[Dovecot] Dovecot-2.0 conf misc questions

Timo Sirainen tss at iki.fi
Fri Jun 25 23:06:53 EEST 2010 

On Wed, 2010-06-23 at 18:57 +0200, Thomas Hummel wrote:
> On Wed, Jun 23, 2010 at 04:40:35PM +0100, Timo Sirainen wrote:
> 
> Hello Timo,
> 
> > >   doveconf: Fatal: Error in configuration file /usr/local/dovecot-1.2.12/etc/dovecot.conf line 176: Unknown setting: process_limit
> > 
> > This was caused by the old settings translator. What was in line 176?
> 
>   login_max_processes_count = 1024

That alone doesn't break it with my tests. Could you send me the entire
config file so I could get this fixed?

> > imap process_limit + pop3 process_limit + whatever other protocols you
> > have enabled and + their process_limit.
> 
> Ok. Can you explain what are :
> 
>   #default_process_limit = 100 -> which processes ?
>   #default_client_limit = 1000 -> 1 client == 1 remote ip ?
>   #default_vsz_limit = 256M -> ?

These are all defaults for service {} blocks. Some services override
them, most keep the defaults. So:

default_process_limit: Nearly all processes of same type.

default_client_limit: This is mainly for non-imap/pop3 processes, since
they have overridden it. 1 client = 1 connection, usually from another
Dovecot process.

default_vsz_limit: This is the default for almost all processes. If the
processes' VSZ memory area grows beyond that, kernel kills it.

You're not normally supposed to change or really even understand
those :) I've added a few checks where Dovecot complains if the limits
aren't right. If they're too low, you'll get an error message explaining
it. In that case you could also report it to me and I'll see if I can
add an early warning for that.

> > >   . why is this default not in 10-auth.conf file ?
> > 
> > You mean why isn't there an example remote {} block there? 
> 
> No. I mean, why isn't the 'disable_plaintext_auth' directive not in the
> auth.conf file, since it's an auth related directive ?

Oh. Yeah, I guess it is. Moved:
http://hg.dovecot.org/dovecot-2.0/rev/5326d6b2f36e

> > >   . would I have been allowed to do, for instance, in that file at the same line
> > > 
> > >     protocol imap {
> > >      remote <internal network address> {
> > >      disable_plaintext_auth = no
> > >     }
> > > 
> > > ?
> > 
> > Yes.
> 
> But didn't you just say that "Currently auth settings don't support local/remote blocks" ?

disable_plaintext_auth isn't really "auth setting" :) It's handled by
login processes, not auth processes. That's also why I didn't think of
putting it into auth.conf first.

> > > Finally, would it make sense to declare other auth listeners than the two
> > > listed by default in the 10-master.conf file ?
> > 
> > The defaults also have one example auth(-client) socket commented out
> > for Postfix. You can create more of them if you want, but unless
> > something actually uses them they're a bit pointless.
> 
> Ok, maybe I meant "the auth-userdb" unix listener is mandatory" : is it
> ?

It's not mandatory if you don't use anything that needs it (dovecot-lda,
some doveadm commands, etc).

More information about the dovecot mailing list