When: 2004-02-27
Duration: 1 - 15 minutes
Window: 12:00 AM to 2:00 AM EST

The proxies on the community servers that allow site owners to access their email accounts by POP3 and IMAP are being replaced with new versions of the programs. During the upgrade activity, you may experience an interruption in your ability to receive mail via POP3 or IMAP. These new programs support several important new features that are required for FutureQuest's ongoing expansion.

The only change that may be immediately visible to site owners will be a restriction in the number of connections that are allowed for each client IP. IMAP and POP3 will both be restricted to 10 simultaneous connections per IP. These limits are being set up to ensure that our mail systems are not as vulnerable to denial of service attacks, and so remain available to our site owners for legitimate use.

[Limits were increased to 10 as noted in http://www.aota.net/forums/showthread.php?postid=107527#post107527]

What will be the result if more than the maximum number of connections is attempted?

Betsy

Does keeping my IMAP mailbox "open" tie up a persistent connection, or is it only when I actually do something, like opening a message or changing folders?

Randall

Originally posted by Randall:
Does keeping my IMAP mailbox "open" tie up a persistent connection, or is it only when I actually do something, like opening a message or changing folders?

Randall That would depend on your email client and also possibly on how you have it configured.

Some clients will tie up the connection the whole time. Some don't. Some will open multiple connections, one for each folder you have open.

Guess I'll have to experiment and wait for Terra's Silver Hammer to come down upon my head. ;)

Randall

Is that 4 sessions per POP box?

Is that 4 sessions per POP box? No, that's 4 simultaneous connections to the POP server originating from 1 IP address. It's not linked to mailboxes.

In other words, one computer (*) may only open 4 connections to the POP server at the same time. Four, or more, different computers (from different IP addresses) accessing one mailbox is not a problem.

POPping more than 4 mailboxes should be no problem, if it's done sequentially. 'Check mailbox(es)', 'close connection', repeat.

(*) computers on a LAN, that use one common gateway, will be seen as one computer

Arthur

Thank Arthur. Don't you think you will run into problems with offices that use a router/switch to share one IP? As an example, I have a real estate office with 17 POP boxes. I'm guessing the whole office is on one IP. <edit>Occasionally a group larger than 4 might randomly all check POP at the same time. And then since the clients are set to check every x minutes, they will race into the same situation on the next check?</edit>

Even more simply, I routinely check 5 mailboxes at the same time. That's about the maximum number of Eudora sessions that particular WindowsXP rig seems to be able to handle. And it shares an IP with 5 or 6 other computers, which also check FQ POP boxes periodically. <edit>The situation is, I walk into the office and check all the mailboxes, as an archive, then go do something else.</edit>

So :waa:

In any case, I'm glad FQ is announcing this and not just implementing it in the dark like many hosts would. But I hope you'll reconsider, and make the maximum number of connections closer to the number of POP boxes allowed on a medium-sized account.

Super simple example. Say they are not my decorous, pleasant real estate people, but a big group of hairy saleguys. They all come back from a meeting, and sit down at their desks to check their emails. The emails are full of dumb jpegs, and they have a cheapo LAN with 40 users squeezed onto a DSL connection. So each POP session takes minutes, not seconds. "Oh, man, we only get 4 connections to the internet! This is bogus. Hurry up with your lexus.jpg, I want my janet.jpg." Etc. :D

We will be actively monitoring the connection rates and make adjustments as necessary...

In this case, the Golden Rule applies, it is far easier to give - than it is to take it away... ;)

--
Terra
--our initial limit has been based on historical analysis--
FutureQuest

The proxies have been upgraded across the board, and are performing as expected.

OK, I am using outlook 2002 and have 7 email accounts that I check. Now that you have implemented this change it will only check the first 4 email accounts out of the 7. Does anyone know how to restrict concurrent connections within outlook 2002? Any ideas would be appreciated...

Rich

I think I might have a connection problem now, too. For the past 2-3 hours, I've only been able to connect to one of my accounts. I connect to both run-down.com and abledesign.com simultaneously, and abledesign.com keeps failing to connect. I tried offsetting the connection times between the two accounts, but that didn't make any difference.

edit: Hmm, I just tried logging into the abledesign.com account via QuestMail, and I get the not so informative redirect.php error:

ERROR:
Possibly related? I can log in fine to the run-down.com account via QuestMail.

Dan

Anything? I still can't connect to my abledesign.com account. :(

Dan

Hi Dan,

Please try your access to abledesign.com email again and let us know...

It appears there may have been a few domains affected by a DNS issue as a result of the updates last night.

-Bob

Anyone know how to limit concurrent connections on Mailsmith 2 (Mac OS X) then?

TIA!

Still no luck.

Dan

Hi again Dan,

Can you access your email account via telnet/SSH ?

Before the DNS issue was corrected your POP server refused connections. After it was corrected I tested and the POP server was again available...

$open abledesign.com 110
+OK
-Bob

Yeah, I can get in via telnet, but I still can't connect through the email client (TheBat!). Just tried restarting it and no change. I don't know if a full reboot would reset any DNS complications?

Dan

Due to the default behavior of Eudora (and apparently other clients) when checking multiple mailboxes, We have increased the limits to 10 simultaneous connections per IP. This behavior was not anticipated when the original limits were set up.

