[Dovecot] IMAP connection timeout value?
stan at hardwarefreak.com
Fri Sep 24 08:45:57 EEST 2010
> I have a server sitting behind hardware firewall which is configured
> to timeout all connections in 30 minutes.
>>> So we're having some ISP issues lately, meaning we have to reboot our
>>> cable modem like 2-3 times a day. An unfortunate side-effect I've
>>> found is, once the users max out their connection limit (which I've
>>> set to 10, and many people do), if we reboot the cable modem, they
>>> can't log in cause their connections get 'stuck' until I `doveadm
>>> kick` them, or wait for the connections to timeout which takes ???
>>> minutes. Can I adjust that value to something like 30 seconds?
I think you're both out of luck WRT Dovecot:
$ grep timeout /etc/dovecot/dovecot.conf
#mbox_lock_timeout = 300
#mbox_dotlock_change_timeout = 120
In the case of the firewall timeout issue, if it's not configurable and
the 30 min limit is hard coded, throw that POS out the windows and get
something decent. You can build your own as powerful as most "hardware"
units with a $500 server, Linux, and if you need a GUI there's IPcop,
Shorewall, etc. You know it's a major problem and yet you live with it?
Can you point me to the RFC that states all TCP sessions should be
closed after 30 minutes? [...]
In the case of the dodgy cable modem, would you expect
Ford/GM/Chrysler/Toyota/Honda/etc to re-engineer the engine control
computers on their cars to allow running on a 90/10 mix of
gasoline/water because *all* of the service stations in your town or the
surrounding area where you can get fuel have perennial problems with
water in their underground tanks?
In both cases you're asking your application server to deal with
problems totally outside its realm of responsibility. In both cases,
adding imapproxy in front of the Dovecot servers *might* help to an
extent since it proxies all connections. If the MUAs are smart enough
to realize their IP sessions have been terminated and try to reconnect
after the firewall or cable modem goes down/up, imapproxy may help, as
it will be sitting between the "problem" and the Dovecot server. Thus,
when the MUAs reconnect, imapproxy should reconnect them to the Dovecot
server over an existing IMAP/S connection, avoiding the concurrent
connection issue. Although, implementing imapproxy will require the
Given your circumstances it may be worth a shot, especially in the dodgy
cable modem case. In the case of the crappy "hardware" firewall, the
cost of a FOSS firewall solution is the same as an imapproxy box, as the
software is free and the hardware cost is the same.
1. Solve the 30 min firewall timeout issue: replace firewall
2. Possibly solve the dodgy cable modem issue: install an imapproxy box
More information about the dovecot