Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Maximum state entries per host

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 2 Posters 5.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fabifri
      last edited by

      dear forum users,

      i have the following problem with my new pfsense 1.2.3 box:
      i am using the "pop3 connector" from microsoft's "small business server", to check approx. 50 pop3 mailboxes each minute. so my "small business server" makes 50 connections for dns quieries and another 50 connections for the pop3-traffic.
      the problem is, that i got regularly some error messages in my server's event log. with my previous firewall (Zyxel ZyWall 10) i did not got the error messages after i set the "maximum connections per host" to 1024.

      in pfsense, i have set 20000 as the "maximum state table size" in "advanced options" in the main menu.
      now i am looking for an option to increase the "maximum connections per host"-value in pfsense.

      i thought i just can increase it in the "Default LAN -> Any"-Rule the option "Maximum state entries per host" but i am not sure if it works? and if it's on the right place to set? and what about the other 3 options, how do i have to set these?

      thanks for your answers,

      regards
      fabian

      PS: the router hardware is an "OPNsense pfSense Appliance HD Rack Edition"

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        By default there is no limit, so unless you set one, that won't be limited by the router.

        It's possible that the connections are happening so fast now that your ISP is limiting the number of concurrent POP connections. Is there a way you can instruct the POP3 connector to throttle its connections a bit instead of trying all 50 at once? and checking that many every minute seems a bit excessive to me, having run mail servers for years, I cringe at hearing people check mail every minute. E-mail isn't meant to be an IM, it's not supposed to be "instant". You're really just wasting a lot of resources on the upstream ISP mail server :-)

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • F
          fabifri
          last edited by

          Hi jimp,

          thanks for your answer. i have not set up that POP3-Connector - but i think i will have a talk to my collegue, to set the interval higher than 1 minute. (3 minutes or so).
          the problem: at the microsoft pop3-connector i can not set up that the e-mail mailboxes were checked once by another - it will always do the check on all mailboxes the same time.

          i have set up now some values at the "Default LAN->Any"-Rule:

          Simultaneous client connection limit: 4096
          Maximum state entries per host: 1024
          Maximum new connections / per second: 512/1
          State Timeout in seconds: 180

          Global Settings:

          Firewall Mode: conservative
          Max. State Table Size: 20000

          I still get the POP3-Errors. I set up the POP3-Connector to 2 minute interval - in a few weeks i will set up a direct SMTP MX record to our exchange server.

          I also had this errors in the windows event log while we had the ZyWall 10 - but as i said, i set up the maximum connections per client to 1024 - and the errors didn't came back again - till i installed pfsense last week. i was looking for a secure firewall and gateway - whoch pfsense is. but these errors, i'm sure, are triggered by pfsense…

          thanks + regards
          fabian

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.