Message Size Limits

In most organizations, letting users send or receive messages with no limits on sizes can result in abuse of the messaging system. Before you know it, users might be sending 1GB MPEG files back and forth to one another. However, the other side of this equation is that there are actually situations in which large messages need to be sent in order to simplify file transfers.

There are a number of ways we can limit large message transfers or prevent users from sending unauthorized large files. This includes applying global message size limits, limiting message sizes of typical users, limiting message sizes sent via send and receive connectors, and even stopping messages using transport rules.

Applying Global Message Size Limits

Exchange 2007 limits the maximum size of incoming and outgoing messages that a user can send to 10MB. This value has been determined based on analysis of many large customers' environments as well as best practices. The global message transport values are not visible via the EMC and must be viewed using the EMS cmdlet Get-TransportConfig. Here is an output of the Get-TransportConfig cmdlet with no parameters or formatting options:

 Get-TransportConfig ClearCategories                : True GenerateCopyOfDSNFor           : {} InternalSMTPServers            : {192.168.254.19, 192.168.254.102} JournalingReportNdrTo          : <> MaxDumpsterSizePerStorageGroup : 18MB MaxDumpsterTime                : 7.00:00:00 MaxReceiveSize                 : 10MB MaxRecipientEnvelopeLimit      : unlimited MaxSendSize                    : 10MB TLSReceiveDomainSecureList     : {} TLSSendDomainSecureList        : {} VerifySecureSubmitEnabled      : False VoicemailJournalingEnabled     : True Xexch50Enabled                 : True 

You can use the Set-TransportConfig cmdlet to change these properties. Let's say that you want to change the default size of 10MB for inbound (MaxReceiveSize) and outbound (MaxSendSize) messages to 25MB; you would use the following cmdlet to do this:

 Set-TransportConfig -MaxReceiveSize:25MB -MaxSendSize:25MB 

Applying Message Size Limits Mailbox by Mailbox

You can also limit the maximum message size sent or received by an individual mailbox. The easiest way to do this for a single mailbox is to use the EMC and locate the mailbox you wish to change in the Recipient Configuration work center. On the mailbox's Mail Flow Settings property page, you need to locate the Message Size Restrictions option, highlight that option, and click the Properties button. This will display the Message Size Restrictions dialog box shown in Figure 9.3.

Figure 9.3: Applying message size restrictions for a single mailbox

In the example in Figure 9.3, we have limited this one user to a maximum sending and receiving message size of 5MB. This is useful if you have to override the message size limits of a single mailbox. However, in a larger organization, you may have large groups of people that require their limits be different than the global defaults. Once again, the EMS comes to the rescue.

Let's say that we have a mail-enabled group called Undergraduate Students and we want to override the default limits and restrict their maximum incoming and outgoing message sizes to 5MB. We need to use the Get-DistributionGroupMember cmdlet to retrieve the objects that are members of that particular distribution group. We will pipe the output of that cmdlet to the Set-Mailbox cmdlet. Here is an example that will accomplish this task:

 Get-DistributionGroupMember "Undergraduate Students" | Set-Mailbox -MaxSendSize:5MB -MaxReceiveSize:5MB 

That was pretty simple to do! Now if one of our users attempts to send a message larger than the permitted size, they will receive a non-delivery report indicating that the message could not be delivered. An example of such as message is shown in Figure 9.4.

Figure 9.4: Non-delivery report indicating that a message is too large to be delivered

Restricting Internet Message Sizes

You might also want to restrict the size of messages that are sent to or received from the Internet. By default, your global default limits will be used for Internet-bound messages and messages received from the Internet. However, you can specify message size restrictions on the connectors that are used to send and receive messages into your organization from outside of the organization. The maximum message sizes that a send or receive connector can process are not configurable through the EMC; you must use the EMS. For receive connectors that are used to accept inbound mail from the Internet, you can change the default limit (10MB) by using the Set-ReceiveConnector cmdlet.

You can also use the Get-ReceiveConnector cmdlet to retrieve information about the receive connectors limits. Here is an example in which the receive connectors are enumerated:

 Get-ReceiveConnector  | FT name,*size* Name                MaxHeaderSize     MaxMessageSize     SizeEnabled ----                -------------     --------------     ----------- Default HNLHT01    64KB               10MB                  True Client HNLHT01     64KB               10MB                  True 

To change the maximum message size (MaxMessageSize) property on the receive connector called Default HNLHT01, you would use the following command:

 Set-ReceiveConnector "Default HNLHT01" -MaxMessageSize:5MB 

You can change the send connector size limits (MaxMessageSize) in the exact same way using the Set-SendConnector cmdlet.

While having the ability to tune the send and receive connectors is a good feature, if you have implemented additional SMTP message hygiene security using an SMTP gateway or the Exchange Edge Transport server, you should restrict inbound message sizes at that point instead. This will prevent messages that are larger than your Internet limits to actually even reach the Exchange Hub Transport servers.

Limiting Maximum Attachment Sizes

We have not introduced transport rules yet in this book other than just to mention that they exist and that they are applied by the Hub Transport server role. However, there is a condition that you can use on a transport rule that would be useful in catching messages with attachments larger than you will permit.

Let's consider as an example a situation in which an organization's information policy does not allow messages that are received from the Internet to have any single attachment larger than 5MB. You can define a transport rule that will catch these messages and drop them. Transport rules are found in the Transport Rule section of the Organization Configuration work center under the Hub Transport subcontainer.

When you launch the New Transport Rule Wizard, on the Conditions page (shown in Figure 9.5), you select two conditions. The first condition is "from users inside or outside the corporation" and the second is "when the size of any attachment is greater than or equal to limit."

Once these are selected and show up in the Step 2: Edit the Rule Description box, you need to ensure that the rule applies to messages sent from outside the corporation by clicking the value that looks like a hyperlink. This value defaults to Inside. You also need to click on the attachment size value and change that to the maximum attachment size; the default value is 0KB.

Figure 9.5: Defining a condition that will reject messages with attachments larger than 5MB

On the Actions page, you can then select the action(s) to take when the condition is met. These actions might include just dropping the message or returning an undeliverable report back to the sender informing them of the problem. An example of this is shown in Figure 9.6.

Figure 9.6: Defining an action to send back a customized report of undeliverable mail message