Stuart Henderson wrote:
You can restrict sessions per IP very easily with PF.
Yes, Stuart,
and no. It is never good engineering practice to turn two knobs at the
same time. Firstly, when opening a new folder, courier-imap honours its
limitation gracefully. Second, it would limit the communication channel
between daemon and client. An innocuous 'go to another folder' or even
'stop search' (agree, it doesn't work as of now, but it should!) would
be dropped. It would still not deliver search results, because it would
spawn N identical searches (N defined by pf). I could try, and I would
as well have to look into it myself, because I don't know how long the
timed-out earlier requests would still count as 'link', since the client
seems to consider them dead after Thunderbirds 60-second mailnews.timeout.
Now, thinking of it, if you don't mind following the line of arguments:
even worse:
- the links are considered 'timed-out', then pf doesn't limit the
number of searches
- the links are considered 'active by pf, then any request by the
client of moving away and going to another folder is dropped
Couldn't be worse, could it!?
What bugs me as well: I have been discussing the matter on the
courier-imap list, but nobody answered, and the upstream writer never
wrote anything but that line of 'courier-imap does not fork'. Over the
years, I have entrusted by IMAP-clients to courier-imap thinking it was
well-written. I start to have my doubts.
Can anyone with dovecot on a very tiny box confirm or deny that it acts
differently? One needs to have more mails in a box than the daemon can
search within the 60 seconds time-out. Then, in the status bar of
Thunderbird, it will say something like 'Connecting to imap.example.com
...' once per minute. Let it go for some minutes, and then observe the
resource usage on the server.
If dovecot is fine, I'll change immediately. :)
Uwe
