On Feb 8, 2012, at 3:58 AM, Héctor Moreno Blanco wrote:
-snip-
service imap-login { executable = /usr/local/dovecot/libexec/dovecot/imap-login inet_listener imap { address = * port = 143 } inet_listener imaps { address = * port = 993 } process_limit = 2048 process_min_avail = 20 user = vmail } service imap { executable = /usr/local/dovecot/libexec/dovecot/imap process_limit = 2048 }
- snip, again -
The problem is at the moment of maximum load of the system. We can see many imap sessions but there are also many imap-login processes, which is weird. Has it something to do with any parameter of our configuration? We think is something with the vsz_limit parameter. How can we tune it?
I'm not 100% sure but if this is the case but it looks like you setting process_limit and process_min_avail in the imap-login service block is putting dovecot in "High Security" mode. http://wiki2.dovecot.org/LoginProcess has good details on that. In short, I suspect your settings are creating a new imap-login process for each new IMAP connection. As I understand it, vsz_limit is more important when running in "High Performance" mode where you have just 1 imap-login process that handles all new IMAP connections. That process can grow quite large if you have a lot of simultaneous IMAP clients.
Thank you very much in advanced.
Kind regards.
[cid:image001.gif@01CCE647.65B8FB30]
Héctor Moreno Blanco División de Seguridad e Infraestructuras / Security and Infrastructures Division
GMV Isaac Newton, 11 P.T.M. Tres Cantos E-28760 Madrid Tel. +34 91 807 21 00 Fax +34 91 807 21 99 www.gmv.com http://www.gmv.com/ [cid:image002.gif@01CCE647.65B8FB30]http://www.gmv.com/b2_gmv
[cid:image003.gif@01CCE647.65B8FB30]http://www.facebook.com/infoGMV
[cid:image004.gif@01CCE647.65B8FB30]http://www.twitter.com/infoGMV_es
[cid:image005.gif@01CCE647.65B8FB30]http://www.youtube.com/infoGMV
This message including any attachments may contain confidential information, according to our Information Security Management System, and intended solely for a specific individual to whom they are addressed. Any unauthorised copy, disclosure or distribution of this message is strictly forbidden. If you have received this transmission in error, please notify the sender immediately and delete it.
Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede contener informacion clasificada por su emisor como confidencial en el marco de su Sistema de Gestion de Seguridad de la Informacion siendo para uso exclusivo del destinatario, quedando prohibida su divulgacion copia o distribucion a terceros sin la autorizacion expresa del remitente. Si Vd. ha recibido este mensaje erroneamente, se ruega lo notifique al remitente y proceda a su borrado. Gracias por su colaboracion.
Hope this helps, David Warden