[Dovecot] Feature Request: handle mail connections of the same user from a same IP using just one mail process
Hi,
Dovecot Wiki states that mail process (IMAP/POP3) is able to handle multiple client connections as the same time to save CPU and memory resources (client_limit > 1). Although this approach is not recommended due to latency and probably security issues, it does help increase the overall capacity of a mail server. Is it possible (or planned) to add a feature such that mail client connections of the same user from a same IP are directed to a same mail process? In most cases, such connections come from a same mail client (e.g. in Thunderbird, each mailbox is a connection). The end user (human being) can work on one mailbox at a time, the latency will be non-obvious. And since all data being processed belong to the same user, security is a non-issue.
Thanks,
Am 11.04.2014 17:49, schrieb morrison:
Dovecot Wiki states that mail process (IMAP/POP3) is able to handle multiple client connections as the same time to save CPU and memory resources (client_limit > 1). Although this approach is not recommended due to latency and probably security issues, it does help increase the overall capacity of a mail server. Is it possible (or planned) to add a feature such that mail client connections of the same user from a same IP are directed to a same mail process? In most cases, such connections come from a same mail client (e.g. in Thunderbird, each mailbox is a connection). The end user (human being) can work on one mailbox at a time, the latency will be non-obvious. And since all data being processed belong to the same user, security is a non-issue.
http://wiki2.dovecot.org/LoginProcess
"High-performance mode" is already there and no, forget the broken idea "but only the same user / ip" because you have no clue if it is a different user coming from the same IP until the connection does auth
- if it does auth and it was not the same you are fucked
- you can't handle the connection to a different process
- even if you can - your login data are already sent
"In most cases, such connections come from a same mail client" that made sense 10 or 15 years ago, these days *most cases* are mobile clients coming through carrier-grade NAT, networks behind a NAT or public access points shared by all sort of users
so no - you have only two choices
- performance
- security
any other conclusion base don a client IP is broken
Il 11/04/2014 17:49, morrison ha scritto:
Hi,
Dovecot Wiki states that mail process (IMAP/POP3) is able to handle multiple client connections as the same time to save CPU and memory resources (client_limit > 1). Although this approach is not recommended due to latency and probably security issues, it does help increase the overall capacity of a mail server. Is it possible (or planned) to add a feature such that mail client connections of the same user from a same IP are directed to a same mail process? In most cases, such connections come from a same mail client (e.g. in Thunderbird, each mailbox is a connection). The end user (human being) can work on one mailbox at a time, the latency will be non-obvious. And since all data being processed belong to the same user, security is a non-issue.
Thanks,
Hi,
a features like this should be added:
https://fosdem.org/2014/interviews/2014-timo-sirainen/
===== The ability to save/restore IMAP connection state. This would allow getting rid of most of the long running memory-hungry idling IMAP processes by keeping the connections in a small number of IMAP-idle processes where they wait for something to happen. This also allows moving IMAP connections between servers. This could also improve performance of some webmail systems by having the webmail server remember the state as a string and then be able to quickly restore it with another IMAP command.
-- Alessio Cecchi is: @ ILS -> http://www.linux.it/~alessice/ on LinkedIn -> http://www.linkedin.com/in/alessice Assistenza Sistemi GNU/Linux -> http://www.cecchi.biz Cloud Email Hosting -> http://www.qboxmail.com @ PLUG -> ex-Presidente, adesso senatore a vita, http://www.prato.linux.it
participants (3)
-
Alessio Cecchi
-
morrison
-
Reindl Harald