Hello Rajesh,
> also htop always shows a few delayed processes of dovecot (shown as D)
on top -- pop3 and imap>
Processes shown as "D" are waiting for Disk. That also explains your
high Load on the Server, because every Process waiting for disk
increases the Load by 1!
Probably your disks are simply to slow for your scenario.
Best Regards
Bastian
Am 09.02.2017 um 11:30 schrieb Rajesh M:> hi
>
> we are using dovecot version 2.2.7 (config file given below)
> centos 6, qmail, vpopmail, mysql
>
> server configuration
> hex core processor, 16 gb ram 1 X 600 gb 15 k rpm for main drive and 2 X
2000 gb hdd for data (No raid)
>
> busy server with around 4000 email ids --- load is around 2 to 10
>
> the issue is that SQUIRRELMAIL webmail users suddenly lose connection while
they are working on the webmail.
>
> after logging in, if the user tries to open a mail then the interface gives
error invalid user id or password.
>
> this happens on an extremely random basis.
>
> also htop always shows a few delayed processes of dovecot (shown as D) on
top -- pop3 and imap
>
> dovecot logs do not show any login error when such a logout takes place.
>
> the said mailbox contained just around 30 emails
>
> and it is not related to the timeout plugin of squirrelmail either since
the same webmail folders works on other servers of ours without any issues.
>
> webmail load slowly in general
>
> however when it works normally webmail is very fast and able to handle
several 10 s of thousands of emails in the inbox.
>
> ram consumed is 2 - 5 gb during peak hours.
>
> rebooted server but issue not solved
>
> issue is present for the last around 1 month and was not present earlier.
>
> help required please.
>
> thanks
> rajesh
>
>
> settings as such
> # 2.2.7: /etc/dovecot/dovecot.conf
> # OS: Linux 2.6.32-431.29.2.el6.x86_64 x86_64 CentOS release 6.5 (Final)
> # NOTE: Send doveconf -n output instead when asking for help.
> auth_anonymous_username = anonymous
> auth_cache_negative_ttl = 0
> auth_cache_size = 0
> auth_cache_ttl = 0
> auth_debug = no
> auth_debug_passwords = yes
> auth_default_realm =
> auth_failure_delay = 2 secs
> auth_gssapi_hostname =
> auth_krb5_keytab =
> auth_master_user_separator =
> auth_mechanisms = plain login digest-md5 cram-md5
> auth_proxy_self =
> auth_realms =
> auth_socket_path = auth-userdb
> auth_ssl_require_client_cert = no
> auth_ssl_username_from_cert = no
> auth_use_winbind = no
> auth_username_chars =
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
> auth_username_format = %Lu
> auth_username_translation =
> auth_verbose = no
> auth_verbose_passwords = no
> auth_winbind_helper_path = /usr/bin/ntlm_auth
> auth_worker_max_count = 30
> base_dir = /var/run/dovecot
> config_cache_size = 1 M
> debug_log_path =
> default_client_limit = 1000
> default_idle_kill = 1 mins
> default_internal_user = dovecot
> default_login_user = vpopmail
> default_process_limit = 100
> default_vsz_limit = 256 M
> deliver_log_format = msgid=%m: %$
> dict_db_config =
> director_doveadm_port = 0
> director_mail_servers =
> director_servers =
> director_user_expire = 15 mins
> director_username_hash = %u
> disable_plaintext_auth = no
> dotlock_use_excl = yes
> doveadm_allowed_commands =
> doveadm_password =
> doveadm_port = 0
> doveadm_socket_path = doveadm-server
> doveadm_worker_count = 0
> dsync_alt_char = _
> dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u -U
> first_valid_gid = 89
> first_valid_uid = 89
> hostname =
> imap_capability =
> imap_client_workarounds =
> imap_id_log =
> imap_id_send = name *
> imap_idle_notify_interval = 2 mins
> imap_logout_format = in=%i out=%o
> imap_max_line_length = 64 k
> imap_metadata = no
> imap_urlauth_host =
> imap_urlauth_logout_format = in=%i out=%o
> imap_urlauth_port = 143
> imapc_features =
> imapc_host =
> imapc_list_prefix =
> imapc_master_user =
> imapc_max_idle_time = 29 mins
> imapc_password =
> imapc_port = 143
> imapc_rawlog_dir =
> imapc_ssl = no
> imapc_ssl_verify = yes
> imapc_user =
> import_environment = TZ DEBUG_OUTOFMEM
> info_log_path =
> instance_name = dovecot
> last_valid_gid = 0
> last_valid_uid = 0
> lda_mailbox_autocreate = no
> lda_mailbox_autosubscribe = no
> lda_original_recipient_header =
> libexec_dir = /usr/libexec/dovecot
> listen = *, ::
> lmtp_address_translate =
> lmtp_proxy = no
> lmtp_rcpt_check_quota = no
> lmtp_save_to_detail_mailbox = no
> lock_method = fcntl
> log_path = /var/log/dovecot.log
> log_timestamp = "%b %d %H:%M:%S "
> login_access_sockets =
> login_greeting = ready.
