Re: Increasing mail_max_userip_connections and sys resources

2016-01-19 Thread Nikolaos Milas 

On 15/1/2016 10:05 μμ, Joseph Tam wrote:


...
Pragmatically, I set it high enough so that it meets the need of most
clients, then deal with problems on a case by case basis
...



Thank you very much Joseph for your quite useful advice and experience.

Are you monitoring using "doveadm who"?


4. How can we set a different value to this directive for webmail
connections (coming from 127.0.0.1, ::1)?


I don't know if there is another method, but at the very least, you
can start another dovecot instance with another config file that does
specific things for 127.0.0.1. 


I tried using a remote block for webmail, but without success yet.

You can see my other thread (asking on "remote" | "local" blocks).

All the best,
Nick

Re: Increasing mail_max_userip_connections and sys resources

2016-01-15 Thread Joseph Tam 



In our low-traffic server we have always kept the default value for IMAP
mail_max_userip_connections (10).

The server has been working fine! (Thank you Timo for this!)

However, recently we have been having:

   Maximum number of connections from user+IP exceeded

errors both for IMAP and webmail users.

Thus, we have now changed the value to 100.

The questions:

1.Might this lead to overloading the server?
2. Could another dovecot setting prevent the above setting from being
applied (e.g. due to connections exhaustion), i.e. should we also change
other setting(s)?
3. What should we take into account when deciding the value for
mail_max_userip_connections?


It depends on how many users you have, the number of simultaneous clients
they use, and the #connections each client opens.  Potentially, you could
exhaust connection limits --  they usually don't max out memory or CPU
or disk since most of the connections are idle.  (There is a new IDLE
hibernate feature that might help to minimize memory use by idle imap
worker processes.)

I haven't found a value that gets rid of users running into connection
limits.  If I set it to n, the next day someone will choke on n+1.  This is
a snapshot connections  (count : #connections) which shows the
typical decay:

 25 1
 14 2
 14 3
  7 4
  9 5
  1 6
  2 7
  1 8
  1 10

Occasionally, some user's connection demand will spike and exceed the limit 
because

- they started yat another client
- they started global operation like searching
- they're using a network that support roaming IP
(I've tracked some users across the city on their bus ride.)

Pragmatically, I set it high enough so that it meets the need of most
clients, then deal with problems on a case by case basis (e.g. get
them to lower their mail client's idle connection setting, or asking
them to reduce the number of active clients by logging out).  It also
prevents what this setting was designed for: connection starvation by
busy/buggy clients.  Usually, hitting the limit doesn't produce problems
as mail clients are smart enough to close idle connections or reuse them.

If you only got a dozen users, setting it to 100 is feasible.  If you
got 1000 users, probably not.


4. How can we set a different value to this directive for webmail
connections (coming from 127.0.0.1, ::1)?


I don't know if there is another method, but at the very least, you
can start another dovecot instance with another config file that does
specific things for 127.0.0.1.

Joseph Tam

Re: Increasing mail_max_userip_connections and sys resources

2016-01-15 Thread Steffen Kaiser 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, 15 Jan 2016, Nikolaos Milas wrote:


I tried adding "process_limit = 2048" to imap:

  protocol imap {
 imap_client_workarounds = "delay-newmail"
 mail_plugins = quota imap_quota notify replication
 process_limit = 2048


this setting belongs to the

service imap {

section. See the output of doveconf -a

- -- 
Steffen Kaiser

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEVAwUBVpiy2Hz1H7kL/d9rAQK7BQgAv/kupyXWS6I+FOxKt1ougPYK0rdPRae9
FSVR1Lsp9dCQ0LBU2S6VHC3ZhJIaMm92N4UxjYjSXblj1irqGwuj/F2vgvcriTkG
R291zwT0MwwrSUu7ZTrqKeuvNFYY3cljwOZieTJi5Ozk8vKp7d8hIvHRjTQXeDah
7V0oHlqXAR/zLMc7bT4PZzTTaRxNAfGKTTzuh3jMuOjn0Ne91CQjNSgrUo6F1hMl
pz0ZNR3fns7ZGI//NXNgkdFqsP3LcH8bGYgBdpYNQZCgo+mYi+8ziB0a8ba6RMHU
CkwcpwZZuAoUaEA2XXLKgNcv5rjwgQAaEHwZATLLBwOVzlv8/LZ3Mw==
=NijQ
-END PGP SIGNATURE-

Re: Increasing mail_max_userip_connections and sys resources

2016-01-15 Thread Nikolaos Milas 

On 15/1/2016 10:50 πμ, Steffen Kaiser wrote:


this setting belongs to the

service imap {

section.


