Apply the following TCP/IP tunings to all mail servers. These may also be appropriate for LDAP servers as well. These values of these settings are geared towards high speed networks and lots of traffic to and from the servers.
# ** Performance related **
/usr/sbin/ndd -set /dev/tcp tcp_recv_hiwat 65536
/usr/sbin/ndd -set /dev/tcp tcp_xmit_hiwat 65536
/usr/sbin/ndd -set /dev/tcp tcp_conn_req_max_q 4096
/usr/sbin/ndd -set /dev/tcp tcp_conn_req_max_q0 8192
/usr/sbin/ndd -set /dev/tcp tcp_smallest_anon_port 8192
/usr/sbin/ndd -set /dev/tcp tcp_keepalive_interval 30000
/usr/sbin/ndd -set /dev/tcp tcp_naglim_def 1
# investigate this one
#/usr/sbin/ndd -set /dev/tcp tcp_ip_abort_cinterval 10000
# ** Security related **
# prevent address mask queries
/usr/sbin/ndd -set /dev/ip ip_respond_to_address_mask_broadcast 0
/usr/sbin/ndd -set /dev/ip ip_respond_to_echo_broadcast 0
# prevent smurf dos attacks
/usr/sbin/ndd -set /dev/ip ip_forward_directed_broadcasts 0
/usr/sbin/ndd -set /dev/ip ip_strict_dst_multihoming 1
/usr/sbin/ndd -set /dev/ip ip_forwarding 0
/usr/sbin/ndd -set /dev/ip ip_forward_src_routed 0
/usr/sbin/ndd -set /dev/ip ip_respond_to_timestamp 0
/usr/sbin/ndd -set /dev/ip ip_respond_to_timestamp_broadcast 0
# disable sending and accepting of ip redirects
/usr/sbin/ndd -set /dev/ip ip_ignore_redirect 1
# disable ICMP redirect messages
/usr/sbin/ndd -set /dev/ip ip_send_redirects 0
# prevent tcp/ip sequence prediction
/usr/sbin/ndd -set /dev/tcp tcp_strong_iss 2
# ** IPv6 security related **
# don't accept source routed packets on IPv6
/usr/sbin/ndd -set /deb/ip ip6_forward_src_routed 0
# disable the routing abilities for IPv6
/usr/sbin/ndd -set /dev/ip ip6_forwarding 0
/usr/sbin/ndd -set /dev/ip ip6_respond_to_echo_multicast 0
# disable ICMP redirect messages for IPv6
/usr/sbin/ndd -set /dev/ip ip6_send_redirects 0
# disable sending and accepting of ip redirects for IPv6
/usr/sbin/ndd -set /dev/ip ip6_ignore_redirect 1
#
# Solaris guide says not to set lower than 60 seconds
# should investigate further, but the following has worked
#
/usr/sbin/ndd -set /dev/tcp tcp_time_wait_interval 15000
#
#
# Set according to local specifics.
#/usr/sbin/ndd -set /dev/tcp tcp_mss_def_ipv4 1460