Hi,
I am using dovecot 2.0.9 (official CentOS rpm), I am experiencing very high load
issue.
I think it is something related to my storage (/var/spool is about 3 TB and it
is almost full).
I noticed those kind of messages in /var/log/maillog:
Warning: Maildir: Scanning /var/spool/pop/domains/domain.it/username/Maildir/cur
took 100 seconds (14281 readdir()s, 0 rename()s to cur/)
Warning: Maildir /var/spool/pop/domains/domain.it/username/Maildir:
Synchronization took 103 seconds (0 new msgs, 0 flag change attempts, 0 expunge
attempts)
I wondering if there is something to try, at configuration level, to
"mitigate" this..
I use Maildir format, MTA is postfix, I have many users (> 10000) with
pop3/imap/webmail access. Physical server with 8 GB RAM and two CPU (Intel(R)
Pentium(R) D CPU 3.00GHz)
This is my dovecot's conf:
auth_anonymous_username = anonymous
auth_cache_negative_ttl = 1 hours
auth_cache_size = 0
auth_cache_ttl = 1 hours
auth_debug = no
auth_debug_passwords = no
auth_default_realm auth_failure_delay = 2 secs
auth_first_valid_uid = 500
auth_gssapi_hostname auth_krb5_keytab auth_last_valid_uid = 0
auth_master_user_separator auth_mechanisms = plain login digest-md5 cram-md5
auth_realms auth_socket_path = auth-userdb
auth_ssl_require_client_cert = no
auth_ssl_username_from_cert = no
auth_use_winbind = no
auth_username_chars =
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
auth_username_format auth_username_translation auth_verbose = no
auth_verbose_passwords = no
auth_winbind_helper_path = /usr/bin/ntlm_auth
auth_worker_max_count = 30
base_dir = /var/run/dovecot
config_cache_size = 1 M
debug_log_path = /var/log/dovecot.log
default_client_limit = 1000
default_idle_kill = 60
default_internal_user = dovecot
default_login_user = dovenull
default_process_limit = 100
default_vsz_limit = 256 M
deliver_log_format = msgid=%m: %$
dict_db_config director_doveadm_port = 0
director_mail_servers director_servers director_user_expire = 15 mins
disable_plaintext_auth = no
dotlock_use_excl = no
doveadm_socket_path = doveadm-server
doveadm_worker_count = 0
first_valid_gid = 89
first_valid_uid = 89
hostname imap_capability imap_client_workarounds imap_id_log imap_id_send
imap_idle_notify_interval = 2 mins
imap_logout_format = bytes=%i/%o
imap_max_line_length = 64 k
info_log_path last_valid_gid = 0
last_valid_uid = 0
lda_mailbox_autocreate = no
lda_mailbox_autosubscribe = no
lda_original_recipient_header libexec_dir = /usr/libexec/dovecot
listen = *, ::
lmtp_proxy = no
lmtp_save_to_detail_mailbox = no
lock_method = fcntl
log_path = syslog
log_timestamp = "%b %d %H:%M:%S "
login_access_sockets login_greeting = Dovecot ready.
login_log_format = %$: %s
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
login_trusted_networks mail_access_groups mail_attachment_dir mail_attachment_fs
= sis posix
mail_attachment_hash = %{sha1}
mail_attachment_min_size = 128 k
mail_cache_fields = flags
mail_cache_min_mail_count = 0
mail_chroot mail_debug = no
mail_fsync = optimized
mail_full_filesystem_access = no
mail_gid = 89
mail_home mail_location = maildir:/coraid-s2l2/domains
mail_log_prefix = "%s(%u): "
mail_max_keyword_length = 50
mail_max_lock_timeout = 0
mail_max_userip_connections = 10
mail_never_cache_fields = imap.envelope
mail_nfs_index = no
mail_nfs_storage = no
mail_plugin_dir = /usr/lib64/dovecot
mail_plugins mail_privileged_group mail_save_crlf = no
mail_temp_dir = /tmp
mail_uid = 89
mailbox_idle_check_interval = 30 secs
mailbox_list_index_disable = no
maildir_copy_with_hardlinks = yes
maildir_stat_dirs = no
maildir_very_dirty_syncs = no
managesieve_client_workarounds managesieve_implementation_string = Dovecot
Pigeonhole
managesieve_logout_format = bytes=%i/%o
managesieve_max_compile_errors = 5
managesieve_max_line_length = 65536
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date imapflags notify
master_user_separator mbox_dirty_syncs = yes
mbox_dotlock_change_timeout = 2 mins
mbox_lazy_writes = yes
mbox_lock_timeout = 5 mins
mbox_min_index_size = 0
mbox_read_locks = fcntl
mbox_very_dirty_syncs = no
mbox_write_locks = fcntl
mdbox_preallocate_space = no
mdbox_rotate_interval = 0
mdbox_rotate_size = 2 M
mmap_disable = no
namespace {
hidden = no
inbox = yes
list = yes
location prefix = INBOX.
