Hi,
I've been running dovecot for many years, but now i've hit a strange
problem.
when retrieving imap there is sometimes in 1 of 4 imap requests a 4sec
latency.
* notes:
- connected directly to the backends this latency disappears
- removing a director from the loadbalancer(lvs) so i'm the only connected
to the director
this latency disappears too
I would appreciate some feedback of where to look because i tried various
options. (client_limit,process_limit) perhaps its just as simple as to add
more directors
but any feedback would be welcome.
Thank you.
This is the setup:
-- Internet -> LVS -> 3 Directors -> 9 Backends.
doveadm director status
mail server ip tag vhosts state state changed users
10.0.10.110 100 up - 3309
10.0.10.111 100 up - 3412
10.0.10.112 100 up - 3458
10.0.10.113 100 up - 3437
10.0.10.115 100 up - 3368
10.0.10.116 100 up - 3320
10.0.10.117 100 up - 3305
10.0.10.118 100 up - 3291
10.0.10.223 100 up - 3280
#Director doveconf -n
# Pigeonhole version 0.4.22 (22940fb7)
# OS: Linux 4.9.0-6-amd64 x86_64 Debian 9.4
# Hostname: server312.company.com
auth_cache_negative_ttl = 0
auth_cache_size = 10 M
auth_cache_ttl = 1 days
auth_username_chars
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@#"
default_client_limit = 3000
director_mail_servers = 10.0.10.223 10.0.10.110 10.0.10.111 10.0.10.112
10.0.10.113 10.0.10.115 10.0.10.116 10.0.10.117 10.0.10.118
director_servers = 10.0.10.114 10.0.10.181 10.0.10.182
director_user_expire = 1 days
disable_plaintext_auth = no
info_log_path = /dev/null
lmtp_proxy = yes
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e
encryption=%k secured=%c
mail_max_userip_connections = 100
passdb {
args = proxy=y nopassword=y
driver = static
}
protocols = imap lmtp
service director {
fifo_listener login/proxy-notify {
mode = 0600
user = $default_login_user
}
inet_listener {
port = 9090
}
unix_listener director-userdb {
mode = 0600
}
unix_listener login/director {
mode = 0666
}
}
service imap-login {
client_limit = 6000
executable = imap-login director
process_limit = 4
process_min_avail = 4
service_count = 0
vsz_limit = 600 M
}
service ipc {
unix_listener ipc {
user = dovecot
}
}
service lmtp {
inet_listener lmtp {
port = 24
}
}
ssl_cert = </etc/ssl-certificates/MDC_company_com.crt
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL:!RC4:!SEED at STRENGTH
ssl_key = # hidden, use -P to show it
ssl_prefer_server_ciphers = yes
protocol lmtp {
auth_socket_path = director-userdb
}
#backend doveconf -n
# 2.2.34 (874deae): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.22 (22940fb7)
# OS: Linux 4.9.0-6-amd64 x86_64 Debian 9.4
# Hostname: server250.company.com
auth_cache_negative_ttl = 0
auth_cache_size = 10 M
auth_cache_ttl = 1 days
auth_username_chars
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@#"
default_client_limit = 1500
default_vsz_limit = 600 M
disable_plaintext_auth = no
info_log_path = /dev/null
listen = *
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_max_userip_connections = 100
mail_privileged_group = mail
mmap_disable = yes
namespace inbox {
inbox = yes
location mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix = INBOX.
separator = .
type = private
}
passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
plugin {
sieve_execute_bin_dir = /etc/dovecot/sieve-executables
sieve_global_extensions = +vnd.dovecot.execute
sieve_plugins = sieve_extprograms
}
protocols = imap lmtp
service anvil {
unix_listener anvil-auth-penalty {
mode = 0600
}
}
service auth {
user = root
}
service imap-login {
client_limit = 6000
process_limit = 4
process_min_avail = 4
service_count = 0
vsz_limit = 600 M
}
service imap {
client_limit = 1
process_limit = 1024
service_count = 50
}
service lmtp {
inet_listener lmtp {
port = 24
}
}
ssl = no
ssl_cert = </etc/dovecot/dovecot.crt
ssl_key = # hidden, use -P to show it
userdb {
driver = prefetch
}
userdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
verbose_proctitle = yes
protocol lmtp {
mail_plugins = " sieve"
plugin {
sieve = ~/filters.sieve
sieve_after = /etc/dovecot/sieve/after.sieve
sieve_before = /etc/dovecot/sieve/before.sieve
}
userdb {
args = /etc/dovecot/dovecot-sql-lmtp.conf
driver = sql
name }
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20190319/a4580ddd/attachment-0001.html>
