This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello,
The theory: https://learn.microsoft.com/en-us/exchange/message-size-limits-exchange-2013-help
The practice (Exchange defaults):
The question: the default Exchange configuration (namely, the receive connector's limit = 36MB while the organization transport limit = 10MB) contradicts the theory ("...you should set more restrictive limits at the points where messages enter your infrastructure") - why?
Thank you in advance,
Michael
Yea, its probably over-complicated and has caused a number of questions over the years.
I always recommend making ALL the limits the same across all of the connectors ( receive and send ) and the org level limit. If I want to set exclusions, then I will then use a mail flow rule to drop messages from specific senders or members in a group.
Much easier to maintain and you dont have to think about which connector is set to what. :)
Not sure what you are asking actually?
The org limits are more restrictive by default. Now, why they dont match the default receive connectors? Probably the idea there is that internal messages will get a higher limits between Exchange Servers and from internal processes versus anonymous messages to and from the internet. Alot of that is legacy ( the 10MB) from the old days when bandwidth was at a premium.
"The org limits are more restrictive by default." - I'm asking exactly because of this. The theory reads "~you should do the opposite". What's the purpose of allowing an incoming message (for example with the size of 25MB) through a recive connector just to discard it at the organization level?
"Make sense?" - yes, but only for the internal clients. My question was regarding the Default Frontend connector which is primarily used for anonymous connections so it is the Connector limit which should be set 10MB ("If the org limits and the connector limits are the same then its fine.").
"If however, the org limit is 10 MB and the connector limit is 35MB, then a 15MB message from the internet will be rejected. " - yes, it will, but NOT at the point where the message first enters organization ("...you should set more restrictive limits at the points where messages enter your infrastructure").
Thank you all for your help!
Regards,
Michael Firsov
No problem. Take Care!
"the restrictions on the size of messages are the highest at the organization level." - no, they are the lowest (at least at their defaults: org limits - 10MB, connectors 35/36MB).
"I always recommend making ALL the limits the same across all of the connectors ( receive and send ) and the org level limit. " - I agree!
"It will fail at the point it enters the org because the first receive connector that accepts it will check the org limits first since its anonymous from the internet. If the message is over the limit, then it will be rejected then. Its not accepted then refused later in that scenario. " -mmm, sounds strange to me because - theoretically - if it were so MS would not have published the following:
"any message size restrictions on your Receive connectors that receive messages from the Internet should be less than or equal to the message size restrictions you configure for your internal Exchange organization".
According to your example the connector's limit doesn't matter at all - the org limits would be checked before the connector limits - is it really so???
Regards,
Michael
t will fail at the point it enters the org because the first receive connector that accepts it will check the org limits first since its anonymous from the internet.
Oops, sorry, misspoke there a bit. Yes, from what I have seen, if the receive connector limit is larger than the org limit, it will accept the anonymous message from the internet if its less then the connector limit, then reject it later if its larger then the org limit. ( Essentially, the connector advertises its size limit in the SMTP conversation so it will allow it)
See? This stuff is confusing. lol. I apologize. Thanks for catching that!
No problem :) As far as I understand MS would better configure at least the Default Receive connector's limit to be the same as the org limit - it's weird that their defaults do not follow their own recommendations.
AndyDavid, thank you very much for your help!!!
Regards,
Michael
Well the org level takes precedent over the connector setting for anonymous messages.,
So if you have a 10MB max send and receive org level setting, and a message from the internet arrives that is 15 MB, it will be dropped and the connector message size limit doesnt come into play. For that reason, the org limits must be the most restrictive and the max send and receive should always match.
More info:
An exception to the order is message size limits on mailboxes and messages size limits in mail flow rules. Exchange checks the maximum message size that's allowed on mailboxes before mail flow rules process messages. For example, your organization's message size limit is 50 MB, you configure a 35 MB limit on a mailbox, and you configure a mail flow rule to find and reject messages larger than 40 MB. If an external sender sends a 45 MB message to the mailbox, the message is rejected before the mail flow rule is able to evaluate the message.
Recipient limits between authenticated senders and recipients (typically, internal message senders and recipients) are exempt from the organizational message size restrictions. Therefore, you can configure specific senders and recipients to exceed the default message size limits for your organization. For example, you can allow specific mailboxes to send and receive larger messages than the rest of the organization by configuring custom send and receive limits for those mailboxes.
However, this exemption applies only to messages sent between authenticated senders and recipients (typically, internal senders and recipients). For messages sent between anonymous senders and recipients (typically, Internet senders or Internet recipients), the organizational limits apply. For example, suppose your organizational message size limit is 10 MB, but you configured the users in your marketing department to send and receive messages up to 50 MB. These users will be able to exchange large messages with each other, but not with Internet senders and recipients (unauthenticated senders and recipients).
This case "So if you have a 10MB max send and receive org level setting, and a message from the internet arrives that is 15 MB, it will be dropped and the connector message size limit doesnt come into play. " contradicts the theory:
"The goal is to reject messages that are too large as early in the transport pipeline as possible. For example, it's a waste of system resources for the Internet Receive connector to accept large messages that are eventually rejected because of a lower organizational limit. ".
The only way to adhere to the theory above is to configure the receive connector limit to at least the same value as the organization limit - to prevent " a waste of system resources for the Internet Receive connector to accept large messages that are eventually rejected because of a lower organizational limit". That's why I can't perceive the Exchange default limits... :(
The org limits apply to anonymous messages.
Recipient limits between authenticated senders and recipients (typically, internal message senders and recipients) are exempt from the organizational message size restriction
If the receive connectors have a 35MB limit and two authenticated Exchange Users send a message to each other between two Exchange Servers, then the 35MB limit applies, not the org limit, so if they send a 15MB message between themselves, the message will be delivered.
the Org limit only applies to anonymous messages. If the org limits and the connector limits are the same then its fine. If however, the org limit is 10 MB and the connector limit is 35MB, then a 15MB message from the internet will be rejected.
Make sense?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 22%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELL%3C/text%3E%3C/svg%3E)
Hi @Mikhail Firsov ,
According to my research, the setting value of the maximum receive message size in the receive connector and organization transmission settings is by design. The setting recommended in the official article is because the actual receiving externally sent mail, the mailbox size limit of the receive connector is first verified. If the mailbox size meets the requirements, it will then be verified whether it meets the organizational limit. If not, the email will be rejected. In order to that your organization, server, and connector limits are configured in a way that minimizes any unnecessary processing of messages. You could keeping the limits the same in all location. Later, if you want to restrict some specific emails, you could do so by creating transport rules.
----------
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.