On Wed, 2010-11-03 at 09:26 -0400, Charles Marcus wrote:
On 2010-11-03 9:12 AM, Jürgen Obermann wrote:
Quoting Timo Sirainen tss@iki.fi:
But you would probably benefit from not having that many login processes: http://wiki2.dovecot.org/LoginProcess
I now switched the login processes from high security to high performance mode, because the problem appeared again.
Just curious - how much less secure is the high performance mode?
Copy&pasting (slightly just updated) from the wiki:
High-performance mode
It works by using a number of long running login processes, each handling a number of connections. This loses much of the security benefits of the login process design, because in case of a security hole (in Dovecot or SSL library) the attacker is now able to see other users logging in and steal their passwords, read their mails, etc.