> login_log_format = %$: %s
> login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e
%c session=<%{session}>
> login_trusted_networks =
> mail_access_groups =
> mail_always_cache_fields =
> mail_attachment_dir =
> mail_attachment_fs = sis posix
> mail_attachment_hash = %{sha1}
> mail_attachment_min_size = 128 k
> mail_attribute_dict =
> mail_cache_fields = flags
> mail_cache_min_mail_count = 0
> mail_chroot =
> mail_debug = no
> mail_fsync = optimized
> mail_full_filesystem_access = no
> mail_gid =
> mail_home =
> mail_location =
> mail_log_prefix = "%s(%u): "
> mail_max_keyword_length = 50
> mail_max_lock_timeout = 0
> mail_max_userip_connections = 10
> mail_never_cache_fields = imap.envelope
> mail_nfs_index = no
> mail_nfs_storage = no
> mail_plugin_dir = /usr/lib64/dovecot
> mail_plugins = " quota"
> mail_prefetch_count = 0
> mail_privileged_group =
> mail_save_crlf = no
> mail_shared_explicit_inbox = no
> mail_temp_dir = /tmp
> mail_temp_scan_interval = 1 weeks
> mail_uid =
> mailbox_idle_check_interval = 30 secs
> mailbox_list_index = no
> maildir_broken_filename_sizes = no
> maildir_copy_with_hardlinks = yes
> maildir_stat_dirs = no
> maildir_very_dirty_syncs = no
> managesieve_client_workarounds =
> managesieve_implementation_string = Dovecot Pigeonhole
> managesieve_logout_format = bytes=%i/%o
> managesieve_max_compile_errors = 5
> managesieve_max_line_length = 65536
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date ihave
> master_user_separator =
> mbox_dirty_syncs = yes
> mbox_dotlock_change_timeout = 2 mins
> mbox_lazy_writes = yes
> mbox_lock_timeout = 5 mins
> mbox_md5 = apop3d
> mbox_min_index_size = 0
> mbox_read_locks = fcntl
> mbox_very_dirty_syncs = no
> mbox_write_locks = dotlock fcntl
> mdbox_preallocate_space = no
> mdbox_rotate_interval = 0
> mdbox_rotate_size = 2 M
> mmap_disable = no
> namespace {
> disabled = no
> hidden = no
> ignore_on_failure = no
> inbox = yes
> list = yes
> location =
> prefix =
> separator = .
