Occasional service disruptions

Mon Jun 6 15:38:58 UTC 2022

Hello,

On a server with (Postfix and) Dovecot 2.3.18 (on a VM running CentOS 7 
- 1 CPU, 5 GB RAM) with the config you will see below, we are facing 
occasional (infrequent) service disruptions: IMAP service seems 
unavailable to some users.

Jun  6 12:01:25 vweb2 roundcube: <1eecb0d4> IMAP Error: Login failed for 
imaptester against vmail2.noa.gr from 195.251.202.xxx. Could not connect 
to ssl://vmail2.noa.gr:993: Connection rejected in 
/var/webs/webmail/rcube/program/lib/Roundcube/rcube_imap.php on line 211 
(POST /?_task=login&_action=login)

At that time there was no associated logged event in dovecot log. (Other 
users are logging in and out.)

However, I see some warnings (I list the two of them closest to the 
above event):

Jun 06 12:01:22 imap(user1)<29639><Vr0atcPg5M3BXBCl>: Warning: Inotify 
instance limit for user 500 (UID vmail) exceeded, disabling. Increase 
/proc/sys/fs/inotify/max_user_instances
...
Jun 06 12:01:26 imap(user2)<29793><rZuSt8PgztoKyVSG>: Warning: Inotify 
instance limit for user 500 (UID vmail) exceeded, disabling. Increase 
/proc/sys/fs/inotify/max_user_instances

(In above log excerpts I've only modified real usernames.)

Restarting Dovecot returns things back to normal.

I have tried to use "service_count = 100" in all configured services, to 
see how it goes.

Most of the config is inherited from the past (older versions) and is 
not optimized. For example one can observe different "process_limit" 
values for different services, for no apparent reason I am aware of.

Could anyone suggest changes and/or additions to the OS and/or Dovecot 
to resolve this issue?

Any additional suggestions will also be welcome.

Thanks in advance for your kind assistance.

Here is the config (I've only changed postmaster address):

=======================================================================

protocols = imap pop3 sieve lmtp

login_greeting = Dovecot NOA ICXC-NIKA

log_path = /var/log/dove.log

mail_location = maildir:~/Maildir/

mail_gid = 500
mail_uid = 500

auth_mechanisms = plain login
auth_username_format = %Ln

auth_verbose = no
auth_debug = no
mail_debug = no

disable_plaintext_auth = no

mail_plugins = quota mail_log notify

protocol imap {
   imap_client_workarounds = "delay-newmail"
   mail_plugins = quota imap_quota mail_log notify
   mail_max_userip_connections = 400

   namespace inbox {
    mailbox Trash {
     autoexpunge = 15d
    }
   }
}

protocol pop3 {
   mail_max_userip_connections = 3
   mail_plugins = quota notify
   pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
   pop3_uidl_format = %08Xu%08Xv

   namespace inbox {
    mailbox Trash {
     autoexpunge = 15d
    }
   }
}

protocol lda {
   auth_socket_path = /var/run/dovecot/auth-master
   mail_plugins = quota notify sieve
   postmaster_address = xxxxxxxxx at noa.gr
   sendmail_path = /usr/lib/sendmail
}

protocol lmtp {
   auth_socket_path = /var/run/dovecot/auth-master
   postmaster_address = xxxxxxxxx at noa.gr
   mail_plugins = quota notify sieve
   sendmail_path = /usr/lib/sendmail
}

protocol sieve {
   managesieve_max_line_length = 65536
   mail_max_userip_connections = 10
   managesieve_logout_format = bytes=%i/%o

   managesieve_max_compile_errors = 10
}

userdb {
   args = /etc/dovecot/dovecot-usrdb-ldap.conf
   driver = ldap
}

passdb {
   args = /etc/dovecot/dovecot-passdb-ldap.conf
   driver = ldap
}

plugin {
   mail_log_events = delete undelete expunge copy mailbox_delete 
mailbox_rename flag_change save mailbox_create
   mail_log_fields = uid box msgid size flags vsize from subject

   quota = maildir:User quota
   quota_rule = *:storage=15G
   quota_rule2 = Trash:storage=+3%%
   quota_warning = storage=75%% quota-warning 75 %u
   quota_warning2 = storage=90%% quota-warning 90 %u

   sieve = file:~/sieve;active=~/.dovecot.sieve
   sieve_max_script_size = 0
   sieve_max_actions = 0
   sieve_max_redirects = 2
}

service quota-warning {
   executable = script /opt/mail1.sh
   user = vmail
   unix_listener quota-warning {
     user = vmail
   }
}

service auth {
   unix_listener /var/spool/postfix/private/auth {
     group = postfix
     mode = 0660
     user = postfix
   }
   unix_listener auth-master {
     group = vmail
     mode = 0660
     user = vmail
   }
   user = root
}

service imap-login {
   service_count = 100
   vsz_limit = 64 M
   process_limit = 500
}

service pop3-login {
   service_count = 100
   vsz_limit = 64 M
}

service managesieve-login {
   inet_listener sieve {
     port = 4190
   }

   service_count = 100
   process_min_avail = 0
   vsz_limit = 64M
}

service managesieve {
   process_limit = 1024
}

service imap {
   executable = imap postlogin
   process_limit = 2048
}

service pop3 {
   executable = pop3 postlogin
}

service postlogin {
   executable = script-login -d rawlog
   unix_listener postlogin {
   }
}

service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    group = postfix
    mode = 0600
    user = postfix
   }
}

ssl = yes
ssl_cert = </etc/pki/tls/certs/star_noa_gr-cert-with_CA-rev-754868755.crt
ssl_key = </etc/pki/tls/private/star_noa_gr-1243437.key

namespace inbox {

   separator = .
   prefix =
   inbox = yes

   mailbox Drafts {
     special_use = \Drafts
     auto = subscribe
   }
   mailbox Junk {
     special_use = \Junk
     auto = subscribe
   }
   mailbox Trash {
     special_use = \Trash
     auto = subscribe
   }
   mailbox Sent {
     special_use = \Sent
     auto = subscribe
   }
}

=======================================================================

Nick