v1.1 has now:
# Maximum number of connections allowed for a user. The limits are enforced
# separately for IMAP and POP3 connections, so you can move this setting
# inside protocol {} to have separate settings for them. NOTE: The user names
# are compared case-sensitively, so make sure your userdb returns usernames
# always using the same casing so users can't bypass this limit!
#mail_max_user_connections = 10
Is 10 a good default?
Currently new connections just fail authentication with a "Maximum
number of connections exceeded" error message. v2.0 hopefully will
instead disconnect the oldest idling connection with IMAP.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20070701/f6d047e8/attachment-0002.bin>
Timo Sirainen, on 6/30/2007 6:43 PM, said the following:> v1.1 has now: > > # Maximum number of connections allowed for a user. The limits are enforced > # separately for IMAP and POP3 connections, so you can move this setting > # inside protocol {} to have separate settings for them. NOTE: The user names > # are compared case-sensitively, so make sure your userdb returns usernames > # always using the same casing so users can't bypass this limit! > #mail_max_user_connections = 10 > > Is 10 a good default?I'm assuming this is per IP? In Courier, there were two settings: MAXDAEMONS = 40 (total number of IMAP connections the server would accept) and MAXPERIP = 4 (number of connections per IP) The values above were the defaults. I think it would be a good thing to have both, *and* to allow for setting the MAXPERIP on both a per user and global basis (if a per user value is not provided it uses the global default). Later, adding the ability to set them both on a per domain basis, and the MAXPERIP on a per domain/user basis would be even better...> Currently new connections just fail authentication with a "Maximum > number of connections exceeded" error message. v2.0 hopefully will > instead disconnect the oldest idling connection with IMAP.Very sensible - much better than just refusing the connection... -- Best regards, Charles
On Sat, June 30, 2007 7:50 pm, Charles Marcus said:> Timo Sirainen, on 6/30/2007 7:25 PM, said the following: >> On Sat, 2007-06-30 at 19:11 -0400, Charles Marcus wrote: >>> Timo Sirainen, on 6/30/2007 6:43 PM, said the following: >>>> v1.1 has now: >>>> >>>> # Maximum number of connections allowed for a user. The limits are enforced >>>> # separately for IMAP and POP3 connections, so you can move this setting >>>> # inside protocol {} to have separate settings for them. NOTE: The user names >>>> # are compared case-sensitively, so make sure your userdb returns usernames >>>> # always using the same casing so users can't bypass this limit! >>>> #mail_max_user_connections = 10 >>>> >>>> Is 10 a good default? >>> I'm assuming this is per IP? >> >> No. I'm not sure if it should. Perhaps. It's mostly intended to prevent >> unintentional abuse by stupid clients, so having 3+ thunderbirds open in >> different locations with each having 5 connections should probably be >> allowed. > > Ok - you said 10 was the default - but then said that 15 (3 TBirds x 5) > connections should be allowed, which is more than 10... so... you just > meant that one could accommodate that by upping this limit to 15?I like 15. That way it is high and isn't as likely to affect existing installations unless they manually set it to something lower. Or if you want to have a separate default for POP vs IMAP, I'd use 5 for POP and 15 for IMAP.
On Sun, 2007-07-01 at 01:43 +0300, Timo Sirainen wrote:> #mail_max_user_connections = 10Changed: protocol imap { # Maximum number of IMAP connections allowed for a user from each IP address. # NOTE: The username is compared compared case-sensitively. #mail_max_userip_connections = 10 } protocol pop3 { # Maximum number of POP3 connections allowed for a user from each IP address. # NOTE: The username is compared compared case-sensitively. #mail_max_userip_connections = 3 } -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20070702/33de2bcc/attachment-0002.bin>