Hi Stan,
thank you very much for your help!
On Mon, 2010-09-27 at 04:24 -0500, Stan Hoeppner wrote:
Harald Strack put forth on 9/27/2010 3:59 AM:
Hi,
I set mail_max_userip_connections in our IMAP configuration to
mail_max_userip_connections = 10
to allow users 10 parallel connections. It seems that this also limits the amount of parallel connections from one IP but different users?!
Our users mostly accessing the IMAP server by a webmailer or proxies. Thus, all users (>10000) come from only 5 different IP. However, I got a lot of complaints about denied connections after setting mail_max_userip_connections = 10.
Am I right with the meaning of this parameter?
More importantly, what were you attempting to accomplish by setting this? What problem were you expecting it to solve?
Webmail servers typically don't hold an IMAP connection open for more than a few seconds so this setting does nothing in a webmail only environment. We do have 1000s of parallel connections. Even a few seconds per connection needs more than 10 parallel connections.
Proxies on the other hand, such as imapproxy, will hold concurrent connections open for quite a while. Enabling this setting with upstream imap proxies is a bad idea, as you've discovered. We do not use imapproxy. Our proxies behave more like NAT-gateways: the IMAP-Server get's a lot of connections from different users from the same IP.
Again, what specific problem are you trying to solve?
we have the problem that some users forked more than 100 processes (in one case we know the user was accessing the server with a custom script, some are caused by any buggy clients that do too many reconnects...).
We want to limit the number of imap processes per user to 10, but not the number of processes per client IP (because of the proxies).
Any idea?
Thanks in advance
Harry