> subscriptions = yes
> type = private
> }
> passdb {
> args = cache_key=%u webmail=127.0.0.1
> default_fields =
> deny = no
> driver = vpopmail
> master = no
> override_fields =
> pass = no
> result_failure = continue
> result_internalfail = continue
> result_success = return-ok
> skip = never
> }
> plugin {
> quota = maildir:ignore=Trash
> quota_rule = ?:storage=0
> }
> pop3_client_workarounds =
> pop3_deleted_flag =
> pop3_enable_last = no
> pop3_fast_size_lookups = no
> pop3_lock_session = no
> pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
> pop3_no_flag_updates = no
> pop3_reuse_xuidl = no
> pop3_save_uidl = no
> pop3_uidl_duplicates = allow
> pop3_uidl_format = %08Xu%08Xv
> pop3c_host =
> pop3c_master_user =
> pop3c_password =
> pop3c_port = 110
> pop3c_rawlog_dir =
> pop3c_ssl = no
> pop3c_ssl_verify = yes
> pop3c_user = %u
> postmaster_address =
> protocols = imap pop3
> quota_full_tempfail = no
> recipient_delimiter = +
> rejection_reason = Your message to <%t> was automatically
rejected:%n%r
> rejection_subject = Rejected: %s
> replication_full_sync_interval = 1 days
> replication_max_conns = 10
> replicator_host = replicator
> replicator_port = 0
> sendmail_path = /usr/sbin/sendmail
> service aggregator {
> chroot = .
> client_limit = 0
> drop_priv_before_exec = no
> executable = aggregator
> extra_groups =
> fifo_listener replication-notify-fifo {
> group =
> mode = 0600
> user =
> }
> group =
> idle_kill = 0
> privileged_group =
> process_limit = 0
> process_min_avail = 0
> protocol =
> service_count = 0
> type =
> unix_listener replication-notify {
> group =
> mode = 0600
> user =
> }
> user = $default_internal_user
> vsz_limit = 18446744073709551615 B
> }
> service anvil {
> chroot = empty
> client_limit = 0
> drop_priv_before_exec = no
> executable = anvil
> extra_groups =
> group =
> idle_kill = 4294967295 secs
> privileged_group =
> process_limit = 1
> process_min_avail = 1
> protocol =
> service_count = 0
> type = anvil
> unix_listener anvil-auth-penalty {
> group =
> mode = 0600
> user =
> }
> unix_listener anvil {
> group =
> mode = 0600
> user =
> }
> user = $default_internal_user
> vsz_limit = 18446744073709551615 B
> }
> service auth-worker {
> chroot =
> client_limit = 1
> drop_priv_before_exec = no
> executable = auth -w
> extra_groups =
> group =
> idle_kill = 0
> privileged_group =
> process_limit = 0
> process_min_avail = 0
> protocol =
> service_count = 1
> type =
> unix_listener auth-worker {
> group =
> mode = 0600
> user = $default_internal_user
> }
> user =
> vsz_limit = 18446744073709551615 B
> }
> service auth {
> chroot =
> client_limit = 0
> drop_priv_before_exec = no
> executable = auth
> extra_groups =
> group =
> idle_kill = 0
> privileged_group =
> process_limit = 1
> process_min_avail = 0
> protocol =
> service_count = 0
> type =
> unix_listener auth-client {
> group =
> mode = 0600
> user = $default_internal_user
> }
> unix_listener auth-login {
> group =
> mode = 0600
> user = $default_internal_user
> }
> unix_listener auth-master {
> group =
> mode = 0600
> user =
> }
> unix_listener auth-userdb {
> group =
> mode = 0666
> user = $default_internal_user
> }
> unix_listener login/login {
> group =
> mode = 0666
> user =
> }
> unix_listener token-login/tokenlogin {
> group =
> mode = 0666
> user =
> }
> user = $default_internal_user
> vsz_limit = 18446744073709551615 B
> }
> service config {
> chroot =
> client_limit = 0
> drop_priv_before_exec = no
> executable = config
> extra_groups =
> group =
> idle_kill = 0
> privileged_group =
> process_limit = 0
> process_min_avail = 0
> protocol =
> service_count = 0
> type = config
> unix_listener config {
> group =
> mode = 0600
> user =
> }
> user =
> vsz_limit = 18446744073709551615 B
> }
> service dict {
> chroot =
> client_limit = 1
> drop_priv_before_exec = no
> executable = dict
> extra_groups =
> group =
> idle_kill = 0
> privileged_group =
> process_limit = 0
> process_min_avail = 0
> protocol =
> service_count = 0
> type =
> unix_listener dict {
> group =
> mode = 0600
> user =
> }
> user = $default_internal_user
> vsz_limit = 18446744073709551615 B
> }
> service director {
> chroot = .
