Dovecot performance and proxy loops with IPv6
Daniel Betz
dbetz at df.eu
Thu Feb 2 13:07:38 UTC 2017
Hello list,
i run here an large mailsetup with some million mailboxes and got strange performance problems, cause i think i have overseen or forgotten an simple setting.
Here are some details:
21 CentOS 7 Servers with dovecot 2.2.25 and ldap userdb/passdb via socket behind an hardware loadbalancer.
The storage behind is an ISCSI Storage with 4 10Gbit/s multipath paths, splitted up to 10 TB volumes for each server with LVM and xfs filesystem. No Cluster FS
Each server has about 60.000 to 75.000 mailboxes on it. mailboxes can have up to 10Gbyte space.
The Log says this sometimes and complete random:
Feb 1 10:42:49 server1 dovecot: pop3-login: Error: net_connect_unix(pop3) failed: Resource temporarily unavailable - http://wiki2.dovecot.org/SocketUnavailable
Feb 1 10:42:50 server1 dovecot: pop3-login: Error: net_connect_unix(pop3) failed: Resource temporarily unavailable - http://wiki2.dovecot.org/SocketUnavailable
Feb 1 10:42:50 server1 dovecot: pop3-login: Error: net_connect_unix(pop3) failed: Resource temporarily unavailable - http://wiki2.dovecot.org/SocketUnavailable
Feb 1 10:42:50 server1 dovecot: pop3-login: Error: net_connect_unix(pop3) failed: Resource temporarily unavailable - http://wiki2.dovecot.org/SocketUnavailable
Feb 1 10:42:50 server1 dovecot: imap-login: Error: net_connect_unix(imap) failed: Resource temporarily unavailable - http://wiki2.dovecot.org/SocketUnavailable
Feb 1 10:42:50 server1 dovecot: pop3-login: Error: net_connect_unix(pop3) failed: Resource temporarily unavailable - http://wiki2.dovecot.org/SocketUnavailable
Sure i have read the SocketUnavailabe wiki page and changed some settings, but the errors are not gone.
Could you please look over my dovecot config and give me some tips or hints what to change.
The next this is, when adding IPv6 via DNS to the hosts and login with IPv6 i will become an proxy loop.
Settings in nameserver:
server1.domain.com IN A 123.123.123.123
server1.domain.com IN AAAA 2001:123::1
The host entry comes from the ldap and says: mailHost: server1.domain.com
Imap Login with IPv6 to server1.domain.com tries to proxy from server1.domain.com ( IPv6 ) to server1.domain.com ( IPv6 ) and loops then.
I have removed the IPv6 AAAA entries in the dns to stop this loops.
Sorry, but i have no logs for this anymore.
Thanks in advise,
Daniel
And here system configs and dovecot configs:
sysctl:
fs.inotify.max_user_instances = 65535
fs.inotify.max_user_watches = 16384
systemd startup with ulimit settings:
[Unit]
Description=Dovecot Mailservice IMAP/POP
[Service]
Type=simple
LimitCORE=0
LimitNPROC=5000000
LimitNOFILE=65535
LimitSTACK=81920
LimitDATA=infinity
LimitMEMLOCK=infinity
LimitRSS=infinity
LimitAS=infinity
ExecStart=/usr/local/dovecot2/sbin/dovecot -F -c /usr/local/dovecot2/etc/dovecot/dovecot.conf
[Install]
WantedBy=multi-user.target
dovecot-ldap.conf:
uris = ldapi://%2Fvar%2Frun%2Fldapi
dn = cn=xxxxxxx,o=domain,c=com
