Hello Timo and dovecot teamwork,
We have dovecot 2.0.10 installed with this configuration:
# dovecot -n
# 2.0.10: /usr/local/dovecot/etc/dovecot/dovecot.conf
# OS: Linux 2.6.18-92.1.18.el5 x86_64 Scientific Linux SL release 5.2 (Boron)
auth_cache_size = 500 k
auth_cache_ttl = 1000 secs
disable_plaintext_auth = no
first_valid_uid = 501
lock_method = dotlock
mail_fsync = always
mail_gid = vmail
mail_location = maildir:%h/Maildir
mail_nfs_index = yes
mail_nfs_storage = yes
mail_plugins = quota autocreate
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date
mmap_disable = yes
namespace {
inbox = yes
location prefix separator = .
type = private
}
namespace {
hidden = yes
inbox = no
list = no
location prefix = INBOX.
separator = .
type = private
}
namespace {
location = maildir:%h/Maildir/_backup
prefix = _backup.
separator = .
type = private
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf
driver = ldap
}
plugin/autocreate = Spam
plugin/autosubscribe = Spam
plugin/quota = maildir:_backup:nsplugin/quota_warning = storage=75%%
quota-warning 75 %u
plugin/quota_warning2 = storage=90%% quota-warning 90 %u
plugin/sieve = %h/.dovecot.sieve
plugin/sieve_dir = %h/sieve
protocols = imap pop3 sieve
service anvil {
client_limit = 5000
}
service auth {
client_limit = 9000
unix_listener auth-master {
group = vmail
mode = 0700
user = vmail
}
user = root
vsz_limit = 2 G
}
service imap-login {
executable = /usr/local/dovecot/libexec/dovecot/imap-login
inet_listener imap {
address = *
port = 143
}
inet_listener imaps {
address = *
port = 993
}
process_limit = 2048
process_min_avail = 20
user = vmail
}
service imap {
executable = /usr/local/dovecot/libexec/dovecot/imap
process_limit = 2048
}
service managesieve-login {
executable = /usr/local/dovecot/libexec/dovecot/managesieve-login
inet_listener sieve {
address = *
port = 4190
}
inet_listener sieve_deprecated {
address = *
port = 12000
}
user = vmail
}
service managesieve {
executable = /usr/local/dovecot/libexec/dovecot/managesieve
}
service pop3-login {
executable = /usr/local/dovecot/libexec/dovecot/pop3-login
inet_listener pop3 {
address = *
port = 110
}
inet_listener pop3s {
address = *
port = 995
}
process_limit = 2048
process_min_avail = 20
user = vmail
}
service pop3 {
executable = /usr/local/dovecot/libexec/dovecot/pop3
process_limit = 2048
}
service quota-warning {
executable = script /usr/local/dovecot/bin/quota-warning.sh
unix_listener quota-warning {
group = vmail
mode = 0700
user = vmail
}
}
ssl_cert = </etc/ssl/correo_xxxx.crt
ssl_key = </etc/ssl/correo_xxxx.pem
syslog_facility = local3
userdb {
args = /etc/dovecot/dovecot-ldap.conf
driver = ldap
}
valid_chroot_dirs = /buzones/
protocol imap {
imap_client_workarounds mail_plugin_dir = /usr/local/dovecot/lib/dovecot
mail_plugins = quota autocreate imap_quota
}
protocol pop3 {
mail_plugin_dir = /usr/local/dovecot/lib/dovecot
mail_plugins = quota autocreate
pop3_uidl_format = %08Xu%08Xv
}
protocol lda {
auth_socket_path = /usr/local/dovecot/var/run/dovecot/auth-master
hostname = buzon.xxxx.es
mail_plugin_dir = /usr/local/dovecot/lib/dovecot
mail_plugins = quota autocreate sieve
postmaster_address = postmaster at xxxx.es
quota_full_tempfail = no
rejection_reason = Su mensaje para <%t> fue rechazado automaticamente
por nuestro sistema :%n%r
rejection_subject = Rechazado: %s
sendmail_path = /usr/sbin/exim
}
protocol sieve {
managesieve_implementation_string = dovecot Pigeonhole
managesieve_logout_format = bytes ( in=%i : out=%o )
managesieve_max_line_length = 65536
}
The problem is at the moment of maximum load of the system. We can see many imap
sessions but there are also many imap-login processes, which is weird. Has it
something to do with any parameter of our configuration? We think is something
with the vsz_limit parameter. How can we tune it?
Thank you very much in advanced.
Kind regards.
