Dovecot performance and proxy loops with IPv6
Hello list,
i run here an large mailsetup with some million mailboxes and got strange performance problems, cause i think i have overseen or forgotten an simple setting.
Here are some details:
21 CentOS 7 Servers with dovecot 2.2.25 and ldap userdb/passdb via socket behind an hardware loadbalancer. The storage behind is an ISCSI Storage with 4 10Gbit/s multipath paths, splitted up to 10 TB volumes for each server with LVM and xfs filesystem. No Cluster FS Each server has about 60.000 to 75.000 mailboxes on it. mailboxes can have up to 10Gbyte space.
The Log says this sometimes and complete random: Feb 1 10:42:49 server1 dovecot: pop3-login: Error: net_connect_unix(pop3) failed: Resource temporarily unavailable - http://wiki2.dovecot.org/SocketUnavailable Feb 1 10:42:50 server1 dovecot: pop3-login: Error: net_connect_unix(pop3) failed: Resource temporarily unavailable - http://wiki2.dovecot.org/SocketUnavailable Feb 1 10:42:50 server1 dovecot: pop3-login: Error: net_connect_unix(pop3) failed: Resource temporarily unavailable - http://wiki2.dovecot.org/SocketUnavailable Feb 1 10:42:50 server1 dovecot: pop3-login: Error: net_connect_unix(pop3) failed: Resource temporarily unavailable - http://wiki2.dovecot.org/SocketUnavailable Feb 1 10:42:50 server1 dovecot: imap-login: Error: net_connect_unix(imap) failed: Resource temporarily unavailable - http://wiki2.dovecot.org/SocketUnavailable Feb 1 10:42:50 server1 dovecot: pop3-login: Error: net_connect_unix(pop3) failed: Resource temporarily unavailable - http://wiki2.dovecot.org/SocketUnavailable
Sure i have read the SocketUnavailabe wiki page and changed some settings, but the errors are not gone. Could you please look over my dovecot config and give me some tips or hints what to change.
The next this is, when adding IPv6 via DNS to the hosts and login with IPv6 i will become an proxy loop.
Settings in nameserver: server1.domain.com IN A 123.123.123.123 server1.domain.com IN AAAA 2001:123::1
The host entry comes from the ldap and says: mailHost: server1.domain.com
Imap Login with IPv6 to server1.domain.com tries to proxy from server1.domain.com ( IPv6 ) to server1.domain.com ( IPv6 ) and loops then. I have removed the IPv6 AAAA entries in the dns to stop this loops. Sorry, but i have no logs for this anymore.
Thanks in advise, Daniel
And here system configs and dovecot configs:
sysctl:
fs.inotify.max_user_instances = 65535 fs.inotify.max_user_watches = 16384
systemd startup with ulimit settings:
[Unit] Description=Dovecot Mailservice IMAP/POP
[Service] Type=simple LimitCORE=0 LimitNPROC=5000000 LimitNOFILE=65535 LimitSTACK=81920 LimitDATA=infinity LimitMEMLOCK=infinity LimitRSS=infinity LimitAS=infinity
ExecStart=/usr/local/dovecot2/sbin/dovecot -F -c /usr/local/dovecot2/etc/dovecot/dovecot.conf
[Install] WantedBy=multi-user.target
dovecot-ldap.conf:
uris = ldapi://%2Fvar%2Frun%2Fldapi
dn = cn=xxxxxxx,o=domain,c=com
dnpass = xxxxxxxxxxxxx
auth_bind = no
ldap_version = 3
base = o=domain,c=com
user_attrs = mail=user,mailMessageStore=home,
mailQuota=quota_rule=*:storage=%$
iterate_filter= (|(mailHost=server1.domain.com)(mailHost=popserver1.domain.com))
user_filter = (&(accountstatus=active)(|(uid=%u)(mail=%u)))
pass_attrs = mail=user,userPassword=password,=proxy_maybe=y,mailHost=host,=destuser=%u[%r]
pass_filter = (&(accountstatus=active)(|(uid=%u)(mail=%u)))
dovecot.conf:
