auth client limit versus service count of mail processes
Timo Sirainen
tss at iki.fi
Tue Nov 29 12:30:37 UTC 2016
On 29 Nov 2016, at 2.57, Christian Balzer <chibi at gol.com> wrote:
>
> service imap {
> # Most of the memory goes to mmap()ing files. You may need to increase this
> # limit if you have huge mailboxes.
> #vsz_limit = $default_vsz_limit
> vsz_limit = 512M
>
> # Max. number of IMAP processes (connections)
> #process_limit = 1024
> process_limit = 524288
> }
..
> But adding a "service_count = 100" line (any value larger than 1 really) to
> the imap section we get the dreaded:
> ---
> Nov 28 17:05:40 mbx09 dovecot: config: Warning: service auth { client_limit=16384} is lower than required under max. load (528384)
> ---
>
> 1. Where's the difference in Dovecot's logic between a mail service that
> has a service count of 1 versus one with >1?
With service_count=1 it disconnects from auth immediately after logging in. With service_count>0 the auth connection is kept open for the entire existence of the imap process. This is mainly because after dropping privileges it wouldn't be able to connect to the auth-master socket again. In theory if the socket permissions were changed, it could keep reconnecting to auth-master and not keep connections open all the time.
> 2. Any way to get the process recycling for IMAP going w/o setting the fd
> limit to a ridiculous amount?
How about shrinking the imap process_limit? I highly doubt you can actually run 500k imap processes per server and have it still working. The largest I've ever heard people running has been 50k processes per server.
More information about the dovecot
mailing list