diff --git a/server/adminserver/api/v1/system/mail.go b/server/adminserver/api/v1/system/mail.go
index d42f08a8..80000edf 100644
--- a/server/adminserver/api/v1/system/mail.go
+++ b/server/adminserver/api/v1/system/mail.go
@@ -1,6 +1,7 @@
 package system
 
 import (
+	"encoding/json"
 	"f5"
 	"jccommon"
 	"main/common"
@@ -217,6 +218,18 @@ func (this *MailApi) EditMail(c *gin.Context) {
 		return
 	}
 
+	if !this.CheckAttachment(reqJson.Attachments, c) {
+		return
+	}
+
+	if data, err := json.Marshal(reqJson.Recipients); err != nil || len(data) > 0xFFFF {
+		c.JSON(http.StatusOK, gin.H{
+			"code":    2,
+			"message": "收件人过多",
+		})
+		return
+	}
+
 	var count int64 = 0
 	mail := new(system.Mail)
 	if f5.GetApp().GetOrmDb(constant.MAIL_DB).Table("t_mail").Take(mail, "mail_id = ?", reqJson.MailId).Count(&count); count < 1 {
@@ -227,10 +240,6 @@ func (this *MailApi) EditMail(c *gin.Context) {
 		return
 	}
 
-	if !this.CheckAttachment(reqJson.Attachments, c) {
-		return
-	}
-
 	nowDaySeconds := int32(f5.GetApp().GetRealSeconds())
 	mail.MailId = reqJson.MailId
 	mail.MailType = reqJson.MailType
@@ -316,6 +325,14 @@ func (this *MailApi) CheckAttachment(list []common.Attachment, c *gin.Context) b
 			})
 			return false
 		}
+
+		if item.ItemNum > 1000*10000 {
+			c.JSON(http.StatusOK, gin.H{
+				"code":    2,
+				"message": "item 数量不超过1000000 :" + q5.SafeToString(item.ItemId),
+			})
+			return false
+		}
 	}
 
 	return true