Adam McDougall
2008-Jun-30 15:49 UTC
[Dovecot] No log for hitting login_max_processes_count?
I think today just due to increased use, my mail servers hit login_max_processes_count. It wasn't obvious what was happening, logins just weren't acting like they should and sometimes would get disconnected before given a prompt from the server. Something made me think to check if I had too many of certain dovecot processes and I found I had 128 imap-login processes on both servers, but nothing in the logs seemed to point that out for me. Should there be? It would have been alot easier to debug. Also, this seems to be from general use, doesn't seem like a DoS, so is this just a setting I should keep an eye on and increase it by reasonable amounts as needed? Thanks.
We ran into a similiar problem after migrating to Dovecot on Solaris with an LVS in front. Tweaking some config options cleared it up. Specifically turning on auth_cache: # Authentication Cache auth_cache_size = 10240 auth_cache_ttl = 18000 It went from hundreds of login processes down to 20-60. Bryan Polk Unix Systems Administrator Communication and Multimedia Services FAMU-FSU College of Engineering (850) 410-6164 bpolk at eng.fsu.edu On Mon, 30 Jun 2008, Adam McDougall wrote:> I think today just due to increased use, my mail servers hit > login_max_processes_count. It wasn't obvious what was happening, logins just > weren't acting like they should and sometimes would get disconnected before > given a prompt from the server. Something made me think to check if I had > too many of certain dovecot processes and I found I had 128 imap-login > processes on both servers, but nothing in the logs seemed to point that out > for me. Should there be? It would have been alot easier to debug. Also, > this seems to be from general use, doesn't seem like a DoS, so is this just a > setting I should keep an eye on and increase it by reasonable amounts as > needed? Thanks. >
Timo Sirainen
2008-Jul-20 16:19 UTC
[Dovecot] No log for hitting login_max_processes_count?
On Mon, 2008-06-30 at 11:49 -0400, Adam McDougall wrote:> I think today just due to increased use, my mail servers hit > login_max_processes_count. It wasn't obvious what was happening, logins > just weren't acting like they should and sometimes would get > disconnected before given a prompt from the server. Something made me > think to check if I had too many of certain dovecot processes and I > found I had 128 imap-login processes on both servers, but nothing in the > logs seemed to point that out for me. Should there be? It would have > been alot easier to debug. Also, this seems to be from general use, > doesn't seem like a DoS, so is this just a setting I should keep an eye > on and increase it by reasonable amounts as needed? Thanks.That should probably redesigned at some point.. The setting should probably only control how many processes there should be with users that haven't logged in, so (SSL) proxying processes shouldn't be counted.. Or perhaps a different setting should limit them. And you're right that it doesn't currently log anything if all of the processes are in use. Hmm. This is a bit difficult to solve currently. I think I'll just leave it for the master rewrite, which should make it easier. :) Anyway setting login_process_per_connection=no would make it work better and probably also log something if limits are reached. http://wiki.dovecot.org/LoginProcess -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20080720/f4a916af/attachment-0002.bin>