Re: Increasing mail_max_userip_connections and sys resources
On 15/1/2016 10:05 μμ, Joseph Tam wrote: ... Pragmatically, I set it high enough so that it meets the need of most clients, then deal with problems on a case by case basis ... Thank you very much Joseph for your quite useful advice and experience. Are you monitoring using "doveadm who"? 4. How can we set a different value to this directive for webmail connections (coming from 127.0.0.1, ::1)? I don't know if there is another method, but at the very least, you can start another dovecot instance with another config file that does specific things for 127.0.0.1. I tried using a remote block for webmail, but without success yet. You can see my other thread (asking on "remote" | "local" blocks). All the best, Nick
Re: Increasing mail_max_userip_connections and sys resources
In our low-traffic server we have always kept the default value for IMAP mail_max_userip_connections (10). The server has been working fine! (Thank you Timo for this!) However, recently we have been having: Maximum number of connections from user+IP exceeded errors both for IMAP and webmail users. Thus, we have now changed the value to 100. The questions: 1.Might this lead to overloading the server? 2. Could another dovecot setting prevent the above setting from being applied (e.g. due to connections exhaustion), i.e. should we also change other setting(s)? 3. What should we take into account when deciding the value for mail_max_userip_connections? It depends on how many users you have, the number of simultaneous clients they use, and the #connections each client opens. Potentially, you could exhaust connection limits -- they usually don't max out memory or CPU or disk since most of the connections are idle. (There is a new IDLE hibernate feature that might help to minimize memory use by idle imap worker processes.) I haven't found a value that gets rid of users running into connection limits. If I set it to n, the next day someone will choke on n+1. This is a snapshot connections (count : #connections) which shows the typical decay: 25 1 14 2 14 3 7 4 9 5 1 6 2 7 1 8 1 10 Occasionally, some user's connection demand will spike and exceed the limit because - they started yat another client - they started global operation like searching - they're using a network that support roaming IP (I've tracked some users across the city on their bus ride.) Pragmatically, I set it high enough so that it meets the need of most clients, then deal with problems on a case by case basis (e.g. get them to lower their mail client's idle connection setting, or asking them to reduce the number of active clients by logging out). It also prevents what this setting was designed for: connection starvation by busy/buggy clients. Usually, hitting the limit doesn't produce problems as mail clients are smart enough to close idle connections or reuse them. If you only got a dozen users, setting it to 100 is feasible. If you got 1000 users, probably not. 4. How can we set a different value to this directive for webmail connections (coming from 127.0.0.1, ::1)? I don't know if there is another method, but at the very least, you can start another dovecot instance with another config file that does specific things for 127.0.0.1. Joseph Tam
Re: Increasing mail_max_userip_connections and sys resources
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 15 Jan 2016, Nikolaos Milas wrote: I tried adding "process_limit = 2048" to imap: protocol imap { imap_client_workarounds = "delay-newmail" mail_plugins = quota imap_quota notify replication process_limit = 2048 this setting belongs to the service imap { section. See the output of doveconf -a - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBVpiy2Hz1H7kL/d9rAQK7BQgAv/kupyXWS6I+FOxKt1ougPYK0rdPRae9 FSVR1Lsp9dCQ0LBU2S6VHC3ZhJIaMm92N4UxjYjSXblj1irqGwuj/F2vgvcriTkG R291zwT0MwwrSUu7ZTrqKeuvNFYY3cljwOZieTJi5Ozk8vKp7d8hIvHRjTQXeDah 7V0oHlqXAR/zLMc7bT4PZzTTaRxNAfGKTTzuh3jMuOjn0Ne91CQjNSgrUo6F1hMl pz0ZNR3fns7ZGI//NXNgkdFqsP3LcH8bGYgBdpYNQZCgo+mYi+8ziB0a8ba6RMHU CkwcpwZZuAoUaEA2XXLKgNcv5rjwgQAaEHwZATLLBwOVzlv8/LZ3Mw== =NijQ -END PGP SIGNATURE-
Re: Increasing mail_max_userip_connections and sys resources
On 15/1/2016 10:50 πμ, Steffen Kaiser wrote: this setting belongs to the service imap { section. Oh, this is it! It works now! Thanks, Steffen. All the best, Nick
Increasing mail_max_userip_connections and sys resources
In our low-traffic server we have always kept the default value for IMAP mail_max_userip_connections (10). The server has been working fine! (Thank you Timo for this!) However, recently we have been having: Maximum number of connections from user+IP exceeded errors both for IMAP and webmail users. Thus, we have now changed the value to 100. The questions: 1.Might this lead to overloading the server? 2. Could another dovecot setting prevent the above setting from being applied (e.g. due to connections exhaustion), i.e. should we also change other setting(s)? 3. What should we take into account when deciding the value for mail_max_userip_connections? 4. How can we set a different value to this directive for webmail connections (coming from 127.0.0.1, ::1)? The config follows for your reference (I've only changed the real domain name). Thanks in advance for your help. Nick - # doveconf -n # 2.2.18: /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.8 # OS: Linux 2.6.18-407.el5 x86_64 CentOS release 5.11 (Final) auth_mechanisms = plain login auth_verbose = yes disable_plaintext_auth = no dsync_remote_cmd = ssh -l root vmail1.example.com doveadm dsync-server -u%u mail_gid = 500 mail_location = maildir:~/Maildir/ mail_plugins = quota mail_log notify replication mail_uid = 500 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate passdb { args = /etc/dovecot/dovecot-passdb-ldap.conf driver = ldap } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_fields = uid box msgid size mail_replica = remote:vm...@vmail1.example.com quota = maildir:User quota quota_rule = *:storage=5G quota_rule2 = Trash:storage=+3%% quota_warning = storage=75%% quota-warning 75 %u quota_warning2 = storage=90%% quota-warning 90 %u } protocols = imap pop3 service aggregator { fifo_listener replication-notify-fifo { user = vmail } unix_listener replication-notify { user = vmail } } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-master { group = vmail mode = 0660 user = vmail } user = root } service imap-login { service_count = 1 vsz_limit = 64 M } service imap { executable = imap postlogin } service pop3-login { service_count = 1 vsz_limit = 64 M } service pop3 { executable = pop3 postlogin } service postlogin { executable = script-login -d rawlog } service quota-warning { executable = script /opt/mail1.sh unix_listener quota-warning { user = vmail } user = vmail } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0600 } } ssl_ca =
Re: Increasing mail_max_userip_connections and sys resources
On 14/1/2016 7:19 μμ, Nikolaos Milas wrote: 2. Could another dovecot setting prevent the above setting from being applied (e.g. due to connections exhaustion), i.e. should we also change other setting(s)? An associated question: I tried adding "process_limit = 2048" to imap: protocol imap { imap_client_workarounds = "delay-newmail" mail_plugins = quota imap_quota notify replication process_limit = 2048 mail_max_userip_connections = 100 } but this leads to: # doveconf -n # 2.2.18: /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.8 doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 30: Unknown setting: process_limit doveconf: Error: managesieve-login: dump-capability process returned 89 doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 30: Unknown setting: process_limit However, here: http://wiki.dovecot.org/Services#imap.2C_pop3.2C_managesieve I read: imap, pop3, managesieve process_limit defaults to 1024, which means that the number of simultaneous IMAP (or POP3 or ManageSieve) connections is limited by this setting. If you expect more connections, increase this value. So, I was not expecting this error and can't see what's the problem. Why "process_limit" is an unknown setting? What am I doing wrong? Please clarify! Thanks, Nick