> client_limit = 0
> drop_priv_before_exec = no
> executable = director
> extra_groups =
> fifo_listener login/proxy-notify {
> group =
> mode = 00
> user =
> }
> group =
> idle_kill = 4294967295 secs
> privileged_group =
> process_limit = 1
> process_min_avail = 0
> protocol =
> service_count = 0
> type =
> unix_listener director-admin {
> group =
> mode = 0600
> user =
> }
> unix_listener login/director {
> group =
> mode = 00
> user =
> }
> user = $default_internal_user
> vsz_limit = 18446744073709551615 B
> }
> service dns_client {
> chroot =
> client_limit = 1
> drop_priv_before_exec = no
> executable = dns-client
> extra_groups =
> group =
> idle_kill = 0
> privileged_group =
> process_limit = 0
> process_min_avail = 0
> protocol =
> service_count = 0
> type =
> unix_listener dns-client {
> group =
> mode = 0666
> user =
> }
> user = $default_internal_user
> vsz_limit = 18446744073709551615 B
> }
> service doveadm {
> chroot =
> client_limit = 1
> drop_priv_before_exec = no
> executable = doveadm-server
> extra_groups =
> group =
> idle_kill = 0
> privileged_group =
> process_limit = 0
> process_min_avail = 0
> protocol =
> service_count = 1
> type =
> unix_listener doveadm-server {
> group =
> mode = 0600
> user =
> }
> user =
> vsz_limit = 18446744073709551615 B
> }
> service imap-login {
> chroot = login
> client_limit = 0
> drop_priv_before_exec = no
> executable = imap-login
> extra_groups =
> group =
> idle_kill = 0
> inet_listener imap {
> address =
> port = 143
> reuse_port = no
> ssl = no
> }
> inet_listener imaps {
> address =
> port = 993
> reuse_port = no
> ssl = yes
> }
> privileged_group =
> process_limit = 256
> process_min_avail = 50
> protocol = imap
> service_count = 1
> type = login
> user = $default_login_user
> vsz_limit = 18446744073709551615 B
> }
> service imap-urlauth-login {
> chroot = token-login
> client_limit = 0
> drop_priv_before_exec = no
> executable = imap-urlauth-login
> extra_groups =
> group =
> idle_kill = 0
> privileged_group =
> process_limit = 0
> process_min_avail = 0
> protocol = imap
> service_count = 1
> type = login
> unix_listener imap-urlauth {
> group =
> mode = 0666
> user =
> }
> user = $default_login_user
> vsz_limit = 18446744073709551615 B
> }
> service imap-urlauth-worker {
> chroot =
> client_limit = 1
> drop_priv_before_exec = no
> executable = imap-urlauth-worker
> extra_groups =
> group =
> idle_kill = 0
> privileged_group =
> process_limit = 1024
> process_min_avail = 0
> protocol = imap
> service_count = 1
> type =
> unix_listener imap-urlauth-worker {
> group =
> mode = 0600
> user = $default_internal_user
> }
> user =
> vsz_limit = 18446744073709551615 B
> }
> service imap-urlauth {
> chroot =
> client_limit = 1
> drop_priv_before_exec = no
> executable = imap-urlauth
> extra_groups =
> group =
> idle_kill = 0
> privileged_group =
> process_limit = 1024
> process_min_avail = 0
> protocol = imap
> service_count = 1
> type =
> unix_listener token-login/imap-urlauth {
> group =
> mode = 0666
> user =
> }
> user = $default_internal_user
> vsz_limit = 18446744073709551615 B
> }
> service imap {
> chroot =
> client_limit = 1
> drop_priv_before_exec = no
> executable = imap
> extra_groups =
> group =
> idle_kill = 0
> privileged_group =
> process_limit = 2048
> process_min_avail = 50
> protocol = imap
> service_count = 1
> type =
> unix_listener login/imap {
> group =
> mode = 0666
> user =
> }
> user =
> vsz_limit = 512 M
> }
> service indexer-worker {
