Hi
We've been using Dovecot as our primary IMAP and POP3 server for around 70,000 users for a couple of months now. On the whole, we've been very pleased with the performance of Dovecot - and are extremely grateful to the developers! However, we have had a few issues, some of which we have yet to resolve.
We chose Dovecot because it was the only IMAP/POP3 server we could find that supported direct mysql authentication and both mboxes and maildirs. With exim as our main SMTP server, we were able to convert the inboxes and imap folders for all 70,000 users from mboxes to maildirs without any downtime whatsoever!
For those who are interested, we have a cluster of 5 web/imap servers (running our own webmail software) and a further 5 pop servers all placed behind 2 Zeus load balancers and running RHEL 4 (actually CentOS 4.1). Storage is provided by an EMC Clariion device, which is mounted via NFS onto all servers in the cluster over gigabit ethernet.
- index files
The main problem has always been the index files becoming corrupted. This seems to have improved with the Alpha 4 release, but still happens for several users each day. Perhaps it would be possible for Dovecot to just delete index files and re-create them when they are corrupted, rather than just erroring? Also, how do you turn off index files altogether? Even when mail_never_cache_fields is set for all available fields, they still get created.
Another issue relating to the index files is that, if a user is deleted and then another user created with the same name, dovecot doesn't have permissions to re-write the index files, because it has a different uid. So, whenever a user is deleted, we have to delete the index files from every machine in the cluster. We could store index files on the NFS device, but this would affect performance (and might cause locking problems). A better solution would be to make the uid one of the variables available in default_mail_env. By naming index files by uid rather than username, this wouldn't be an issue.
- initgroups()
We use an nss-mysql to store all non-administrative system users in a mysql database. We often encounter problems with applications that use the initgroups() function, since this returns all users and groups - which in our case returns masses of data from mysql. When using mysql (or ldap etc) for authentication, it would be useful if there were an option to prevent additional system lookups. At present, we have to comment out the following in /src/lib/restrict-access.c, or the server load goes through the roof:
if (initgroups(env, gid) != 0) { i_fatal("initgroups(%s, %s) failed: %m", env, dec2str(gid)); }
- base_dir permissions bug
Since the alpha 4 release, it seems that the permissions dovecot automatically sets for the base_dir are not sufficient to allow the authentication user to access sockets, unless this user belongs to the same group as the login user - which is contrary to the instructions in the documentation. I'm pretty sure this is a bug, but perhaps someone could confirm.
- authentication caching
Also since the alpha 4 release, we have found that, once the authentication cache is full, all subsequent login attempts for users that haven't been cached return "password mismatch". I though this might be a conflict with nscd, but it happens whether nscd is running or not. So, for the time being, we have had to disable the authentication cache.
I'd be very keen to hear from anyone who has any feedback on any of the points above.
Thanks
Marcus
Marcus Don Applications Development Manager Namesco Limited
Main Line: +44 (0)870 120 8888 Main Fax: +44 (0)870 120 8008 Tech Support: +44 (0)870 162 4950 Email: mdon@names.co.uk Website: http://www.names.co.uk Address: Acton House, Perdiswell Park, Worcester, WR3 7GD
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender immediately. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
---------------------------------------
| Free Dial-up - no need to register! |
---------------------------------------Namesco Limited provides Free dialup access to anyone that wishes to use it. You do not even have to be a customer, there is no need to register and is especially handy if you are unable to connect with your current provider. Simply use the following details:
Dialup Number: 0844 535 2100*
Username: namesco
Password: easydialup- Local call rate charges apply, 33% Cheaper than BT's 0845 local call rate.
If you need any help in configuring the Free Dial-up service on your computer, please do not hesitate to call us on 0870 162 4950.