Hi, It turns out that the culprit with the pop/imap time outs was the iptables packet filtering. Turn this off and the intermittent time outs go away. Knocked myself out for two days and the fix took all of 10 seconds - that's the way it always seems to go. I don't know if my packet filtering ruleset is flawed or if iptables just can't handle the high demand of an email server for 600 people. Thanks to Mark for his quick, detailed response. Now I can go on holiday with some peace of mind! Best wishes, Tom Combs ------------- Begin Forwarded Message -------------
Date: Thu, 16 Dec 2004 09:06:31 -0800 (PST) From: Mark Crispin <[EMAIL PROTECTED]> To: Tom Combs <[EMAIL PROTECTED]> cc: [EMAIL PROTECTED] Subject: Re: Desperate : ipop timeouts MIME-Version: 1.0 X-NHMFL-MailScanner: Found to be clean X-MailScanner-MCPCheck: MCP-Clean, MCP-Checker (score=0, required 1) X-NHMFL-MailScanner-SpamCheck: not spam, SpamAssassin (score=-2.599, required 5, autolearn=not spam, BAYES_00 -2.60) X-MailScanner-From: [EMAIL PROTECTED] X-OSPREY-MailScanner: Found to be clean The connection timeouts that you are getting have nothing to do with ipop3d; they indicate that ipop3d has not even started! So, you were on the right track with increasing the number of connections allows in xinetd. Unfortunately, problems such as these require more investigation before any definite solution can be found. The first thing to determine is what your POP users "new mail check interval" is. Unlike IMAP, POP requires a new connection for each check of new mail. So, if the user is checking for new mail every second, a new POP session is opened every second! Opening a POP session is expensive; SSL/TLS encryption needs to be negotiated, login authentication needs to be negotiated, and the mailbox has to be processed. On top of that, [x]inetd limits the number of POP sessions that can be spawned each minute. So, take a look at the mail syslog and see if you can find any obvious users who are abusively checking for new mail at an excessive rate. Quite frankly, people who need faster than once/minute checking are badly in need of a life; and I personally advocate once every 3 minutes. Your server should be more than capable of the user load. I think that you are running up against [x]inetd. Also -- gently -- suggest to your users that they really should be using IMAP instead of POP. IMAP notifies of new mail within the session, so it isn't necessary with a good client (such as Pine) to re-open new sessions all the time. I can't speak intelligently about what either Outlook or Eudora may do with IMAP; it sufficies for me to know that Pine is better. :-) -- Mark -- http://staff.washington.edu/mrc Science does not emerge from voting, party politics, or public debate. Si vis pacem, para bellum. ------------- End Forwarded Message ------------- -- Tom Combs E-mail: [EMAIL PROTECTED] National High Magnetic Field Laboratory Phone: (850) 644-1657 1800 E. Paul Dirac Drive Tallahassee, FL 32310