separator = .
subscriptions = yes
type = private
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
deny = no
driver = sql
master = no
pass = no
}
passdb {
args = /etc/dovecot/dovecot-sql-crypt.conf.ext
deny = no
driver = sql
master = no
pass = no
}
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
sieve_extensions = +notify +imapflags
sieve_max_script_size = 1M
}
pop3_client_workarounds pop3_enable_last = no
pop3_fast_size_lookups = no
pop3_lock_session = no
pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
pop3_no_flag_updates = no
pop3_reuse_xuidl = no
pop3_save_uidl = no
pop3_uidl_format = %08Xu%08Xv
postmaster_address protocols = imap pop3 lmtp sieve
quota_full_tempfail = no
recipient_delimiter = +
rejection_reason = Your message to <%t> was automatically rejected:%n%r
rejection_subject = Rejected: %s
sendmail_path = /usr/sbin/sendmail
service anvil {
chroot = empty
client_limit = 0
drop_priv_before_exec = no
executable = anvil
extra_groups group idle_kill = 4294967295 secs
privileged_group process_limit = 1
process_min_avail = 1
protocol service_count = 0
type = anvil
unix_listener anvil-auth-penalty {
group mode = 0600
user }
unix_listener anvil {
group mode = 0600
user }
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service auth-worker {
chroot client_limit = 1
drop_priv_before_exec = no
executable = auth -w
extra_groups group idle_kill = 0
privileged_group process_limit = 0
process_min_avail = 0
protocol service_count = 1
type unix_listener auth-worker {
group mode = 0600
user = $default_internal_user
}
user vsz_limit = 18446744073709551615 B
}
service auth {
chroot client_limit = 4096
drop_priv_before_exec = no
executable = auth
extra_groups group idle_kill = 0
privileged_group process_limit = 1
process_min_avail = 0
protocol service_count = 0
type unix_listener auth-client {
group mode = 0600
user }
unix_listener auth-login {
group mode = 0600
user = $default_internal_user
}
unix_listener auth-master {
group mode = 0600
user }
unix_listener auth-userdb {
group mode = 0600
user }
unix_listener login/login {
group mode = 0666
user }
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service config {
chroot client_limit = 0
drop_priv_before_exec = no
executable = config
extra_groups group idle_kill = 0
privileged_group process_limit = 0
process_min_avail = 0
protocol service_count = 0
type = config
unix_listener config {
group mode = 0600
user }
user vsz_limit = 18446744073709551615 B
}
service dict {
chroot client_limit = 1
drop_priv_before_exec = no
executable = dict
extra_groups group idle_kill = 0
privileged_group process_limit = 0
process_min_avail = 0
protocol service_count = 0
type unix_listener dict {
group mode = 0600
user }
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service director {
chroot client_limit = 0
drop_priv_before_exec = no
executable = director
extra_groups fifo_listener login/proxy-notify {
group mode = 00
user }
group idle_kill = 4294967295 secs
inet_listener {
address port = 0
ssl = no
}
privileged_group process_limit = 1
process_min_avail = 0
protocol service_count = 0
type unix_listener director-admin {
group mode = 0600
user }
unix_listener director-userdb {
group mode = 0600
user }
unix_listener login/director {
group mode = 00
user }
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service dns_client {
chroot client_limit = 1
drop_priv_before_exec = no
executable = dns-client
extra_groups group idle_kill = 0
privileged_group process_limit = 0
process_min_avail = 0
protocol service_count = 0
type unix_listener dns-client {
group mode = 0666
user }
unix_listener login/dns-client {
group mode = 0666
user }
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service doveadm {
chroot client_limit = 1
drop_priv_before_exec = no
executable = doveadm-server
extra_groups group idle_kill = 0
privileged_group process_limit = 0
process_min_avail = 0
protocol service_count = 1
type unix_listener doveadm-server {
group mode = 0600
user }