> chroot =
> client_limit = 1
> drop_priv_before_exec = no
> executable = indexer-worker
> extra_groups =
> group =
> idle_kill = 0
> privileged_group =
> process_limit = 10
> process_min_avail = 0
> protocol =
> service_count = 0
> type =
> unix_listener indexer-worker {
> group =
> mode = 0600
> user = $default_internal_user
> }
> user =
> vsz_limit = 18446744073709551615 B
> }
> service indexer {
> chroot =
> client_limit = 0
> drop_priv_before_exec = no
> executable = indexer
> extra_groups =
> group =
> idle_kill = 0
> privileged_group =
> process_limit = 1
> process_min_avail = 0
> protocol =
> service_count = 0
> type =
> unix_listener indexer {
> group =
> mode = 0666
> user =
> }
> user = $default_internal_user
> vsz_limit = 18446744073709551615 B
> }
> service ipc {
> chroot = empty
> client_limit = 0
> drop_priv_before_exec = no
> executable = ipc
> extra_groups =
> group =
> idle_kill = 0
> privileged_group =
> process_limit = 1
> process_min_avail = 0
> protocol =
> service_count = 0
> type =
> unix_listener ipc {
> group =
> mode = 0600
> user =
> }
> unix_listener login/ipc-proxy {
> group =
> mode = 0600
> user = $default_login_user
> }
> user = $default_internal_user
> vsz_limit = 18446744073709551615 B
> }
> service lmtp {
> chroot =
> client_limit = 1
> drop_priv_before_exec = no
> executable = lmtp
> extra_groups =
> group =
> idle_kill = 0
> privileged_group =
> process_limit = 0
> process_min_avail = 0
> protocol = lmtp
> service_count = 0
> type =
> unix_listener lmtp {
> group =
> mode = 0666
> user =
> }
> user =
> vsz_limit = 18446744073709551615 B
> }
> service log {
> chroot =
> client_limit = 0
> drop_priv_before_exec = no
> executable = log
> extra_groups =
> group =
> idle_kill = 4294967295 secs
> privileged_group =
> process_limit = 1
> process_min_avail = 0
> protocol =
> service_count = 0
> type = log
> unix_listener log-errors {
> group =
> mode = 0600
> user =
> }
> user =
> vsz_limit = 18446744073709551615 B
> }
> service managesieve-login {
> chroot = login
> client_limit = 0
> drop_priv_before_exec = no
> executable = managesieve-login
> extra_groups =
> group =
> idle_kill = 0
> inet_listener sieve {
> address =
> port = 4190
> reuse_port = no
> ssl = no
> }
> privileged_group =
> process_limit = 0
> process_min_avail = 0
> protocol = sieve
> service_count = 1
> type = login
> user = $default_login_user
> vsz_limit = 18446744073709551615 B
> }
> service managesieve {
> chroot =
> client_limit = 1
> drop_priv_before_exec = no
> executable = managesieve
> extra_groups =
> group =
> idle_kill = 0
> privileged_group =
> process_limit = 0
> process_min_avail = 0
> protocol = sieve
> service_count = 1
> type =
> unix_listener login/sieve {
> group =
> mode = 0666
> user =
> }
> user =
> vsz_limit = 18446744073709551615 B
> }
> service pop3-login {
> chroot = login
> client_limit = 0
> drop_priv_before_exec = no
> executable = pop3-login
> extra_groups =
> group =
> idle_kill = 0
> inet_listener pop3 {
> address =
> port = 110
> reuse_port = no
> ssl = no
> }
> inet_listener pop3s {
> address =
> port = 995
> reuse_port = no
> ssl = yes
> }
> privileged_group =
> process_limit = 256
> process_min_avail = 25
> protocol = pop3
> service_count = 1
> type = login
> user = $default_login_user
> vsz_limit = 18446744073709551615 B
> }
> service pop3 {
> chroot =
> client_limit = 1
> drop_priv_before_exec = no
> executable = pop3
> extra_groups =
> group =
> idle_kill = 0
> privileged_group =
