On Sat, 2007-06-30 at 19:11 -0400, Charles Marcus wrote:
Timo Sirainen, on 6/30/2007 6:43 PM, said the following:
v1.1 has now:
# Maximum number of connections allowed for a user. The limits are enforced # separately for IMAP and POP3 connections, so you can move this setting # inside protocol {} to have separate settings for them. NOTE: The user names # are compared case-sensitively, so make sure your userdb returns usernames # always using the same casing so users can't bypass this limit! #mail_max_user_connections = 10
Is 10 a good default?
I'm assuming this is per IP?
No. I'm not sure if it should. Perhaps. It's mostly intended to prevent unintentional abuse by stupid clients, so having 3+ thunderbirds open in different locations with each having 5 connections should probably be allowed.
In Courier, there were two settings:
MAXDAEMONS = 40 (total number of IMAP connections the server would accept)
Dovecot has max_mail_processes defaulting to 1024.
I think it would be a good thing to have both, *and* to allow for setting the MAXPERIP on both a per user and global basis (if a per user value is not provided it uses the global default).
Later, adding the ability to set them both on a per domain basis, and the MAXPERIP on a per domain/user basis would be even better...
All of these seem to be for handling intentional abuse. v2.0 maybe.