Configuring profiles : Configuring session profiles : Configuring SMTP limit options
Configuring SMTP limit options
This procedure is part of the session profile configuration process. For general procedures about how to configure a session profile, see “Configuring session profiles”.
1. Go to Profile > Session.
2. Click New to create a new session profile or double click on an existing profile to edit it.
3. Click the arrow to expand SMTP Limits.
4. Configure the following:
 
GUI item
Description
Restrict number of EHLO/HELOs per session to
Enter the limit of SMTP greetings that a connecting SMTP server or client can perform before the FortiMail unit terminates the connection. Restricting the number of SMTP greetings allowed per session makes it more difficult for spammers to probe the email server for vulnerabilities. (More attempts results in a greater number of terminated connections, which must then be re-initiated.)
Restrict number of emails per session to
Enter the limit of email messages per session to prevent mass mailing.
Restrict number of recipients per email to
Enter the limit of recipients to prevent mass mailing.
Cap message size (KB) at
Enter the limit of the message size. Messages over the threshold size are rejected.
Note: When you configure domain settings under Mail Settings > Domains, you can also set the message size limit. Here is how the two settings work together:
For outgoing email (for information about email directions, see “Incoming versus outgoing email messages”), only the size limit in the session profile will be matched. If there is no session profile defined or no IP-based policy matched, the default size limit of 10 MB will be used.
For incoming email, the size limits in both the session profile and domain settings will be checked. If there is no session profile defined or no IP-based policy matched, the default size limit of 10 MB will be compared with the size limit in the domain settings. FortiMail will use the smaller size.
Cap header size (KB) at
Enter the limit of the message header size. Messages with headers over the threshold size are rejected.
Maximum number of NOOPs allowed for each connection
Enter the limit of NOOP commands permitted per SMTP session. Some spammers use NOOP commands to keep a long session alive. Legitimate sessions usually require few NOOPs.
Maximum number of RSETs allowed for each connection
Enter the limit of RSET commands permitted per SMTP session. Some spammers use RSET commands to try again after receiving error messages such as unknown recipient. Legitimate sessions should require few RSETs.