[Dovecot] Intermitent ldap auth problems benchmarking dovecot

Maria Arrea maria_arrea at gmx.com
Tue Apr 12 12:15:46 EEST 2011 

Hello

 We are using SLAMD (Distributed Load Generation Engine, www.slamd.com) to benchmark our dovecot server (ldap auth). We are simulating 2.000 simultaneous logins and 20% of them fail. We saw the following errors in the log:


Apr 12 09:40:07 buzon dovecot: auth: Error: ldap(correo,192.168.4.153): Request queue is full (oldest added 1 secs ago)
 Apr 12 09:40:07 buzon dovecot: auth: Error: ldap(correo,192.168.4.153): Request queue is full (oldest added 1 secs ago)
 Apr 12 09:40:07 buzon dovecot: auth: Error: ldap(correo,192.168.4.153): Request queue is full (oldest added 1 secs ago)


 We increased auth_worker_max_count from 350 to 3500 (10x increase). Now we see the following errors (still 20% of logins fail):


 Apr 12 10:14:45 buzon dovecot: imap-login: Internal login failure (pid=29016 id=24783) (auth failed, 1 attempts): user=<correo>, method=PLAIN, rip=192.168.4.153, lip=192.168.4.80, mpid=21284
 Apr 12 10:14:45 buzon dovecot: imap-login: Internal login failure (pid=29016 id=24784) (auth failed, 1 attempts): user=<correo>, method=PLAIN, rip=192.168.4.153, lip=192.168.4.80, mpid=21286


 What are we doing wrong? We expect 1000 simultaneous imap sessions, we have 65.000 mailboxes.


 This is our doveconf -n output

 # 2.0.11: /etc/dovecot/dovecot.conf
 # OS: Linux 2.6.18-238.5.1.el5 x86_64 Red Hat Enterprise Linux Server release 5.6 (Tikanga) ext4
 auth_debug = yes
 auth_master_user_separator = *
 auth_mechanisms = plain login
 auth_worker_max_count = 3500
 base_dir = /var/run/dovecot/
 default_client_limit = 5000
 default_process_limit = 6500
 disable_plaintext_auth = no
 imap_client_workarounds = tb-extra-mailbox-sep delay-newmail
 lda_mailbox_autocreate = yes
 lda_mailbox_autosubscribe = yes
 mail_fsync = never
 mail_gid = entrega
 mail_home = /buzones/%2.26Hn/%2.200Hn/%n/
 mail_location = mdbox:/buzones/%2.26Hn/%2.200Hn/%n:INDEX=/indices_dovecot/indices/%2.26Hn/%2.200Hn/%n
 mail_max_userip_connections = 15000
 mail_plugins = " zlib acl"
 mail_uid = entrega
 managesieve_notify_capability = mailto
 managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date
 mdbox_rotate_interval = 1 days
 mdbox_rotate_size = 60 M
 passdb {
 args = /etc/dovecot/dovecot-ldap.conf
 driver = ldap
 }
 passdb {
 args = /etc/usuario_maestro.txt
 driver = passwd-file
 master = yes
 }
 passdb {
 args = /etc/dovecot/dovecot-ldap.conf
 driver = ldap
 }
 plugin/acl = vfile
 plugin/quota = dict:Cuota de usuario::file:/buzones/cuotas/%n
 plugin/quota_rule2 = Trash:storage=+10%%
 plugin/quota_warning = storage=95%% /usr/local/bin/quota-warning.sh 95
 plugin/quota_warning2 = storage=80%% /usr/local/bin/quota-warning.sh 80
 plugin/sieve = /buzones/%2.26Hn/%2.200Hn/%n/dovecot.sieve
 plugin/sieve_dir = /buzones//%2.26Hn/%2.200Hn/%n/sieve/
 plugin/zlib_save = gz
 plugin/zlib_save_level = 9
 protocols = pop3 imap sieve
 service anvil {
 client_limit = 25000
 }
 service auth {
 client_limit = 28000
 unix_listener auth-master {
 user = entrega
 }
 unix_listener auth-userdb {
 user = entrega
 }
 user = root
 }
 service imap-login {
 executable = /usr/libexec/dovecot/imap-login
 group = dovenull
 service_count = 0
 }
 service imap {
 executable = /usr/libexec/dovecot/imap
 process_limit = 6000
 }
 service managesieve-login {
 executable = /usr/libexec/dovecot/managesieve-login
 inet_listener sieve {
 port = 2000
 }
 process_limit = 2000
 }
 service managesieve {
 executable = /usr/libexec/dovecot/managesieve
 process_limit = 5000
 }
 service pop3-login {
 executable = /usr/libexec/dovecot/pop3-login
 process_limit = 4000
 service_count = 0
 }
 service pop3 {
 executable = /usr/libexec/dovecot/pop3
 process_limit = 4000
 }
 ssl_ca = </etc/pki/generico/cacert.crt.pem
 ssl_cert = </etc/pki/generico/wildcard.crt
 ssl_key = </etc/pki/generico/wildcard-key.pem
 userdb {
 args = /etc/dovecot/dovecot-ldap.conf
 driver = ldap
 }
 userdb {
 args = /etc/dovecot/dovecot-ldap-userdb.conf
 driver = ldap
 }
 verbose_proctitle = yes
 protocol sieve {
 managesieve_implementation_string = dovecot
 managesieve_logout_format = bytes=%i/%o
 managesieve_max_line_length = 65536
 }
 protocol lda {
 hostname = us.es
 info_log_path =
 log_path =
 mail_fsync = optimized
 mail_plugins = sieve zlib
 postmaster_address = evcorreo at domain.es
 syslog_facility = mail
 }
 protocol imap {
 mail_plugins = zlib
 }
 protocol pop3 {
 mail_plugins = zlib
 pop3_enable_last = yes
 pop3_uidl_format = %g
 }

More information about the dovecot mailing list