you may be able to band-aid things by running dovecot from xinetd and using the 'instances' [0] keyword. I don't know if you can specify 'instances per IP' but it may be in the xinetd website [1]. (ok a litle more digging here [3] - per_source arg) Your connections may get a bit soggy running through xinetd, but I think this will give you some control as a tradeoff.
I wonder how your users are generating that many connections. Try running this shell code [2] at a command prompt and see what the connections are doing (right most column is the timer). Of course, if you are not using ssl, then you problably want to grep for 143, the port number.
[0] - man xinetd.conf
instances determines the number of servers that can be simultaneously active for a service (the default is no limit). The value of this attribute can be either a number or UNLIMITED which means that there is no limit.
[1] - http://www.xinetd.org/
[2] - while [ 1 ]; do netstat -topnavel| grep 993; sleep 2; done
[3] - man xinetd.conf
per_source Takes an integer or "UNLIMITED" as an argument. This specifies the maximum instances of this service per source IP address. This can also be specified in the defaults section.
Good luck Thomas
Marten Lehmann wrote:
Hello,
today dovecot almost died again. Actually, the daemon was still running, but the daemon didn't reply with its greeting message after establishing a connection. I noticed two things that scare me: One dovecot-process was running with almost 100% load and there were two extreme users, one with more than 80 concurrent connections, the other one with about 50 connections.
The only way I found to limit connections was max_mail_processes. But this doesn't help very much. I'm looking for something like MAXPERIP as I find in courier-imap. I don't want to switch back to courier-imap because I cannot limit anything in dovecot.
Regards Marten