On Fri, 16 May 2008, Joe Allesi wrote:
We had this same problem, and switching to high-performance mode helps. However, finding out which user or application is logging in, and controlling the end-user is the only way to fix it. In our case it was a multi-threaded application that used IMAP (excessively). Monitoring the maillog should help point you in the right direction. Dozens of these per minute should throw up a red-flag:
Looking back through the log for today we only have about 7-35 imap-logins happening per minute, from an assortment of users. There doesn't appear to be one user that's doing more than others. One thing I did notice was entries like this:
imap-login: Login: user=<faizalmi>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
Is there a reason the rip/lip would say 127.0.0.1 for some small number of users and not others?
It would help to know what these extra processes are doing. Unfortunately there's no simple way to do that.. Maybe writing a script that trusses the processes for a few seconds and then seeing what it shows?
To truss each imap-login I would need to write the script to execute "truss imap-login" and put that in place of imap-login in the config file? I think I might try the source code re-compile first..
-bryan