Oh, this is it! It works now!

Thanks, Steffen.

All the best,
Nick

Increasing mail_max_userip_connections and sys resources

2016-01-14 Thread Nikolaos Milas 
In our low-traffic server we have always kept the default value for IMAP 
mail_max_userip_connections (10).


The server has been working fine! (Thank you Timo for this!)

However, recently we have been having:

   Maximum number of connections from user+IP exceeded

errors both for IMAP and webmail users.

Thus, we have now changed the value to 100.

The questions:

1.Might this lead to overloading the server?
2. Could another dovecot setting prevent the above setting from being 
applied (e.g. due to connections exhaustion), i.e. should we also change 
other setting(s)?
3. What should we take into account when deciding the value for 
mail_max_userip_connections?
4. How can we set a different value to this directive for webmail 
connections (coming from 127.0.0.1, ::1)?


The config follows for your reference (I've only changed the real domain 
name).


Thanks in advance for your help.
Nick

-

# doveconf -n
# 2.2.18: /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.8
# OS: Linux 2.6.18-407.el5 x86_64 CentOS release 5.11 (Final)
auth_mechanisms = plain login
auth_verbose = yes
disable_plaintext_auth = no
dsync_remote_cmd = ssh -l root vmail1.example.com doveadm dsync-server -u%u
mail_gid = 500
mail_location = maildir:~/Maildir/
mail_plugins = quota mail_log notify replication
mail_uid = 500
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date index ihave duplicate

passdb {
  args = /etc/dovecot/dovecot-passdb-ldap.conf
  driver = ldap
}
plugin {
  mail_log_events = delete undelete expunge copy mailbox_delete 
mailbox_rename

  mail_log_fields = uid box msgid size
  mail_replica = remote:vm...@vmail1.example.com
  quota = maildir:User quota
  quota_rule = *:storage=5G
  quota_rule2 = Trash:storage=+3%%
  quota_warning = storage=75%% quota-warning 75 %u
  quota_warning2 = storage=90%% quota-warning 90 %u
}
protocols = imap pop3
service aggregator {
  fifo_listener replication-notify-fifo {
user = vmail
  }
  unix_listener replication-notify {
user = vmail
  }
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
  }
  unix_listener auth-master {
group = vmail
mode = 0660
user = vmail
  }
  user = root
}
service imap-login {
  service_count = 1
  vsz_limit = 64 M
}
service imap {
  executable = imap postlogin
}
service pop3-login {
  service_count = 1
  vsz_limit = 64 M
}
service pop3 {
  executable = pop3 postlogin
}
service postlogin {
  executable = script-login -d rawlog
}
service quota-warning {
  executable = script /opt/mail1.sh
  unix_listener quota-warning {
user = vmail
  }
  user = vmail
}
service replicator {
  process_min_avail = 1
  unix_listener replicator-doveadm {
mode = 0600
  }
}
ssl_ca =

Re: Increasing mail_max_userip_connections and sys resources

2016-01-14 Thread Nikolaos Milas 

On 14/1/2016 7:19 μμ, Nikolaos Milas wrote:

2. Could another dovecot setting prevent the above setting from being 
applied (e.g. due to connections exhaustion), i.e. should we also 
change other setting(s)? 


An associated question:

I tried adding "process_limit = 2048" to imap:

   protocol imap {
  imap_client_workarounds = "delay-newmail"
  mail_plugins = quota imap_quota notify replication
  process_limit = 2048
  mail_max_userip_connections = 100
   }

but this leads to:

   # doveconf -n

   # 2.2.18: /etc/dovecot/dovecot.conf
   # Pigeonhole version 0.4.8
   doveconf: Fatal: Error in configuration file
   /etc/dovecot/dovecot.conf line 30: Unknown setting: process_limit
   doveconf: Error: managesieve-login: dump-capability process returned 89
   doveconf: Fatal: Error in configuration file
   /etc/dovecot/dovecot.conf line 30: Unknown setting: process_limit

However, here: 
http://wiki.dovecot.org/Services#imap.2C_pop3.2C_managesieve I read:


   imap, pop3, managesieve

   process_limit defaults to 1024, which means that the number of
   simultaneous IMAP (or POP3 or ManageSieve) connections is limited by
   this setting. If you expect more connections, increase this value.

So, I was not expecting this error and can't see what's the problem.

Why "process_limit" is an unknown setting? What am I doing wrong?

Please clarify!

Thanks,
Nick