It appears that when running Dovecot as a proxy-only box with "login_process_per_connection = no", it ignores the value of login_max_logging_users. And in Linux, since each socket requires a file descriptor, if you don't increase the maximum number of open files that each process is allowed to have open, imap-login will reach the 1024 open file limit and start logging the following errors: imap-login: socket() failed: Too many open files imap-login: Internal login failure: user=... imap-login: socketpair() failed: Too many open files Here are the settings I am testing with: login_process_per_connection = no login_max_logging_users = 225 login_processes_count = 20 login_max_processes_count = 30 And here the output of "lsof -nu dovecot" when one of the imap-login processes reaches its open file limit. In this case PID 20087 had 362 users connected, but it should have allowed no more than 225 users, which would have kept it from reaching the open file limit: (sent directly to Timo since it was too big to post to the list) Also, I am running CVS dovecot-20060725. Bill
On Wed, 2006-08-02 at 23:20 -0400, Bill Boebel wrote:> It appears that when running Dovecot as a proxy-only box with "login_process_per_connection = no", it ignores the value of login_max_logging_users.Not really. It does enforce the maximum users _logging in_ limit, but for that isn't counted SSL proxies or other proxies.. I rewrote this in CVS. There's now login_max_connections setting which works pretty much how expected. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 191 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20060806/ac73b346/attachment.bin>
On Sun, August 6, 2006 4:40 pm, Timo Sirainen <tss at iki.fi> said:> On Wed, 2006-08-02 at 23:20 -0400, Bill Boebel wrote: >> It appears that when running Dovecot as a proxy-only box with >> "login_process_per_connection = no", it ignores the value of >> login_max_logging_users. > > Not really. It does enforce the maximum users _logging in_ limit, but > for that isn't counted SSL proxies or other proxies.. I rewrote this in > CVS. There's now login_max_connections setting which works pretty much > how expected.Ahh, ok. I will give it a try. Thanks, Bill
On Sun, August 6, 2006 4:40 pm, Timo Sirainen <tss at iki.fi> said:> On Wed, 2006-08-02 at 23:20 -0400, Bill Boebel wrote: >> It appears that when running Dovecot as a proxy-only box with >> "login_process_per_connection = no", it ignores the value of >> login_max_logging_users. > > Not really. It does enforce the maximum users _logging in_ limit, but > for that isn't counted SSL proxies or other proxies.. I rewrote this in > CVS. There's now login_max_connections setting which works pretty much > how expected.This is working great, fyi. Bill