> process_limit = 256
> process_min_avail = 25
> protocol = pop3
> service_count = 1
> type =
> unix_listener login/pop3 {
> group =
> mode = 0666
> user =
> }
> user =
> vsz_limit = 18446744073709551615 B
> }
> service replicator {
> chroot =
> client_limit = 0
> drop_priv_before_exec = no
> executable = replicator
> extra_groups =
> group =
> idle_kill = 4294967295 secs
> privileged_group =
> process_limit = 1
> process_min_avail = 0
> protocol =
> service_count = 0
> type =
> unix_listener replicator-doveadm {
> group =
> mode = 00
> user = $default_internal_user
> }
> unix_listener replicator {
> group =
> mode = 0600
> user = $default_internal_user
> }
> user =
> vsz_limit = 18446744073709551615 B
> }
> service ssl-params {
> chroot =
> client_limit = 0
> drop_priv_before_exec = no
> executable = ssl-params
> extra_groups =
> group =
> idle_kill = 0
> privileged_group =
> process_limit = 0
> process_min_avail = 0
> protocol =
> service_count = 0
> type = startup
> unix_listener login/ssl-params {
> group =
> mode = 0666
> user =
> }
> unix_listener ssl-params {
> group =
> mode = 0666
> user =
> }
> user =
> vsz_limit = 18446744073709551615 B
> }
> service stats {
> chroot = empty
> client_limit = 0
> drop_priv_before_exec = no
> executable = stats
> extra_groups =
> fifo_listener stats-mail {
> group =
> mode = 0600
> user =
> }
> group =
> idle_kill = 4294967295 secs
> privileged_group =
> process_limit = 1
> process_min_avail = 0
> protocol =
> service_count = 0
> type =
> unix_listener stats {
> group =
> mode = 0600
> user =
> }
> user = $default_internal_user
> vsz_limit = 18446744073709551615 B
> }
> shutdown_clients = yes
> ssl = yes
> ssl_ca =
> ssl_cert = </var/qmail/control/servercert.pem
> ssl_cert_username_field = commonName
> ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
> ssl_client_ca_dir =
> ssl_client_ca_file =
> ssl_client_cert =
> ssl_client_key =
> ssl_crypto_device =
> ssl_dh_parameters_length = 2048
> ssl_key = </var/qmail/control/servercert.pem
> ssl_key_password =
> ssl_parameters_regenerate = 0
> ssl_prefer_server_ciphers = no
> ssl_protocols = !SSLv2
> ssl_require_crl = yes
> ssl_verify_client_cert = no
> state_dir = /var/lib/dovecot
> stats_command_min_time = 1 mins
> stats_domain_min_time = 12 hours
> stats_ip_min_time = 12 hours
> stats_memory_limit = 16 M
> stats_session_min_time = 15 mins
> stats_user_min_time = 1 hours
> submission_host =
> syslog_facility = mail
> userdb {
> args = cache_key=%u quota_template=quota_rule=*:backend=%q
> default_fields =
> driver = vpopmail
> override_fields =
> }
> valid_chroot_dirs =
> verbose_proctitle = no
> verbose_ssl = no
> version_ignore = no
> protocol imap {
> imap_client_workarounds = delay-newmail
> mail_max_userip_connections = 200
> mail_plugins = " quota imap_quota"
> }
> protocol pop3 {
> mail_max_userip_connections = 40
> pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
> pop3_fast_size_lookups = yes
> pop3_lock_session = no
> pop3_no_flag_updates = yes
> }
>
--
Bastian Sebode
Fachinformatiker Systemintegration
LINET Services GmbH | Cyriaksring 10a | 38118 Braunschweig
Tel. 0531-180508-0 | Fax 0531-180508-29 | http://www.linet-services.de
LINET in den sozialen Netzwerken:
www.twitter.com/linetservices | www.facebook.com/linetservices
Wissenswertes aus der IT-Welt: www.linet-services.de/blog/
Gesch?ftsf?hrung: Timo Springmann, Mirko Savic und Moritz Bunkus
HR B 9170 Amtsgericht Braunschweig
USt-IdNr. DE 259 526 516