For whatever reason, many people do not impose message and mailbox limits. My guess is that they have probably never really seen the need for them or weren't aware of their importance to begin with. At a high level, the key benefits of configuring message and mailbox limits include the ability to properly design your Exchange storage architecture and maintain a decent database size. In addition, they help to ensure that you do not run out of disk space on the database disk drive, flood the network with unnecessary traffic, or degrade the performance of your messaging system. By imposing limits you can stop those users who send 100MB mpeg files (and make them realize that there is FTP or DFS for that!).
The following is a list of issues you may face if a proper mailbox or message size policy is not in place:
Performance - This is a concern for two reasons. Firstly because over time, as more and more data builds up in each mailbox, the storage subsystem will not be able to cope with the I/O throughput required. This can eventually lead to an I/O bottleneck and degradation in performance. Secondly, when user's mailboxes start to grow, they will be more likely to install desktop search applications, some of which utilize Exchange server resources either as part of a search or when building the search index.
Anti-virus scanning performance - If an anti-virus scanning product needs to scan very large files, it will utilize a lot of system resources and will slow down the scanning of other items that enter the messaging system.
Reduction in anti-spam protection - Some anti-spam products will not scan messages that are over a certain size.
Network utilization - If users can send or receive messages of any size and have unlimited mailboxes, network utilization will increase as they send large messages to each other.
Cost - Over time, managing large mailboxes will cost more if you consider the storage and backup requirements of each mailbox.
Backup restore time - Restoring from a backup will take longer if you have large mailboxes to restore.
DOS (denial-of-service) attack - This is probably the most concerning one to me. Without mailbox and message limits, internal or external users can easily carry out a denial-of-service attack by sending a large amount of messages with large attachments, causing Exchange to utilize all its resource and eventually the system to fail. By configuring message and mailbox limits, you can reduce the likelihood of this happening.
At the end of the day, it is upper management who need to ultimately decide whether limits should be imposed, and a proper policy about message system limits must be drawn up based on organizational requirements, functionality and system availability. When creating such a policy, or deciding on whether to impose limits or not, one must keep in mind what size limits to impose on incoming and outgoing messages and whether there are any users who should always be able to send and receive large messages, irrelevant of the limits (probably most of the management team will want this).
In this article we will look at how to impose limits on:
- An entire mailbox database
- Each mailbox individually
- The message itself
Setting Limits on the Mailbox Database
To configure limits on the mailbox database, following the instructions below:
From the Exchange Management Console, navigate to Server Configuration | Mailbox node.
At the Database Management bottom pane, right click the mailbox database you wish to configure and select properties.
Click the Limits page.
Under Storage limits, Issue warning at (KB) specifies the limit at which the user is sent a warning e-mail indicating when they are nearing the storage limit. Prohibit send at (KB) is the limit at which Exchange will prevent the user from sending or replying to e-mails until they clear some data from their mailbox. Prohibit send and receive at (KB) is the limit at which Exchange will prevent the user from sending or receiving e-mails.
Once you have set the desired values, press Apply and OK to close the Mailbox Database properties.
You can also configure these settings from the Exchange Management Shell issuing the Set-MailboxDatabase cmdlet and passing the IssueWarningQuota, ProhibitSendQuota and ProhibitSentReceiveQuota parameters. Here is an example:
Set-MailboxDatabase "Mailbox Database"
-IssueWarningQuota:500MB
-ProhibitSendQuota:550MB
-ProhibitSendReceiveQuota:600MB
Setting Limits on Individual Mailboxes
To configure limits on an individual mailbox, follow the instructions below:
From the Exchange Management Console, navigate to Recipient Configuration.
Right click on the desired mailbox name and select properties.
-
In the Mailbox Settings tab, double click the Storage Quotas option to bring up the Storage Quotas dialog.
Uncheck Use mailbox database defaults and enter the desired values. Press OK to close the Storage Quotas dialog and apply the settings.
Note: Storage quotas on an individual mailbox override the settings of the mailbox database.
