Version: 0.16

Rate limiting

Rate limiting is a strategy to limit network traffic by capping how often a given action (for example, a login attempt) can be repeated within a time window. Rate limiting helps mitigate abuse such as brute-force attacks and reduces load on the mail server.

IMAP/POP3

IMAP and POP3 rate-limit fields live on the Imap singleton (found in the WebUI under Settings › Network › IMAP).

Concurrency

The maximum number of concurrent IMAP and POP3 connections a user may hold is set by maxConcurrent. The default is 16; lowering it, for example to four connections per user:

{
  "maxConcurrent": 4
}

Requests

The per-minute request cap is set by maxRequestRate, which takes a Rate value of count and period. The default is 2000 requests per minute.

For example, to allow 2000 requests per minute:

{
  "maxRequestRate": {"count": 2000, "period": "1m"}
}

JMAP

Refer to the JMAP Protocol limits page for details on how JMAP request limits and concurrency are configured on the Jmap singleton.

IMAP/POP3​

Concurrency​

Requests​

JMAP​

IMAP/POP3

Concurrency

Requests

JMAP