[Dovecot] Connection queue full on dovecot 2.0.13
Hi,
i have a problem with dovecot 2.0.13.
I have one dovecot in Front-end that has only:
passdb { driver = static args = proxy=y host=10.0.0.6 nopassword=y }
In Back-end i have one dovecot that does auth and exports imap/pop3 ports.
In dovecot's log of Front-end i see:
/Apr 02 14:33:34 imap-login: Info: proxy(//user@example.com/ mailto:amministrazionevendite@pec.gmatica.it/): started proxying to 10.0.0.6:143: user=mailto:amministrazionevendite@pec.gmatica.it/>, method=PLAIN, rip=//xx.xx.xx.xx//, lip=xx.xx.xx.xx, TLS Apr 02 14:34:36 imap-login: Info: Disconnected: *Connection queue full *(auth failed, 1 attempts): user=mailto:amministrazionevendite@pec.gmatica.it/>, method=PLAIN, rip=//xx.xx.xx.xx//, lip=//xx.xx.xx.xx//, TLS/
I see this wiki page: http://wiki2.dovecot.org/LoginProcess but i read:
It works by using a number of long running login processes, each handling a number of connections. This loses much of the security benefits of the login process design, because in case of a security hole (in Dovecot or SSL library) the attacker is now able to see other users logging in and steal their passwords, read their mails, etc.
Is there another way?
Thanks
On Mon, 2012-04-02 at 16:39 +0200, Giovanni Mancuso wrote:
Apr 02 14:34:36 imap-login: Info: Disconnected: *Connection queue full *(auth failed, 1 attempts): user=
This means you've reached the process_limit/client_limit.
I see this wiki page: http://wiki2.dovecot.org/LoginProcess but i read:
It works by using a number of long running login processes, each handling a number of connections. This loses much of the security benefits of the login process design, because in case of a security hole (in Dovecot or SSL library) the attacker is now able to see other users logging in and steal their passwords, read their mails, etc.
Is there another way?
Just increase the number of processes:
service imap-login { process_limit = 10000 }
participants (2)
-
Giovanni Mancuso
-
Timo Sirainen