dovecot - Sep 2014 - SASL LOGIN : connection to server lost with more than 10 simulatneaous postfix smtps

Hi All,

I have a problem with SASL authentification from postfix when more than 
10 mails is sent from the same user simultaneously
Postfix abort connection (  Connection lost to authentication server ). 
Dovecot log after the postfix error an error about
connection lost also ( read EOF )

I don't seem to find a parameter for a maximum of connection for the 
auth process ( ther's one for imap, pop, .. ) but none for auth.

Do you have an idea of a way to solve this problem or to have better 
information ?

result of Docecot -n


# 2.2.13: /etc/dovecot/dovecot.conf
# OS: Linux 3.15.6-gentoo-xxxx-std-ipv6-64 x86_64 Gentoo Base System 
release 2.2
auth_default_realm = aprogsys.com
auth_mechanisms = plain login
auth_username_format = %Ln
dict {
   acl = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
}
disable_plaintext_auth = no
dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u
first_valid_uid = 1001
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
mail_access_groups = dovecot
mail_location = mdbox:~/mdbox
mail_plugins = " acl notify replication"
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date ihave duplicate
namespace inbox {
   inbox = yes
   list = yes
   location    mailbox Drafts {
     special_use = \Drafts
   }
   mailbox Junk {
     special_use = \Junk
   }
   mailbox Sent {
     special_use = \Sent
   }
   mailbox "Sent Messages" {
     special_use = \Sent
   }
   mailbox Trash {
     special_use = \Trash
   }
   prefix    separator = /
}
passdb {
   args = *
   driver = pam
}
plugin {
   acl = vfile
   acl_anyone = allow
   acl_shared_dict = proxy::acl
   antispam_backend = DSPAM
   antispam_debug_target = syslog
   antispam_dspam_args = --source=error;--signature=%%s;--user;%n
   antispam_dspam_binary = /usr/bin/dspam
   antispam_signature = X-DSPAM-Signature
   antispam_spam = SPAM
   antispam_trash = Trash
   antispam_verbose_debug = 1
   mail_replica = remote:root at 192.168.1.7
   replication_dsync_parameters = -d -U
   sieve = ~/.dovecot.sieve
   sieve_before = /var/lib/dovecot/sieve
   sieve_default = /var/lib/dovecot/sieve/spam.sieve
   sieve_dir = ~/sieve
}
protocols = imap pop3 lmtp sieve
replication_max_conns = 2
service aggregator {
   fifo_listener replication-notify-fifo {
     mode = 0666
   }
   unix_listener replication-notify {
     mode = 0666
   }
}
service auth {
   unix_listener /var/spool/postfix/private/auth {
     group = postfix
     mode = 0660
     user = postfix
   }
   unix_listener auth-userdb {
     mode = 0777
   }
   user = root
}
service dict {
   unix_listener dict {
     mode = 0666
   }
}
service imap-login {
   process_min_avail = 4
   service_count = 0
   vsz_limit = 256 M
}
service managesieve-login {
   inet_listener sieve {
     port = 4190
   }
   inet_listener sieve_deprecated {
     port = 2000
   }
}
service replicator {
   process_min_avail = 1
   unix_listener replicator-doveadm {
     mode = 0666
   }
}
ssl_cert = </etc/ssl/dovecot/server.pem
ssl_key = </etc/ssl/dovecot/server.pem
userdb {
   driver = passwd
}
protocol lda {
   mail_plugins = " acl notify replication sieve"
}
protocol imap {
   imap_client_workarounds = delay-newmail tb-extra-mailbox-sep 
tb-lsub-flags
   mail_max_userip_connections = 40
   mail_plugins = " acl notify replication antispam imap_acl"
}

On 04 Sep 2014, at 03:12 , Ve (HOME) <ve at vetienne.net>
wrote:
> Postfix abort connection
That sounds like postfix is rate limiting.

-- 
"If I were willing to change my morals for convenience or financial
gain, we wouldn't be arguing, because I'd already *be* a
Republican."
-- Wil Shipley

Le 04/09/2014 18:34, LuKreme a ?crit :
> On 04 Sep 2014, at 03:12 , Ve (HOME) <ve at vetienne.net> wrote:
>> Postfix abort connection
> That sounds like postfix is rate limiting.
>
Maybe but the message log doesn't look like rate limiting
here is an example


Sep  2 16:01:05 ns3 postfix/smtpd[32576]: connect from
ns206843.ip-94-23-193.eu[94.23.193.183]
Sep  2 16:01:06 ns3 postfix/smtpd[32443]: connect from
LAubervilliers-656-01-128-94.w80-11.abo.wanadoo.fr[80.11.5.94]
Sep  2 16:01:06 ns3 postfix/smtpd[31906]: connect from
unknown[123.21.205.191]
Sep  2 16:01:09 ns3 postfix/smtpd[32600]: connect from
ns206843.ip-94-23-193.eu[94.23.193.183]
Sep  2 16:01:15 ns3 postfix/smtpd[32576]: warning:
ns206843.ip-94-23-193.eu[94.23.193.183]: SASL LOGIN authentication
failed: Connection lost to authentication server
Sep  2 16:01:15 ns3 postfix/smtpd[32576]: disconnect from
ns206843.ip-94-23-193.eu[94.23.193.183]
Sep  2 16:01:15 ns3 postfix/smtpd[32576]: connect from
ns206843.ip-94-23-193.eu[94.23.193.183]
Sep  2 16:01:15 ns3 dovecot: auth: Warning: auth client 0 disconnected
with 1 pending requests: EOF


What is strange ( at least for me ) is the 10 second delay between the
connect and the warning and that postfix log a connection lost.
And i have process_limt configured ( so 100 connection by default i think)

But will try to have more information


Vincent