user vsz_limit = 18446744073709551615 B
}
service imap-login {
chroot = login
client_limit = 0
drop_priv_before_exec = no
executable = imap-login
extra_groups group idle_kill = 0
inet_listener imap {
address port = 143
ssl = no
}
inet_listener imaps {
address port = 993
ssl = yes
}
privileged_group process_limit = 0
process_min_avail = 0
protocol = imap
service_count = 1
type = login
user = $default_login_user
vsz_limit = 64 M
}
service imap {
chroot client_limit = 1
drop_priv_before_exec = no
executable = imap
extra_groups group idle_kill = 0
privileged_group process_limit = 1024
process_min_avail = 0
protocol = imap
service_count = 1
type unix_listener login/imap {
group mode = 0666
user }
user vsz_limit = 18446744073709551615 B
}
service lmtp {
chroot client_limit = 0
drop_priv_before_exec = no
executable = lmtp
extra_groups group idle_kill = 0
privileged_group process_limit = 0
process_min_avail = 0
protocol = lmtp
service_count = 0
type unix_listener lmtp {
group mode = 0666
user }
user vsz_limit = 0
}
service log {
chroot client_limit = 0
drop_priv_before_exec = no
executable = log
extra_groups group idle_kill = 0
privileged_group process_limit = 1
process_min_avail = 0
protocol service_count = 0
type = log
user vsz_limit = 18446744073709551615 B
}
service managesieve-login {
chroot = login
client_limit = 0
drop_priv_before_exec = no
executable = managesieve-login
extra_groups group idle_kill = 0
inet_listener sieve {
address port = 4190
ssl = no
}
privileged_group process_limit = 0
process_min_avail = 0
protocol = sieve
service_count = 1
type = login
user = $default_login_user
vsz_limit = 64 M
}
service managesieve {
chroot client_limit = 1
drop_priv_before_exec = no
executable = managesieve
extra_groups group idle_kill = 0
privileged_group process_limit = 0
process_min_avail = 0
protocol = sieve
service_count = 1
type unix_listener login/sieve {
group mode = 0666
user }
user vsz_limit = 18446744073709551615 B
}
service pop3-login {
chroot = login
client_limit = 0
drop_priv_before_exec = no
executable = pop3-login
extra_groups group idle_kill = 0
inet_listener pop3 {
address port = 110
ssl = no
}
inet_listener pop3s {
address port = 995
ssl = yes
}
privileged_group process_limit = 0
process_min_avail = 0
protocol = pop3
service_count = 1
type = login
user = $default_login_user
vsz_limit = 64 M
}
service pop3 {
chroot client_limit = 1
drop_priv_before_exec = no
executable = pop3
extra_groups group idle_kill = 0
privileged_group process_limit = 1024
process_min_avail = 0
protocol = pop3
service_count = 1
type unix_listener login/pop3 {
group mode = 0666
user }
user vsz_limit = 18446744073709551615 B
}
service ssl-params {
chroot client_limit = 0
drop_priv_before_exec = no
executable = ssl-params
extra_groups group idle_kill = 0
privileged_group process_limit = 0
process_min_avail = 0
protocol service_count = 0
type = startup
unix_listener login/ssl-params {
group mode = 0666
user }
unix_listener ssl-params {
group mode = 0666
user }
user vsz_limit = 18446744073709551615 B
}
service tcpwrap {
chroot client_limit = 1
drop_priv_before_exec = no
executable = tcpwrap
extra_groups group idle_kill = 0
privileged_group process_limit = 0
process_min_avail = 0
protocol service_count = 0
type user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
shutdown_clients = yes
ssl = yes
ssl_ca ssl_cert = </etc/nginx/ssl/wildcard.domain.net_bundle.crt
ssl_cert_username_field = commonName
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
ssl_dh_parameters_length = 1024
ssl_key = </etc/nginx/ssl/wildcard.domain.net.key
ssl_key_password ssl_parameters_file = ssl-parameters.dat
ssl_parameters_regenerate = 0
ssl_protocols = !SSLv2 !SSLv3
ssl_verify_client_cert = no
syslog_facility = mail
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
valid_chroot_dirs verbose_auth = no
verbose_proctitle = no
verbose_ssl = no
version_ignore = no
protocol lmtp {
mail_plugins }
protocol lda {
mail_plugins }
protocol imap {
imap_id_log = *
}
Thank you!
