Ken A
2008-Jan-22 13:58 UTC
[Dovecot] login_processes_count & login_max_processes_count question
re:> # Maximum number of login processes to create. The listening process count > # usually stays at login_processes_count, but when multiple users start logging > # in at the same time more extra processes are created. To prevent fork-bombing > # we check only once in a second if new processes should be created - if all > # of them are used at the time, we double their amount until the limit set by > # this setting is reached. > #login_max_processes_count = 128If the server is attacked by a password guessing routine, or just gets very busy, and login process count reaches 128, will the created processes ever get killed, or will dovecot continue to run 128 processes until it's restarted? Thanks, Ken -- Ken Anderson Pacific.Net
Timo Sirainen
2008-Jan-31 15:20 UTC
[Dovecot] login_processes_count & login_max_processes_count question
On Tue, 2008-01-22 at 07:58 -0600, Ken A wrote:> re: > > > # Maximum number of login processes to create. The listening process count > > # usually stays at login_processes_count, but when multiple users start logging > > # in at the same time more extra processes are created. To prevent fork-bombing > > # we check only once in a second if new processes should be created - if all > > # of them are used at the time, we double their amount until the limit set by > > # this setting is reached. > > #login_max_processes_count = 128 > > If the server is attacked by a password guessing routine, or just gets > very busy, and login process count reaches 128, will the created > processes ever get killed, or will dovecot continue to run 128 processes > until it's restarted?The "wanted process count" is decreased by one every second if there are non-busy login processes. Whenever a user logs in, Dovecot just doesn't create a new login process if the current count is larger than wanted count. So the count does eventually drop down. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20080131/1ac415b5/attachment-0002.bin>