ok, i've found out that the directors are in the doveadm penalty list. i believe adding the following solves the issue (still testing but looking promising. login_trusted_networks = 10.0.10.0/24 On Tue, Mar 19, 2019 at 2:19 PM Erik de Waard <erikdewaard at gmail.com> wrote:> Hi, > > I've been running dovecot for many years, but now i've hit a strange > problem. > when retrieving imap there is sometimes in 1 of 4 imap requests a 4sec > latency. > > * notes: > - connected directly to the backends this latency disappears > - removing a director from the loadbalancer(lvs) so i'm the only connected > to the director > this latency disappears too > > I would appreciate some feedback of where to look because i tried various > options. (client_limit,process_limit) perhaps its just as simple as to add > more directors > but any feedback would be welcome. > > Thank you. > > This is the setup: > > -- Internet -> LVS -> 3 Directors -> 9 Backends. > > doveadm director status > mail server ip tag vhosts state state changed users > > 10.0.10.110 100 up - 3309 > > 10.0.10.111 100 up - 3412 > > 10.0.10.112 100 up - 3458 > > 10.0.10.113 100 up - 3437 > > 10.0.10.115 100 up - 3368 > > 10.0.10.116 100 up - 3320 > > 10.0.10.117 100 up - 3305 > > 10.0.10.118 100 up - 3291 > > 10.0.10.223 100 up - 3280 > > #Director doveconf -n > # Pigeonhole version 0.4.22 (22940fb7) > # OS: Linux 4.9.0-6-amd64 x86_64 Debian 9.4 > # Hostname: server312.company.com > auth_cache_negative_ttl = 0 > auth_cache_size = 10 M > auth_cache_ttl = 1 days > auth_username_chars > "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@#" > default_client_limit = 3000 > director_mail_servers = 10.0.10.223 10.0.10.110 10.0.10.111 10.0.10.112 > 10.0.10.113 10.0.10.115 10.0.10.116 10.0.10.117 10.0.10.118 > director_servers = 10.0.10.114 10.0.10.181 10.0.10.182 > director_user_expire = 1 days > disable_plaintext_auth = no > info_log_path = /dev/null > lmtp_proxy = yes > login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e > encryption=%k secured=%c > mail_max_userip_connections = 100 > passdb { > args = proxy=y nopassword=y > driver = static > } > protocols = imap lmtp > service director { > fifo_listener login/proxy-notify { > mode = 0600 > user = $default_login_user > } > inet_listener { > port = 9090 > } > unix_listener director-userdb { > mode = 0600 > } > unix_listener login/director { > mode = 0666 > } > } > service imap-login { > client_limit = 6000 > executable = imap-login director > process_limit = 4 > process_min_avail = 4 > service_count = 0 > vsz_limit = 600 M > } > service ipc { > unix_listener ipc { > user = dovecot > } > } > service lmtp { > inet_listener lmtp { > port = 24 > } > } > ssl_cert = </etc/ssl-certificates/MDC_company_com.crt > ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL:!RC4:!SEED at STRENGTH > ssl_key = # hidden, use -P to show it > ssl_prefer_server_ciphers = yes > protocol lmtp { > auth_socket_path = director-userdb > } > > > #backend doveconf -n > # 2.2.34 (874deae): /etc/dovecot/dovecot.conf > # Pigeonhole version 0.4.22 (22940fb7) > # OS: Linux 4.9.0-6-amd64 x86_64 Debian 9.4 > # Hostname: server250.company.com > auth_cache_negative_ttl = 0 > auth_cache_size = 10 M > auth_cache_ttl = 1 days > auth_username_chars > "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@#" > default_client_limit = 1500 > default_vsz_limit = 600 M > disable_plaintext_auth = no > info_log_path = /dev/null > listen = * > log_timestamp = "%Y-%m-%d %H:%M:%S " > mail_max_userip_connections = 100 > mail_privileged_group = mail > mmap_disable = yes > namespace inbox { > inbox = yes > location > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix = INBOX. > separator = . > type = private > } > passdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > plugin { > sieve_execute_bin_dir = /etc/dovecot/sieve-executables > sieve_global_extensions = +vnd.dovecot.execute > sieve_plugins = sieve_extprograms > } > protocols = imap lmtp > service anvil { > unix_listener anvil-auth-penalty { > mode = 0600 > } > } > service auth { > user = root > } > service imap-login { > client_limit = 6000 > process_limit = 4 > process_min_avail = 4 > service_count = 0 > vsz_limit = 600 M > } > service imap { > client_limit = 1 > process_limit = 1024 > service_count = 50 > } > service lmtp { > inet_listener lmtp { > port = 24 > } > } > ssl = no > ssl_cert = </etc/dovecot/dovecot.crt > ssl_key = # hidden, use -P to show it > userdb { > driver = prefetch > } > userdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > verbose_proctitle = yes > protocol lmtp { > mail_plugins = " sieve" > plugin { > sieve = ~/filters.sieve > sieve_after = /etc/dovecot/sieve/after.sieve > sieve_before = /etc/dovecot/sieve/before.sieve > } > userdb { > args = /etc/dovecot/dovecot-sql-lmtp.conf > driver = sql > name > } > } > >-------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20190319/14e6d534/attachment.html>
Maybe Matching Threads
- Broken uids: Director lmtp proxy able to change the destination address?
- pigeonhole 0.4.22 with sieve_before script crashes
- pigeonhole 0.4.22 with sieve_before script crashes
- pigeonhole 0.4.22 with sieve_before script crashes
- pigeonhole 0.4.22 with sieve_before script crashes