On Fri, 16 May 2008 14:47:05 -0400 (EDT) Bryan Polk wrote:
On Fri, 16 May 2008, Joe Allesi wrote:
We had this same problem, and switching to high-performance mode helps. However, finding out which user or application is logging in, and controlling the end-user is the only way to fix it. In our case it was a multi-threaded application that used IMAP (excessively). Monitoring the maillog should help point you in the right direction. Dozens of these per minute should throw up a red-flag:
Looking back through the log for today we only have about 7-35 imap-logins happening per minute, from an assortment of users. There doesn't appear to be one user that's doing more than others. One thing I did notice was entries like this:
imap-login: Login: user=<faizalmi>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
Is there a reason the rip/lip would say 127.0.0.1 for some small number of users and not others?
Do you have a Web-Interface like SquirrelMail or Horde on the same host? Our SquirrelMail shows up in this fashion.
--Frank Elsner