dnpass = xxxxxxxxxxxxx
auth_bind = no
ldap_version = 3
base = o=domain,c=com
user_attrs = mail=user,mailMessageStore=home,\
mailQuota=quota_rule=*:storage=%$
iterate_filter= (|(mailHost=server1.domain.com)(mailHost=popserver1.domain.com))
user_filter = (&(accountstatus=active)(|(uid=%u)(mail=%u)))
pass_attrs = mail=user,userPassword=password,=proxy_maybe=y,mailHost=host,=destuser=%u[%r]
pass_filter = (&(accountstatus=active)(|(uid=%u)(mail=%u)))
dovecot.conf:
# 2.2.25 (7be1766): /usr/local/dovecot2/etc/dovecot/dovecot.conf
# OS: Linux 3.10.0-327.36.3.el7.x86_64 x86_64 CentOS Linux release 7.2.1511 (Core)
auth_cache_negative_ttl = 1 mins
auth_cache_size = 64 M
auth_cache_ttl = 2 hours
auth_mechanisms = plain login
auth_username_chars =
auth_verbose = yes
base_dir = /var/run/dovecot/
debug_log_path = /dev/null
default_login_user = dovecot
disable_plaintext_auth = no
doveadm_password = # hidden, use -P to show it
doveadm_port = 12345
first_valid_gid = 1001
first_valid_uid = 1001
info_log_path = /dev/stderr
lda_mailbox_autocreate = yes
lda_original_recipient_header = X-Envelope-To
log_path = /dev/stderr
log_timestamp =
login_log_format_elements = user=[%u] method=%m rip=%r lip=%l %c
mail_gid = 1001
mail_location = mdbox:~:INDEX=%h/INDEX
mail_plugins = "notify replication stats"
mail_uid = 1001
mbox_write_locks = fcntl
namespace {
inbox = yes
location =
prefix = INBOX.
separator = .
type = private
}
passdb {
args = /usr/local/dovecot2/etc/dovecot/dovecot-ldap.conf
driver = ldap
}
plugin {
quota = dict:User quota::file:%h/mdbox/dovecot-quota
quota_warning = storage=85%% quota-warning 85 %u
stats_refresh = 30 secs
stats_track_cmds = yes
}
replication_max_conns = 30
sendmail_path = /usr/local/exim/bin/exim
service aggregator {
fifo_listener replication-notify-fifo {
mode = 0666
user = popuser
}
unix_listener replication-notify {
mode = 0666
user = popuser
}
}
service anvil {
client_limit = 60000
}
service auth {
client_limit = 60000
unix_listener auth-userdb {
mode = 0666
user = popuser
}
unix_listener auth {
mode = 0666
user = popuser
}
}
service config {
unix_listener config {
user = popuser
}
}
service dict {
unix_listener dict {
mode = 0666
user = popuser
}
}
service doveadm {
inet_listener {
port = 12345
}
user = popuser
}
service imap-login {
chroot = login
process_limit = 60000
process_min_avail = 16
}
service imap {
executable = /usr/local/dovecot2/libexec/dovecot/imap
process_limit = 250000
}
service ipc {
client_limit = 60000
unix_listener ipc {
mode = 0650
user = dovecot
}
unix_listener login/ipc-proxy {
mode = 0650
user = dovecot
}
}
service lmtp {
unix_listener lmtp {
mode = 0666
user = popuser
}
}
service pop3-login {
chroot = login
process_limit = 60000
process_min_avail = 16
}
service pop3 {
executable = /usr/local/dovecot2/libexec/dovecot/pop3
process_limit = 250000
}
service replicator {
unix_listener replicator-doveadm {
mode = 0600
user = popuser
}
}
service stats {
fifo_listener stats-mail {
mode = 0600
user = popuser
