On 16.3.2012, at 13.07, Mauricio López Riffo wrote:
We actually have a mail hosting solutions with aprox. 100 thousand of email account, where about 90% of a customers use POP3 like email configuration. About a few mounths (we perfomed a lot of migration throught mbox email software to Maildir with dovecot) but i can see that the performance is very poor and receive complaint about delays of autentications of accounts.
The solution lives in Metrocluster Netapp storage, filesystem NFS, VMware as a virtualization (the mtas are a virtual machines lives in netapp too) about 4T of data mails and a 10G network connection (betwen mtas and nfs storage) All account information work in LDAP plataform (two servers in replicated mode, no high average or delays detected in this servers)
Maildir isn't very good for POP3, especially if the POP3 clients delete the mails after download. With Dovecot you could look into switching to multi-dbox format, which would have much better performance.
When the traffic have a peak of 1800 concurrent connections POP3, all of service suffer a high load average (about 8 - 20 load average in each dovecot) and authenticacion takes about 2 -10 seconds (in low traffic, autenticacion takes about 60 miliseconds)
What does the CPU usage and NFS IOPS usage look like during those times? Meaning is the problem related to disk usage or something else?
Note that for POP3 connections you don't get the "OK Logged in" reply until all of the message sizes have been read into memory.
Also, each dovecot instance lives un MTA server CentOS 5.8 x86_64 with 6G RAM (virtual machine) and share's hardware with a exim instance, like a MTA relay system (autenticated relay)
Are you randomly redirecting users to different Dovecot servers? Dovecot director would work better: http://wiki2.dovecot.org/Director
auth_worker_max_count = 100
Auth workers are irrelevant with LDAP.
lock_method = dotlock
fcntl would be faster, if your NFS setup can handle it.
mail_cache_min_mail_count = 5
I'm not really sure if it's a good idea to ever set this anything else than 0. Of course if you have detected that this actually decreases disk IO I'd be interested to see numbers.
mail_full_filesystem_access = yes
If your users are sharing the same UID, this means all the users can access each others' mails now! Even if they have different UIDs this is unlikely to be helpful.
mail_location = maildir:%h/Maildir:INDEX=/data/cache/indexes/%2d/%1u/%2u/%u mail_nfs_storage = yes
Is /data also on NFS? Or does each server have its own local indexes?
maildir_copy_with_hardlinks = no
This makes IMAP COPY command slower. Is there a reason why you've disabled it?
service imap-postlogin { executable = script-login /usr/local/bin/postlogin.sh user = root }
post-login script makes logins slower. What do you do in it? Why only for IMAP, not POP3?
plugin { autocreate = Sent Items autocreate2 = Spam autocreate3 = Drafts autocreate4 = Trash autosubscribe = Sent Items autosubscribe2 = Spam autosubscribe3 = Drafts autosubscribe4 = Trash }
These also slow logins down a little bit. v2.1 fixes that.
protocol pop3 { mail_plugins = " quota quota notify mail_log" pop3_reuse_xuidl = yes pop3_save_uidl = yes pop3_uidl_format = %u }
pop3_uidl_format=%u is a little bad, since it doesn't include %v. And you can improve pop3 performance with:
pop3_no_flag_changes=yes
And if the maildir filenames don't contain S=1234 sizes, this also makes a huge difference:
pop3_fast_size_lookups=yes