DLP Connection throttling on MTA for Interceptor outgoing email
Originally Published: 2015-11-05
Article Number
Applies To
RSA Product/Service Type: Data Loss Prevention, Network
RSA Version/Condition: 9.6, 9.6 SP2
Platform: CentOS
O/S Version: EL6
Issue
Smarthostmaxconnection in nwsystemconfiguration.xml on Interceptor limits the number of connections to outgoing MTA. However, it is possible to get into situation where too many Sendmail processes are processing queues. These queue processors are children of the mail Sendmail process. If there are more than 20 connections observed at a time then MTA throttling can be controlled via this Sendmail M4 variable "confMax_queue_children".
MTA throttling
M4 variable: MaxQueueChildren
Limits the maximum number of concurrent queue runners active. This is to keep system resources used within a reasonable limit.
Interceptor throttling
nwsystemconfig.xml configuration: smarthostmaxconnection
By default the value is set at 20, this is the maximum smarthost connection on the Interceptor
Tasks
Resolution
- Log on to the Interceptor with tablus user.
- From the tabmenu Exit to the shell window by selecting option 6) Advanced.
- Then select option 1) Exit to Shell from the tabmenu.
- Change directory to /opt/tablus/config/sendmail/mail-out.
- Edit the sendmail.mc file.
Add the following M4 variable define(`confMAX_QUEUE_CHILDREN', `num') into the Sendmail configuration to limits the maximum number of concurrent queue runners for outgoing email on the Interceptor.
Use a suitable number as it will reduce the number of children running on mail-out queue which eventually reduce connections. Replace num with the appropriate value.
Important Note: Ensure the appropriate grave accent symbol is used ( ` ) at the beginning of the variable and single quote ( ' ) at the end of the variable.
An example setting provided below.
Use a suitable number as it will reduce the number of children running on mail-out queue which eventually reduce connections. Replace num with the appropriate value.
Important Note: Ensure the appropriate grave accent symbol is used ( ` ) at the beginning of the variable and single quote ( ' ) at the end of the variable.
An example setting provided below.
define(`confMAX_QUEUE_CHILDREN', `20')
- Save the chance to the Sendmail.mc
- Restart Interceptor for the configuration change to take effect
moncmd restart interceptor
Related Articles
How to purge the outgoing email queue on RSA Via Lifecycle and Governance Number of Views CPU throttling on IIS web server with RSA SecurID Authentication Agent 7.1.3 for Web to prevent 100% CPU spike from pipese… Number of Views Troubleshooting RSA SecurID Access Identity Router to RSA Authentication Manager test connection failures Number of Views Test connection failed. One or more directory connections is incorrect error during testing connection from RSA Authentica… Number of Views LDAP authenticator based on Active Directory Identity Collector fails with the error 'Connection could not be established … Number of Views
Trending Articles
Connection fails to Cloud Authentication Service when connecting through a proxy server from RSA Authentication Manager to… Downloading RSA Authentication Manager license files or RSA Software token seed records Unable to login to RSA Authentication Manager Security Console as super admin RSA Authentication Manager 8.9 Release Notes (January 2026) How to manipulate imported RSA SecurID Software Token(s) on an iPhone or iPad device
Don't see what you're looking for?
