Exchange 2013 edge server issues

Hello Team,

I have a customer who is experiencing some email delays. Although this happen randomly, they want to fix this issue. Our spam gateway provider [Symantec] advised this is because our internal exchange server configuration that does not accept too many connection at same time
Error

aaaaaa Log for recipient: xxxxx@companydomain.com
Received by Ecelerity Msg Id: 46/05-03199-A898C555
From: externaluser@externaldomain.com
To: xxxxx@companydomain.com
Date: Wed May 20 13:20 xxxxxx
Msg Size: 3691129
Source IP: 216.82.241.131
Delivery attempt failure - transient
Attempted delivery 46/05-03199-A898C555 to x.x.x.x on Thu May 21 14:53:40 2015
Error Message: "451 4.4.2 [internal] connection closed by remote host"
Retries attempt: 8
Time message queued: 92137.40seconds

Email flow
Incoming email comes from internet go to our MX records manages by our spam gateway at Message Labs, then goes to our external firewall, from the external firewall goes to F5 GTM, then flow to Edge servers in a DMZ, and from there finally goes to  CAS/MBX servers.
Exchange 2013 SP1 all servers
After looking at the edge configuration [Default receive connector], I can see following values:

Should I increase the value of Max Inbound connections and max inbound connections per source to a higher value?
What should be the right value for a company with the following email statistics?
What is the impact of increasing those values? Is this going to fix my issue?
Should I restart any windows service or the edge servers?
Any performance risk after changing this settings?

See below emails statistics

2900 /24 /60
42000 messages received per day
1750 messages per hour
29.2  messages  per min
EdgeServersSettings.jpg
Jerry SeinfieldAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AmitIT ArchitectCommented:
Are you sure it is delayed on you Edge server? Did you sent a test email from external network like gmail and yahoo and check how much time it takes to reach you. You can check it by reviewing message header. Also read:
https://technet.microsoft.com/en-us/library/bb232205(v=exchg.150).aspx

Increasing limits might impact server performance. You should check the edge application logs also for any errors or back pressure issue.
bluebookCommented:
Two thoughts here:
1)  If you are using MessageLabs and have configured your firewall according to their best practices (i.e. only allow port 25 from MessageLabs address ranges) then the number of sources from which you will actually receive mail will be very small (I would expect no more than 20, and more likely < 6 - you should be able to see this in your logs).  On the other hand the number of connections you get from individual sources will be much higher, for the same reason.  With your current settings you are effectively limiting number of connections to no more than 20 (sources) * 20 (connections per source) = 400, far less than the configured max of 5000.  So I would try increasing connections per source substantially, whilst leaving the overall maximum in place.

2) I don't think your description of the inbound flow is quite right.  F5 GTM does not actually accept traffic so far as I know, it just answers DNS requests.  By the time the connection hits your firewall any DNS queries have already been resolved, so it wouldn't even be being used for that.  I guess if your firewall is actually behaving as an SMTP proxy then it could conceivably be using the GTM to decide where to proxy to, but the connection itself would not be going through it.  Or did you mean LTM?  If the firewall *is* an SMTP proxy, then the cause of your problem could be there rather than the edge servers.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jerry SeinfieldAuthor Commented:
Hi Bluebook,

You are right, F5 GTM does not accept traffic , just answer DNS requests, what I meant was F5 LTM that are acting as proxy and forwarding all traffic to our Edge servers.

Having said that , what parameter should we look? where should we focus our troubleshooting process?

what are the right values to setup and what should be increased on the F5 LTM, Edge servers or firewall to allow connections per source to satisfy our email need?
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Jerry SeinfieldAuthor Commented:
please, explain per item[F5 LTM, Firewall, edge}
Jerry SeinfieldAuthor Commented:
updateS?
Jerry SeinfieldAuthor Commented:
Any updates to my last comment?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.