Anything that needs to be done on my end to make that change take effect? I'm still running into a brick wall...

Dan

Hi again Dan,

It appears you are still using xdom as a prepend to your email username. Try just the username without prepending the xdom.

This is a result of a Legacy issue (Legacy is sometimes the same as "Gotcha" in this biz).

There were a few domains that were originally setup on Shared IP addresses but were later converted to a Dedicated IP due to Private Secure Cert installations. These accounts still were using xdom-user forms of email usernames.

However as a result of the proxy updates last night these domains were brought into line with pure Dedicated IP requirements which do not allow the use of xdom-username. These domain now require only the username or full email address.

To recap ;)
Shared IP must use either:
xdom-username
user@example.com (replacing user with specific username and example.com with your domain and TLD)

Dedicated IP must use either:
username
user@example.com (replacing user with specific username and example.com with your domain and TLD)

*Note: Some email clients exhibit difficulties when trying to use user@example.tld as a username (some "generally Older" email clients would strip off the @example.tld part to be "helpful") which is why it is not generally provided as a normal setting)

The use of user@example.tld has been supported since the introduction of PT01 just for historical purposes.

Once again our apologies for any confusion,
Bob

Ah, there we go. Now the mail's flowing! :)

I suppose that makes sense, because abledesign.com recently had SSL added to the account. That would explain why that's the account I couldn't get into.

Dan

Dan thanks for the update and glad it's working properly now.

Originally posted by msealey:
Anyone know how to limit concurrent connections on Mailsmith 2 (Mac OS X) then?

TIA! Just an update on Mark's question... His problem was corrected with the updating of the concurrent connections from 4 to 10. However as a side note he contacted us at the Service Desk and passed on a reply email from the folks responsible for Mailsmith that there is no option to change concurrent connections as there is in Eudora :(

-Bob

I haven't found any info on connection limits in Mozilla Mail or Thunderbird. Anyone know if there is one?

Fooling around with the Netstat command, I can see Thunderbird opening a new connection for each IMAP folder I access -- and keeping it open even after I move on to other folders. When the status eventually changes from ESTABLISHED to CLOSE_WAIT, is the connection still active as far as the server is concerned?

Outlook Express seems to maintain two connections, no matter how many folders I open. Maybe because there's no way to have more than one of them open at a time anyway. (Mozilla can open multiple mailbox windows, just like the old Netscape.)

Normally I only use the Inbox, so it's not going to be a problem for me. I don't have enough accounts to trigger the POP limit.

Randall

Only connections in the ESTABLISHED state would count towards the total. The CLOSE_WAIT state indicates that the remote end has closed the connection, and the local side is waiting for the application to drop the socket.

Cool. So Thunderbird does close the unused connections eventually.

I supose my Inbox connection will always be open because it's checking for new mail on a regular basis. But since I'm the only one using IMAP (at home or at the office), that won't be a problem. :D

Randall

Originally posted by Bob:
Hi again Dan,

It appears you are still using xdom as a prepend to your email username. Try just the username without prepending the xdom.

This is a result of a Legacy issue (Legacy is sometimes the same as "Gotcha" in this biz).

There were a few domains that were originally setup on Shared IP addresses but were later converted to a Dedicated IP due to Private Secure Cert installations. These accounts still were using xdom-user forms of email usernames.

However as a result of the proxy updates last night these domains were brought into line with pure Dedicated IP requirements which do not allow the use of xdom-username. These domain now require only the username or full email address.

To recap ;)
Shared IP must use either:
xdom-username
user@example.com (replacing user with specific username and example.com with your domain and TLD)

Dedicated IP must use either:
username
user@example.com (replacing user with specific username and example.com with your domain and TLD)

*Note: Some email clients exhibit difficulties when trying to use user@example.tld as a username (some "generally Older" email clients would strip off the @example.tld part to be "helpful") which is why it is not generally provided as a normal setting)

The use of user@example.tld has been supported since the introduction of PT01 just for historical purposes.

Once again our apologies for any confusion,
Bob

I notice that on my www.Belize.com accounts I cannot log in using username but have to use the older xbelize-username or the username@belize.com With Outlook I cannot user username. This has been causing one of my programs to malfunctiuon. This is FFBilling Manager which has a built-in email function. Can my account be updated so that it uses either username or username@belize.com ?

Hello,

All accounts have the ability to use username@example.com formatted email usernames.

You can either use xdom-username or username@example.com when on a shared IP address...

However if you find that you absolutely must have a dedicated IP address due to a program - application - software requirement then this Knowledgebase Article would be useful.
http://Service.FutureQuest.net/index.php?_a=knowledgebase&_j=questiondetails&_i=459

-Bob

Thanks for the usual speedy and informative response. I've paid for and put in the request at the Service Desk. One more reason why Fquest rules!

Originally posted by mromero:
Thanks for the usual speedy and informative response. I've paid for and put in the request at the Service Desk. I just replied to your Service Desk ticket with one additional point of clarification... may save you some money :)

-Bob

Hi

When I go to the ticket desk
http://service.futurequest.net/index.php?_a=tickets&_m=view

I only see old tickets dating back to 6 Feb.

Regards

Hi again,

I just took a look at your Ticket and the email address submitted was 'webmnaster@' and I assume it should have been 'webmaster@" which i will send another reply to now...

Thanks,
Bob