}
}
ssl_cert = </usr/local/dovecot2/etc/dovecot/certs/cert1.crt
ssl_key = </usr/local/dovecot2/etc/dovecot/certs/cert1.key
ssl_protocols = TLSv1.2 TLSv1.1 TLSv1 !SSLv3 !SSLv2
userdb {
args = /usr/local/dovecot2/etc/dovecot/dovecot-ldap.conf
driver = ldap
}
verbose_proctitle = yes
protocol doveadm {
mail_plugin_dir = /usr/local/dovecot2/lib/dovecot/
mail_plugins = quota
}
protocol lda {
info_log_path = /var/log/dovecot-lda
log_path = /var/log/dovecot-lda
log_timestamp = "%b %d %H:%M:%S "
mail_plugin_dir = /usr/local/dovecot2/lib/dovecot/
mail_plugins = quota
postmaster_address = %u
}
protocol imap {
imap_client_workarounds =
mail_max_userip_connections = 100
mail_plugin_dir = /usr/local/dovecot2/lib/dovecot/
mail_plugins = quota imap_quota stats imap_stats
}
protocol pop3 {
mail_plugin_dir = /usr/local/dovecot2/lib/dovecot/
mail_plugins = quota stats
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
pop3_enable_last = yes
pop3_fast_size_lookups = yes
pop3_reuse_xuidl = no
pop3_uidl_format = %g
}
local xxx.xxx.xxx.54 {
protocol imap {
ssl_cert = </usr/local/dovecot2/etc/dovecot/certs/cert1.crt
ssl_key = </usr/local/dovecot2/etc/dovecot/certs/cert1.key
}
}
local xxx.xxx.xxx.54 {
protocol pop3 {
ssl_cert = </usr/local/dovecot2/etc/dovecot/certs/cert1.crt
ssl_key = </usr/local/dovecot2/etc/dovecot/certs/cert1.key
}
}
local xxx.xxx.xxx.55 {
protocol imap {
ssl_cert = </usr/local/dovecot2/etc/dovecot/certs/cert2.crt
ssl_key = </usr/local/dovecot2/etc/dovecot/certs/cert2.key
}
}
local xxx.xxx.xxx.55 {
protocol pop3 {
ssl_cert = </usr/local/dovecot2/etc/dovecot/certs/cert2.crt
ssl_key = </usr/local/dovecot2/etc/dovecot/certs/cert2.key
}
}
local xxx.xxx.xxx.56 {
protocol imap {
ssl_cert = </usr/local/dovecot2/etc/dovecot/certs/cert3.crt
ssl_key = </usr/local/dovecot2/etc/dovecot/certs/cert3.key
}
}
local xxx.xxx.xxx.56 {
protocol pop3 {
ssl_cert = </usr/local/dovecot2/etc/dovecot/certs/cert3.crt
ssl_key = </usr/local/dovecot2/etc/dovecot/certs/cert3.key
}
}
local xxxx:xxxx::fa {
protocol imap {
ssl_cert = </usr/local/dovecot2/etc/dovecot/certs/cert1.crt
ssl_key = </usr/local/dovecot2/etc/dovecot/certs/cert1.key
}
}
local xxxx:xxxx::fa {
protocol pop3 {
ssl_cert = </usr/local/dovecot2/etc/dovecot/certs/cert1.crt
ssl_key = </usr/local/dovecot2/etc/dovecot/certs/cert1.key
}
}
local xxxx:xxxx::fb {
protocol imap {
ssl_cert = </usr/local/dovecot2/etc/dovecot/certs/cert2.crt
ssl_key = </usr/local/dovecot2/etc/dovecot/certs/cert2.key
}
}
local xxxx:xxxx::fb {
protocol pop3 {
ssl_cert = </usr/local/dovecot2/etc/dovecot/certs/cert2.crt
ssl_key = </usr/local/dovecot2/etc/dovecot/certs/cert2.key
}
}
local xxxx:xxxx::fc {
protocol imap {
ssl_cert = </usr/local/dovecot2/etc/dovecot/certs/cert3.crt
ssl_key = </usr/local/dovecot2/etc/dovecot/certs/cert3.key
}
}
local xxxx:xxxx::fc {
protocol pop3 {
ssl_cert = </usr/local/dovecot2/etc/dovecot/certs/cert3.crt
ssl_key = </usr/local/dovecot2/etc/dovecot/certs/cert3.key
}
}
More information about the dovecot
mailing list