Add the following M4 variable define(`confMAX_QUEUE_CHILDREN', `num') into the Sendmail configuration to limits the maximum number of concurrent queue runners for outgoing email on the Interceptor.
Use a suitable number as it will reduce the number of children running on mail-out queue which eventually reduce connections. Replace num with the appropriate value.
Important Note: Ensure the appropriate grave accent symbol is used ( ` ) at the beginning of the variable and single quote ( ' ) at the end of the variable.
An example setting provided below.
moncmd restart interceptor