You can also configure these settings from the Exchange Management Shell issuing the Set-Mailbox cmdlet and passing the -IssueWarningQuota, -ProhibitSendQuota and -ProhibitSendReceiveQuota parameters. An example follows:
Set-Mailbox "Raymond Spiteri"
-UseDatabaseQuotaDefaults $False
-IssueWarningQuota:500MB
-ProhibitSendQuota:550MB
-ProhibitSendReceiveQuota:600MB
Tip: For messages that aren't delivered due to imposed size limit restrictions, an NDR is generated and submitted to the sender, informing them of why the message failed to be delivered.
Setting Message Specific Limits
The different types of size limits that are available for messages include:
- Message size - this is the total message size including all parts, such as header fields, body, and attachments
- Recipients - the total number of recipients in a message. This is useful for helping to prevent abuse of the messaging system (so users cannot bombard their fellow co-works with non work related e-mails for example)
- Message headers - the total size of the message header fields
- Attachment size - the size of individual attachments
There are various points within Exchange 2007 where you can set the above mentioned limits. By default, Exchange 2007 limits the maximum size of incoming and outgoing messages to 10MB. This is a global setting that can be set from:
Exchange Management Console | Organization Configuration | Hub Transport | Global Settings
Here double click on Transport Settings and set the Maximum send size option.
This dialog also allows you to set the maximum number of recipients that a user can send to, from the Maximum number of recipients option.
These settings can be configured from the Exchange Management Shell using the Set-TransportConfig cmdlet and passing the MaxReceiveSize, MaxSendSize and MaxRecipientEnvelopeLimit parameters. An example is shown below:
Set-TransportConfig
-MaxReceiveSize:20MB
-MaxSendSize:20MB
-MaxRecipientEnvelopeLimit:250
You can also configure sending and receiving message size settings on a per mailbox basis. To do this, from the Exchange Management Console, navigate to Recipient Configuration | Mailbox and right click on the desired mailbox. Then, click the Mail Flow Settings page and double click the Message Size Restrictions option. Here you can set the size limits for incoming or outgoing messages, as shown in the image below.
To configure these settings via the Exchange Management Shell, use the Set-ReceiveConnector and Set-SendConnector cmdlets, as shown in the example below:
Set-ReceiveConnector "<Connector Name>" -MaxMessageSize:15MB
Set-SendConnector "<Connector Name>" -MaxMessageSize:15MB
The option I wanted to highlight in this section was that of setting a maximum size for the message headers. You can do this via the Exchange Management Shell by passing the MaxHeaderSize to the Set-ReceiveConnector cmdlet, as shown below:
Set-ReceiveConnector "<Connector Name>" -MaxHeaderSize:128KB
Finally, I wanted to touch on setting limits for the attachment size. There may be a policy in your organization that does not allow users to send attachments larger than 5MB. Using Transport Rules, you can configuration your Exchange Server to reject individual attachments that are larger than the specified size. To do this, follow the instructions below:
Navigate to Organization Configuration | Hub Transport | Transport Rules.
To launch the New Transport Rule Wizard, right click anywhere on the empty space and select "New Transport Rule", or from the Actions pane, click "New Transport Rule".
On the first page, give the rule a name and description and click Next.
On the Conditions page, check the options "from users inside or outside the organization" and "when the size of any attachment is greater than or equal to limit". Now configure these options accordingly by clicking on the blue text in the bottom pane. Choose whether you want the rule to apply to incoming or outgoing message by clicking on "Inside" or "Outside" respectively, and enter a value for the size for the attachment.
Click Next to take you to the Actions page. From here, select what you want to do with the message once the rule is met. Let's choose "send bounce message to sender with enhanced status code" so that an NDR will be generated and press Next.
From the Exceptions page, choose if you want the rule not to apply to certain people and press Next.
On the Create Rule page, click New to create the rule and then press Finish.
Conclusion
I will end this article on the same note that I started with, in stressing the importance of first defining a message and mailbox limits policy. When doing this you need to strike a balance between availability, functionality and organizational needs. Also, another thing you might consider, in addition to imposing message and mailbox limits from within Exchange 2007 itself, is that you can use an archiving solution to help take the load off your Exchange Server and keep the messaging data on an SQL Server, for example.