dovecot - Jan 2016 - Increasing mail_max_userip_connections and sys resources

In our low-traffic server we have always kept the default value for IMAP 
mail_max_userip_connections (10).

The server has been working fine! (Thank you Timo for this!)

However, recently we have been having:

    Maximum number of connections from user+IP exceeded

errors both for IMAP and webmail users.

Thus, we have now changed the value to 100.

The questions:

1.Might this lead to overloading the server?
2. Could another dovecot setting prevent the above setting from being 
applied (e.g. due to connections exhaustion), i.e. should we also change 
other setting(s)?
3. What should we take into account when deciding the value for 
mail_max_userip_connections?
4. How can we set a different value to this directive for webmail 
connections (coming from 127.0.0.1, ::1)?

The config follows for your reference (I've only changed the real domain 
name).

Thanks in advance for your help.
Nick

-----------------------------------------------------------------------------

# doveconf -n
# 2.2.18: /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.8
# OS: Linux 2.6.18-407.el5 x86_64 CentOS release 5.11 (Final)
auth_mechanisms = plain login
auth_verbose = yes
disable_plaintext_auth = no
dsync_remote_cmd = ssh -l root vmail1.example.com doveadm dsync-server -u%u
mail_gid = 500
mail_location = maildir:~/Maildir/
mail_plugins = quota mail_log notify replication
mail_uid = 500
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date index ihave duplicate
passdb {
   args = /etc/dovecot/dovecot-passdb-ldap.conf
   driver = ldap
}
plugin {
   mail_log_events = delete undelete expunge copy mailbox_delete 
mailbox_rename
   mail_log_fields = uid box msgid size
   mail_replica = remote:vmail at vmail1.example.com
   quota = maildir:User quota
   quota_rule = *:storage=5G
   quota_rule2 = Trash:storage=+3%%
   quota_warning = storage=75%% quota-warning 75 %u
   quota_warning2 = storage=90%% quota-warning 90 %u
}
protocols = imap pop3
service aggregator {
   fifo_listener replication-notify-fifo {
     user = vmail
   }
   unix_listener replication-notify {
     user = vmail
   }
}
service auth {
   unix_listener /var/spool/postfix/private/auth {
     group = postfix
     mode = 0660
     user = postfix
   }
   unix_listener auth-master {
     group = vmail
     mode = 0660
     user = vmail
   }
   user = root
}
service imap-login {
   service_count = 1
   vsz_limit = 64 M
}
service imap {
   executable = imap postlogin
}
service pop3-login {
   service_count = 1
   vsz_limit = 64 M
}
service pop3 {
   executable = pop3 postlogin
}
service postlogin {
   executable = script-login -d rawlog
}
service quota-warning {
   executable = script /opt/mail1.sh
   unix_listener quota-warning {
     user = vmail
   }
   user = vmail
}
service replicator {
   process_min_avail = 1
   unix_listener replicator-doveadm {
     mode = 0600
   }
}
ssl_ca = </etc/pki/tls/certs/chain-1552.pem
ssl_cert = </etc/pki/tls/certs/cert-1552.pem
ssl_key = </etc/pki/tls/private/key-1552.pem
ssl_protocols = !SSLv2 !SSLv3
syslog_facility = local1
userdb {
   args = /etc/dovecot/dovecot-usrdb-ldap.conf
   driver = ldap
}
protocol imap {
   imap_client_workarounds = delay-newmail
   mail_max_userip_connections = 100
   mail_plugins = quota imap_quota notify replication
}
protocol pop3 {
   mail_max_userip_connections = 3
   mail_plugins = quota notify replication
   pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
   pop3_uidl_format = %08Xu%08Xv
}
protocol lda {
   auth_socket_path = /var/run/dovecot/auth-master
   info_log_path    log_path    mail_plugins = quota notify replication
   postmaster_address = sysadmin at example.com
   sendmail_path = /usr/lib/sendmail
}

------------------------------------------------------------------------------------

On 14/1/2016 7:19 ??, Nikolaos Milas wrote:
> 2. Could another dovecot setting prevent the above setting from being 
> applied (e.g. due to connections exhaustion), i.e. should we also 
> change other setting(s)? 
An associated question:

I tried adding "process_limit = 2048" to imap:

    protocol imap {
       imap_client_workarounds = "delay-newmail"
       mail_plugins = quota imap_quota notify replication
       process_limit = 2048
       mail_max_userip_connections = 100
    }

but this leads to:

    # doveconf -n

    # 2.2.18: /etc/dovecot/dovecot.conf
    # Pigeonhole version 0.4.8
    doveconf: Fatal: Error in configuration file
    /etc/dovecot/dovecot.conf line 30: Unknown setting: process_limit
    doveconf: Error: managesieve-login: dump-capability process returned 89
    doveconf: Fatal: Error in configuration file
    /etc/dovecot/dovecot.conf line 30: Unknown setting: process_limit

However, here: 
http://wiki.dovecot.org/Services#imap.2C_pop3.2C_managesieve I read:

    imap, pop3, managesieve

    process_limit defaults to 1024, which means that the number of
    simultaneous IMAP (or POP3 or ManageSieve) connections is limited by
    this setting. If you expect more connections, increase this value.

So, I was not expecting this error and can't see what's the problem.

Why "process_limit" is an unknown setting? What am I doing wrong?

Please clarify!

Thanks,
Nick

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 15 Jan 2016, Nikolaos Milas wrote:
> I tried adding "process_limit = 2048" to imap:
>
>   protocol imap {
>      imap_client_workarounds = "delay-newmail"
>      mail_plugins = quota imap_quota notify replication
>      process_limit = 2048
this setting belongs to the

service imap {

section. See the output of doveconf -a

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEVAwUBVpiy2Hz1H7kL/d9rAQK7BQgAv/kupyXWS6I+FOxKt1ougPYK0rdPRae9
FSVR1Lsp9dCQ0LBU2S6VHC3ZhJIaMm92N4UxjYjSXblj1irqGwuj/F2vgvcriTkG
R291zwT0MwwrSUu7ZTrqKeuvNFYY3cljwOZieTJi5Ozk8vKp7d8hIvHRjTQXeDah
7V0oHlqXAR/zLMc7bT4PZzTTaRxNAfGKTTzuh3jMuOjn0Ne91CQjNSgrUo6F1hMl
pz0ZNR3fns7ZGI//NXNgkdFqsP3LcH8bGYgBdpYNQZCgo+mYi+8ziB0a8ba6RMHU
CkwcpwZZuAoUaEA2XXLKgNcv5rjwgQAaEHwZATLLBwOVzlv8/LZ3Mw==NijQ
-----END PGP SIGNATURE-----