The load on our machines has gotten too high, so I started to see log
messages that directed me to look at this page for config changes:
https://pad.riseup.net/redirect#http%3A//wiki2.dovecot.org/SocketUnavailable
One of the things I wanted to do on that page was to set the:
service imap { service_count = 100 }
but when I added that to the service imap block, and restarted dovecot,
I see this in the logs: Error:
net_connect_unix(/run/dovecot/imap-postlogin) failed: Permission denied
I dont understand how this impacts permissions. Its clearly this
setting, because when I remove it, things work again. I found nothing
else in the logs indicating a configuration problem.
This is what the config block looked like:
service imap {
# Most of the memory goes to mmap()ing files. You may need to increase this
# limit if you have huge mailboxes.
#vsz_limit = 256M
# Max. number of IMAP processes (connections)
process_limit = 4096
service_count = 100
executable = imap imap-postlogin
}
service imap-postlogin {
# the script process runs as the user specified here (v2.0.14+):
#user = $default_internal_user
executable = script-login /usr/local/sbin/postlogin_imap
# this UNIX socket listener must use the same name as given to imap executable
unix_listener imap-postlogin {
}
}
This is with dovecot 2.2.13, thanks for any help you can provide!
micah
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 6 Apr 2015, Micah Anderson wrote:> service imap { service_count = 100 }where do you put this config line?> but when I added that to the service imap block, and restarted dovecot, > I see this in the logs: Error: > net_connect_unix(/run/dovecot/imap-postlogin) failed: Permission denied> I dont understand how this impacts permissions. Its clearly this > setting, because when I remove it, things work again. I found nothing > else in the logs indicating a configuration problem. > > This is what the config block looked like: > > service imap { > # Most of the memory goes to mmap()ing files. You may need to increase this > # limit if you have huge mailboxes. > #vsz_limit = 256M > # Max. number of IMAP processes (connections) > process_limit = 4096 > service_count = 100 > executable = imap imap-postlogin > }please run: doveconf -a >without_service_count add service_count doveconf -a >with_service_count Then compare the section "service imap" and "imap-postlogin" for changes.> service imap-postlogin { > # the script process runs as the user specified here (v2.0.14+): > #user = $default_internal_user > > executable = script-login /usr/local/sbin/postlogin_imap > > # this UNIX socket listener must use the same name as given to imap executable > unix_listener imap-postlogin { > } > } > > This is with dovecot 2.2.13, thanks for any help you can provide! > > micah >- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVSPNi3z1H7kL/d9rAQKCxgf+Ln7JJDI6dznH8kDPpEmDm9MNTxj/7X7T k7+6pi40xrvIWHRR+gTgh4ntzQ7ur8U8AceSEJgGb7zCQ6PvI9dFRJ1U6HMThA57 vE/W74CHGLQCNYkGEw7h7CJULu5AiJk2uj6iYt0nUKZCgLryTONFMMsgBAUewcRE OcGgHZwyOhL+CSvj9kaZ5gTDbtMxCx6b78JtWZ864ltcDeikfoN5Evlal4BRsMmA DXC5auovPJ/4zRQRiWwDCeS2LEBVESnDgRH5GMx1kQg33PtTeo7nsyTgKX7Y1twd DVTFKCTjpghFSwDmHonCOGSKw/mm+KklWicWVv6C7tujcd6ev7vjrg==DLl+ -----END PGP SIGNATURE-----
Steffen Kaiser <skdovecot at smail.inf.fh-brs.de> writes:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Mon, 6 Apr 2015, Micah Anderson wrote: > >> service imap { service_count = 100 } > > where do you put this config line?I put it as I indicated in the config block below:>> service imap { >> # Most of the memory goes to mmap()ing files. You may need to increase this >> # limit if you have huge mailboxes. >> #vsz_limit = 256M >> # Max. number of IMAP processes (connections) >> process_limit = 4096 >> service_count = 100^^^ here>> executable = imap imap-postlogin >> }> please run: > > doveconf -a >without_service_count > add service_count > doveconf -a >with_service_count > > Then compare the section "service imap" and "imap-postlogin" for > changes.Thanks for the idea. I just did this (I dont need to restart dovecot, am I right?)... but the only thing that changes is 'service imap', changing service_count = 1 to service_count = 100
On 06 Apr 2015, at 23:28, Micah Anderson <micah at riseup.net> wrote:> > but when I added that to the service imap block, and restarted dovecot, > I see this in the logs: Error: > net_connect_unix(/run/dovecot/imap-postlogin) failed: Permission deniedimap process can't connect to imap-postlogin after it has already dropped privileges to the mail user (first time it runs as root).> service imap-postlogin { > # the script process runs as the user specified here (v2.0.14+): > #user = $default_internal_user > > executable = script-login /usr/local/sbin/postlogin_imap > > # this UNIX socket listener must use the same name as given to imap executable > unix_listener imap-postlogin {# whatever user/mode permissions needed in here, for example: user = vmail> } > }