ok, i've found out that the directors are in the doveadm penalty list.

i believe adding the following solves the issue (still testing but looking promising.
login_trusted_networks = 10.0.10.0/24

On Tue, Mar 19, 2019 at 2:19 PM Erik de Waard <erikdewaard@gmail.com> wrote:
Hi,

I've been running dovecot for many years, but now i've hit a strange problem.
when retrieving imap there is sometimes in 1 of 4 imap requests a 4sec latency.

* notes:
- connected directly to the backends this latency disappears
- removing a director from the loadbalancer(lvs) so i'm the only connected to the director
this latency disappears too

I would appreciate some feedback of where to look because i tried various
options. (client_limit,process_limit) perhaps its just as simple as to add more directors
but any feedback would be welcome.

Thank you.

This is the setup: 

-- Internet -> LVS -> 3 Directors ->  9 Backends.

doveadm director status
mail server ip tag vhosts state state changed users                                             
10.0.10.110        100    up    -             3309                                              
10.0.10.111        100    up    -             3412                                              
10.0.10.112        100    up    -             3458                                              
10.0.10.113        100    up    -             3437                                              
10.0.10.115        100    up    -             3368                                              
10.0.10.116        100    up    -             3320                                              
10.0.10.117        100    up    -             3305                                              
10.0.10.118        100    up    -             3291                                              
10.0.10.223        100    up    -             3280                   

#Director doveconf -n
# Pigeonhole version 0.4.22 (22940fb7)
# OS: Linux 4.9.0-6-amd64 x86_64 Debian 9.4 
# Hostname: server312.company.com 
auth_cache_negative_ttl = 0
auth_cache_size = 10 M
auth_cache_ttl = 1 days
auth_username_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@#"
default_client_limit = 3000
director_mail_servers = 10.0.10.223 10.0.10.110 10.0.10.111 10.0.10.112 10.0.10.113 10.0.10.115 10.0.10.116 10.0.10.117 10.0.10.118
director_servers = 10.0.10.114 10.0.10.181 10.0.10.182
director_user_expire = 1 days
disable_plaintext_auth = no
info_log_path = /dev/null
lmtp_proxy = yes
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e encryption=%k secured=%c
mail_max_userip_connections = 100
passdb {
  args = proxy=y nopassword=y
  driver = static
}
protocols = imap lmtp
service director {
  fifo_listener login/proxy-notify {
    mode = 0600
    user = $default_login_user
  }
  inet_listener {
    port = 9090
  }
  unix_listener director-userdb {
    mode = 0600
  }
  unix_listener login/director {
    mode = 0666
  }
}
service imap-login {
  client_limit = 6000
  executable = imap-login director
  process_limit = 4
  process_min_avail = 4
  service_count = 0
  vsz_limit = 600 M
}
service ipc {
  unix_listener ipc {
    user = dovecot
  }
}
service lmtp {
  inet_listener lmtp {
    port = 24
  }
}
ssl_cert = </etc/ssl-certificates/MDC_company_com.crt
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL:!RC4:!SEED@STRENGTH
ssl_key =  # hidden, use -P to show it
ssl_prefer_server_ciphers = yes
protocol lmtp {
  auth_socket_path = director-userdb
}


#backend doveconf -n 
# 2.2.34 (874deae): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.22 (22940fb7)
# OS: Linux 4.9.0-6-amd64 x86_64 Debian 9.4 
auth_cache_negative_ttl = 0
auth_cache_size = 10 M
auth_cache_ttl = 1 days
auth_username_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@#"
default_client_limit = 1500
default_vsz_limit = 600 M
disable_plaintext_auth = no
info_log_path = /dev/null
listen = *
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_max_userip_connections = 100
mail_privileged_group = mail
mmap_disable = yes
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix = INBOX.
  separator = .
  type = private
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}
plugin {
  sieve_execute_bin_dir = /etc/dovecot/sieve-executables
  sieve_global_extensions = +vnd.dovecot.execute
  sieve_plugins = sieve_extprograms
}
protocols = imap lmtp
service anvil {
  unix_listener anvil-auth-penalty {
    mode = 0600
  }
}
service auth {
  user = root
}
service imap-login {
  client_limit = 6000
  process_limit = 4
  process_min_avail = 4
  service_count = 0
  vsz_limit = 600 M
}
service imap {
  client_limit = 1
  process_limit = 1024
  service_count = 50
}
service lmtp {
  inet_listener lmtp {
    port = 24
  }
}
ssl = no
ssl_cert = </etc/dovecot/dovecot.crt
ssl_key =  # hidden, use -P to show it
userdb {
  driver = prefetch
}
userdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}
verbose_proctitle = yes
protocol lmtp {
  mail_plugins = " sieve"
  plugin {
    sieve = ~/filters.sieve
    sieve_after = /etc/dovecot/sieve/after.sieve
    sieve_before = /etc/dovecot/sieve/before.sieve
  }
  userdb {
    args = /etc/dovecot/dovecot-sql-lmtp.conf
    driver = sql
    name = 
  }
}