On 21.09.2017 00:56, absolutely_free at libero.it wrote:> Hi, > > I am using dovecot 2.0.9 (official CentOS rpm), I am experiencing very high load issue. > > I think it is something related to my storage (/var/spool is about 3 TB and it is almost full). > > I noticed those kind of messages in /var/log/maillog: > > > Warning: Maildir: Scanning /var/spool/pop/domains/domain.it/username/Maildir/cur took 100 seconds (14281 readdir()s, 0 rename()s to cur/)Maybe you have just too much load on your server. Also you seem to be triggering maildir scans which are expensive. Also the version you are running is from 2011, so it's ... rather dated. You should probably update your system to centos7 which at least has 2.2.10, which is still rather old, but less so.> > Warning: Maildir /var/spool/pop/domains/domain.it/username/Maildir: Synchronization took 103 seconds (0 new msgs, 0 flag change attempts, 0 expunge attempts) > > I wondering if there is something to try, at configuration level, to "mitigate" this.. > > I use Maildir format, MTA is postfix, I have many users (> 10000) with pop3/imap/webmail access. Physical server with 8 GB RAM and two CPU (Intel(R) Pentium(R) D CPU 3.00GHz) > > > This is my dovecot's conf: > >please use doveconf -n Aki
Hi Aki,
thank you very much for your reply.
What do you mean with "triggering maildir scans"?
Here is dovecot -n output:
# 2.0.9: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-642.15.1.el6.x86_64 x86_64 CentOS release 6.9 (Final)
auth_mechanisms = plain login digest-md5 cram-md5
debug_log_path = /var/log/dovecot.log
disable_plaintext_auth = no
first_valid_gid = 89
first_valid_uid = 89
mail_gid = 89
mail_location = maildir:/var/spool/domains
mail_uid = 89
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date imapflags notify
mbox_write_locks = fcntl
namespace {
inbox = yes
location prefix = INBOX.
separator = .
type = private
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
passdb {
args = /etc/dovecot/dovecot-sql-crypt.conf.ext
driver = sql
}
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
sieve_extensions = +notify +imapflags
sieve_max_script_size = 1M
}
protocols = imap pop3 lmtp sieve
ssl_cert = </etc/nginx/ssl/wildcard.domain.net_bundle.crt
ssl_key = </etc/nginx/ssl/wildcard.domain.net.key
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
protocol lmtp {
mail_plugins }
protocol lda {
mail_plugins }
protocol imap {
imap_id_log = *
}
Thank you very much
>
> Il 21 settembre 2017 alle 11.13 Aki Tuomi <aki.tuomi at
dovecot.fi> ha scritto:
>
> On 21.09.2017 00:56, absolutely_free at libero.it wrote:
>
> > >
> > Hi,
> >
> > I am using dovecot 2.0.9 (official CentOS rpm), I am
experiencing very high load issue.
> >
> > I think it is something related to my storage (/var/spool is
about 3 TB and it is almost full).
> >
> > I noticed those kind of messages in /var/log/maillog:
> >
> > Warning: Maildir: Scanning
/var/spool/pop/domains/domain.it/username/Maildir/cur took 100 seconds (14281
readdir()s, 0 rename()s to cur/)
> > Maybe you have just too much load on your server. Also you
seem to be
> > triggering maildir scans which are expensive.
> >
> > >
> Also the version you are running is from 2011, so it's ... rather
dated.
> You should probably update your system to centos7 which at least has
> 2.2.10, which is still rather old, but less so.
> >
>
> > >
> > Warning: Maildir
/var/spool/pop/domains/domain.it/username/Maildir: Synchronization took 103
seconds (0 new msgs, 0 flag change attempts, 0 expunge attempts)
> >
> > I wondering if there is something to try, at configuration
level, to "mitigate" this..
> >
> > I use Maildir format, MTA is postfix, I have many users (>
10000) with pop3/imap/webmail access. Physical server with 8 GB RAM and two CPU
(Intel(R) Pentium(R) D CPU 3.00GHz)
> >
> > This is my dovecot's conf:
> >
> > please use doveconf -n
> >
> > >
> Aki
>