On 2021-06-02, Cameron Simpson <c...@cskk.id.au> wrote: > On 01Jun2021 20:43, Stuart Henderson <s...@spacehopper.org> wrote: >>On 2021-06-01, Cameron Simpson <c...@cskk.id.au> wrote: >>> If I had TCP keep alive turned on, both ends might tidy themselves up. >>> I can't enable that on the clients (various mail readers) or, >>> apparently, on the server configuration. I can't do it in PF because PF >>> just copies packets. I can't seem to do it in relayd either, though that >>> seems the obvious way to intercept the connection for this purpose. >> >>It looks like courier-imap does enable SO_KEEPALIVE if available. > > Hmm. Ok. I wonder how recent that is? I have 5.0.6 IIRC, and current is > 5.1.something.
A long time - it was there in the initial git commit when the files were imported from svn, certainly before 5.0.6. https://github.com/svarshavchik/courier-libs/blame/142f42378608e593eb36ceb33895db99948427aa/tcpd/tcpd.c#L1238 >>$ grep . /proc/sys/net/ipv4/tcp_keepalive_* >>/proc/sys/net/ipv4/tcp_keepalive_intvl:75 >>/proc/sys/net/ipv4/tcp_keepalive_probes:9 >>/proc/sys/net/ipv4/tcp_keepalive_time:7200 >> >>7200s (2h) initially, then every 75 seconds. (OpenBSD default times are >>long too; 14400 "slowhz" intervals = also 2h). > > Ah. A long time indeed. Yes, winding these down will help - the above > times are in the same magnitude as the time required to hit the > connection limits. Yes - set in the days before stateful firewalls and NAT devices with limited memory were more common, so the only thing they really needed to protect against was connections building up from clients that had crashed/powered off or with some broken network parhs.
