ok, i've found out that the directors are in the doveadm penalty list.
i believe adding the following solves the issue (still testing but looking
promising.
login_trusted_networks = 10.0.10.0/24
On Tue, Mar 19, 2019 at 2:19 PM Erik de Waard <erikdewaard at gmail.com>
wrote:
> Hi,
>
> I've been running dovecot for many years, but now i've hit a
strange
> problem.
> when retrieving imap there is sometimes in 1 of 4 imap requests a 4sec
> latency.
>
> * notes:
> - connected directly to the backends this latency disappears
> - removing a director from the loadbalancer(lvs) so i'm the only
connected
> to the director
> this latency disappears too
>
> I would appreciate some feedback of where to look because i tried various
> options. (client_limit,process_limit) perhaps its just as simple as to add
> more directors
> but any feedback would be welcome.
>
> Thank you.
>
> This is the setup:
>
> -- Internet -> LVS -> 3 Directors -> 9 Backends.
>
> doveadm director status
> mail server ip tag vhosts state state changed users
>
> 10.0.10.110 100 up - 3309
>
> 10.0.10.111 100 up - 3412
>
> 10.0.10.112 100 up - 3458
>
> 10.0.10.113 100 up - 3437
>
> 10.0.10.115 100 up - 3368
>
> 10.0.10.116 100 up - 3320
>
> 10.0.10.117 100 up - 3305
>
> 10.0.10.118 100 up - 3291
>
> 10.0.10.223 100 up - 3280
>
> #Director doveconf -n
> # Pigeonhole version 0.4.22 (22940fb7)
> # OS: Linux 4.9.0-6-amd64 x86_64 Debian 9.4
> # Hostname: server312.company.com
> auth_cache_negative_ttl = 0
> auth_cache_size = 10 M
> auth_cache_ttl = 1 days
> auth_username_chars >
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@#"
> default_client_limit = 3000
> director_mail_servers = 10.0.10.223 10.0.10.110 10.0.10.111 10.0.10.112
> 10.0.10.113 10.0.10.115 10.0.10.116 10.0.10.117 10.0.10.118
> director_servers = 10.0.10.114 10.0.10.181 10.0.10.182
> director_user_expire = 1 days
> disable_plaintext_auth = no
> info_log_path = /dev/null
> lmtp_proxy = yes
> login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e
> encryption=%k secured=%c
> mail_max_userip_connections = 100
> passdb {
> args = proxy=y nopassword=y
> driver = static
> }
> protocols = imap lmtp
> service director {
> fifo_listener login/proxy-notify {
> mode = 0600
> user = $default_login_user
> }
> inet_listener {
> port = 9090
> }
> unix_listener director-userdb {
> mode = 0600
> }
> unix_listener login/director {
> mode = 0666
> }
> }
> service imap-login {
> client_limit = 6000
> executable = imap-login director
> process_limit = 4
> process_min_avail = 4
> service_count = 0
> vsz_limit = 600 M
> }
> service ipc {
> unix_listener ipc {
> user = dovecot
> }
> }
> service lmtp {
> inet_listener lmtp {
> port = 24
> }
> }
> ssl_cert = </etc/ssl-certificates/MDC_company_com.crt
> ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL:!RC4:!SEED at STRENGTH
> ssl_key = # hidden, use -P to show it
> ssl_prefer_server_ciphers = yes
> protocol lmtp {
> auth_socket_path = director-userdb
> }
>
>
> #backend doveconf -n
> # 2.2.34 (874deae): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.4.22 (22940fb7)
> # OS: Linux 4.9.0-6-amd64 x86_64 Debian 9.4
> # Hostname: server250.company.com
> auth_cache_negative_ttl = 0
> auth_cache_size = 10 M
> auth_cache_ttl = 1 days
> auth_username_chars >
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@#"
> default_client_limit = 1500
> default_vsz_limit = 600 M
> disable_plaintext_auth = no
> info_log_path = /dev/null
> listen = *
> log_timestamp = "%Y-%m-%d %H:%M:%S "
> mail_max_userip_connections = 100
> mail_privileged_group = mail
> mmap_disable = yes
> namespace inbox {
> inbox = yes
> location > mailbox Drafts {
> special_use = \Drafts
> }
> mailbox Junk {
> special_use = \Junk
> }
> mailbox Sent {
> special_use = \Sent
> }
> mailbox "Sent Messages" {
> special_use = \Sent
> }
> mailbox Trash {
> special_use = \Trash
> }
> prefix = INBOX.
> separator = .
> type = private
> }
> passdb {
> args = /etc/dovecot/dovecot-sql.conf
> driver = sql
> }
> plugin {
> sieve_execute_bin_dir = /etc/dovecot/sieve-executables
> sieve_global_extensions = +vnd.dovecot.execute
> sieve_plugins = sieve_extprograms
> }
> protocols = imap lmtp
> service anvil {
> unix_listener anvil-auth-penalty {
> mode = 0600
> }
> }
> service auth {
> user = root
> }
> service imap-login {
> client_limit = 6000
> process_limit = 4
> process_min_avail = 4
> service_count = 0
> vsz_limit = 600 M
> }
> service imap {
> client_limit = 1
> process_limit = 1024
> service_count = 50
> }
> service lmtp {
> inet_listener lmtp {
> port = 24
> }
> }
> ssl = no
> ssl_cert = </etc/dovecot/dovecot.crt
> ssl_key = # hidden, use -P to show it
> userdb {
> driver = prefetch
> }
> userdb {
> args = /etc/dovecot/dovecot-sql.conf
> driver = sql
> }
> verbose_proctitle = yes
> protocol lmtp {
> mail_plugins = " sieve"
> plugin {
> sieve = ~/filters.sieve
> sieve_after = /etc/dovecot/sieve/after.sieve
> sieve_before = /etc/dovecot/sieve/before.sieve
> }
> userdb {
> args = /etc/dovecot/dovecot-sql-lmtp.conf
> driver = sql
> name > }
> }
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20190319/14e6d534/attachment.html>