________________________________
[cid:image001.gif at 01CCE647.65B8FB30]
H?ctor Moreno Blanco
Divisi?n de Seguridad e Infraestructuras /
Security and Infrastructures Division
GMV
Isaac Newton, 11
P.T.M. Tres Cantos
E-28760 Madrid
Tel. +34 91 807 21 00
Fax +34 91 807 21 99
www.gmv.com <http://www.gmv.com/>
[cid:image002.gif at 01CCE647.65B8FB30]<http://www.gmv.com/b2_gmv>
[cid:image003.gif at 01CCE647.65B8FB30]<http://www.facebook.com/infoGMV>
[cid:image004.gif at 01CCE647.65B8FB30]<http://www.twitter.com/infoGMV_es>
[cid:image005.gif at 01CCE647.65B8FB30]<http://www.youtube.com/infoGMV>
______________________
This message including any attachments may contain confidential
information, according to our Information Security Management System,
and intended solely for a specific individual to whom they are addressed.
Any unauthorised copy, disclosure or distribution of this message
is strictly forbidden. If you have received this transmission in error,
please notify the sender immediately and delete it.
______________________
Este mensaje, y en su caso, cualquier fichero anexo al mismo,
puede contener informacion clasificada por su emisor como confidencial
en el marco de su Sistema de Gestion de Seguridad de la
Informacion siendo para uso exclusivo del destinatario, quedando
prohibida su divulgacion copia o distribucion a terceros sin la
autorizacion expresa del remitente. Si Vd. ha recibido este mensaje
erroneamente, se ruega lo notifique al remitente y proceda a su borrado.
Gracias por su colaboracion.
______________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 5711 bytes
Desc: image001.gif
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20120208/5b360468/attachment-0020.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.gif
Type: image/gif
Size: 1306 bytes
Desc: image002.gif
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20120208/5b360468/attachment-0021.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.gif
Type: image/gif
Size: 1309 bytes
Desc: image003.gif
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20120208/5b360468/attachment-0022.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.gif
Type: image/gif
Size: 1279 bytes
Desc: image004.gif
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20120208/5b360468/attachment-0023.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.gif
Type: image/gif
Size: 1323 bytes
Desc: image005.gif
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20120208/5b360468/attachment-0024.gif>
On Feb 8, 2012, at 3:58 AM, H?ctor Moreno Blanco wrote: -snip-> service imap-login { > executable = /usr/local/dovecot/libexec/dovecot/imap-login > inet_listener imap { > address = * > port = 143 > } > inet_listener imaps { > address = * > port = 993 > } > process_limit = 2048 > process_min_avail = 20 > user = vmail > } > service imap { > executable = /usr/local/dovecot/libexec/dovecot/imap > process_limit = 2048 > }- snip, again -> > The problem is at the moment of maximum load of the system. We can see many imap sessions but there are also many imap-login processes, which is weird. Has it something to do with any parameter of our configuration? We think is something with the vsz_limit parameter. How can we tune it?I'm not 100% sure but if this is the case but it looks like you setting process_limit and process_min_avail in the imap-login service block is putting dovecot in "High Security" mode. http://wiki2.dovecot.org/LoginProcess has good details on that. In short, I suspect your settings are creating a new imap-login process for each new IMAP connection. As I understand it, vsz_limit is more important when running in "High Performance" mode where you have just 1 imap-login process that handles all new IMAP connections. That process can grow quite large if you have a lot of simultaneous IMAP clients.> > Thank you very much in advanced. > > Kind regards. > > ________________________________ > [cid:image001.gif at 01CCE647.65B8FB30] > > H?ctor Moreno Blanco > Divisi?n de Seguridad e Infraestructuras / > Security and Infrastructures Division > > GMV > Isaac Newton, 11 > P.T.M. Tres Cantos > E-28760 Madrid > Tel. +34 91 807 21 00 > Fax +34 91 807 21 99 > www.gmv.com <http://www.gmv.com/> > [cid:image002.gif at 01CCE647.65B8FB30]<http://www.gmv.com/b2_gmv> > > > > [cid:image003.gif at 01CCE647.65B8FB30]<http://www.facebook.com/infoGMV> > > > > [cid:image004.gif at 01CCE647.65B8FB30]<http://www.twitter.com/infoGMV_es> > > > > [cid:image005.gif at 01CCE647.65B8FB30]<http://www.youtube.com/infoGMV> > > > > > > > ______________________ > This message including any attachments may contain confidential > information, according to our Information Security Management System, > and intended solely for a specific individual to whom they are addressed. > Any unauthorised copy, disclosure or distribution of this message > is strictly forbidden. If you have received this transmission in error, > please notify the sender immediately and delete it. > > ______________________ > Este mensaje, y en su caso, cualquier fichero anexo al mismo, > puede contener informacion clasificada por su emisor como confidencial > en el marco de su Sistema de Gestion de Seguridad de la > Informacion siendo para uso exclusivo del destinatario, quedando > prohibida su divulgacion copia o distribucion a terceros sin la > autorizacion expresa del remitente. Si Vd. ha recibido este mensaje > erroneamente, se ruega lo notifique al remitente y proceda a su borrado. > Gracias por su colaboracion. > > ______________________ >Hope this helps, David Warden