# 2.2.25 (7be1766): /usr/local/dovecot2/etc/dovecot/dovecot.conf # OS: Linux 3.10.0-327.36.3.el7.x86_64 x86_64 CentOS Linux release 7.2.1511 (Core) auth_cache_negative_ttl = 1 mins auth_cache_size = 64 M auth_cache_ttl = 2 hours auth_mechanisms = plain login auth_username_chars = auth_verbose = yes base_dir = /var/run/dovecot/ debug_log_path = /dev/null default_login_user = dovecot disable_plaintext_auth = no doveadm_password = # hidden, use -P to show it doveadm_port = 12345 first_valid_gid = 1001 first_valid_uid = 1001 info_log_path = /dev/stderr lda_mailbox_autocreate = yes lda_original_recipient_header = X-Envelope-To log_path = /dev/stderr log_timestamp = login_log_format_elements = user=[%u] method=%m rip=%r lip=%l %c mail_gid = 1001 mail_location = mdbox:~:INDEX=%h/INDEX mail_plugins = "notify replication stats" mail_uid = 1001 mbox_write_locks = fcntl namespace { inbox = yes location = prefix = INBOX. separator = . type = private } passdb { args = /usr/local/dovecot2/etc/dovecot/dovecot-ldap.conf driver = ldap } plugin { quota = dict:User quota::file:%h/mdbox/dovecot-quota quota_warning = storage=85%% quota-warning 85 %u stats_refresh = 30 secs stats_track_cmds = yes } replication_max_conns = 30 sendmail_path = /usr/local/exim/bin/exim service aggregator { fifo_listener replication-notify-fifo { mode = 0666 user = popuser } unix_listener replication-notify { mode = 0666 user = popuser } } service anvil { client_limit = 60000 } service auth { client_limit = 60000 unix_listener auth-userdb { mode = 0666 user = popuser } unix_listener auth { mode = 0666 user = popuser } } service config { unix_listener config { user = popuser } } service dict { unix_listener dict { mode = 0666 user = popuser } } service doveadm { inet_listener { port = 12345 } user = popuser } service imap-login { chroot = login process_limit = 60000 process_min_avail = 16 } service imap { executable = /usr/local/dovecot2/libexec/dovecot/imap process_limit = 250000 } service ipc { client_limit = 60000 unix_listener ipc { mode = 0650 user = dovecot } unix_listener login/ipc-proxy { mode = 0650 user = dovecot } } service lmtp { unix_listener lmtp { mode = 0666 user = popuser } } service pop3-login { chroot = login process_limit = 60000 process_min_avail = 16 } service pop3 { executable = /usr/local/dovecot2/libexec/dovecot/pop3 process_limit = 250000 } service replicator { unix_listener replicator-doveadm { mode = 0600 user = popuser } } service stats { fifo_listener stats-mail { mode = 0600 user = popuser } } ssl_cert = </usr/local/dovecot2/etc/dovecot/certs/cert1.crt ssl_key = </usr/local/dovecot2/etc/dovecot/certs/cert1.key ssl_protocols = TLSv1.2 TLSv1.1 TLSv1 !SSLv3 !SSLv2 userdb { args = /usr/local/dovecot2/etc/dovecot/dovecot-ldap.conf driver = ldap } verbose_proctitle = yes protocol doveadm { mail_plugin_dir = /usr/local/dovecot2/lib/dovecot/ mail_plugins = quota } protocol lda { info_log_path = /var/log/dovecot-lda log_path = /var/log/dovecot-lda log_timestamp = "%b %d %H:%M:%S " mail_plugin_dir = /usr/local/dovecot2/lib/dovecot/ mail_plugins = quota postmaster_address = %u } protocol imap { imap_client_workarounds = mail_max_userip_connections = 100 mail_plugin_dir = /usr/local/dovecot2/lib/dovecot/ mail_plugins = quota imap_quota stats imap_stats } protocol pop3 { mail_plugin_dir = /usr/local/dovecot2/lib/dovecot/ mail_plugins = quota stats pop3_client_workarounds = outlook-no-nuls oe-ns-eoh pop3_enable_last = yes pop3_fast_size_lookups = yes pop3_reuse_xuidl = no pop3_uidl_format = %g } local xxx.xxx.xxx.54 { protocol imap { ssl_cert = </usr/local/dovecot2/etc/dovecot/certs/cert1.crt ssl_key = </usr/local/dovecot2/etc/dovecot/certs/cert1.key } } local xxx.xxx.xxx.54 { protocol pop3 { ssl_cert = </usr/local/dovecot2/etc/dovecot/certs/cert1.crt ssl_key = </usr/local/dovecot2/etc/dovecot/certs/cert1.key } } local xxx.xxx.xxx.55 { protocol imap { ssl_cert = </usr/local/dovecot2/etc/dovecot/certs/cert2.crt ssl_key = </usr/local/dovecot2/etc/dovecot/certs/cert2.key } } local xxx.xxx.xxx.55 { protocol pop3 { ssl_cert = </usr/local/dovecot2/etc/dovecot/certs/cert2.crt ssl_key = </usr/local/dovecot2/etc/dovecot/certs/cert2.key } } local xxx.xxx.xxx.56 { protocol imap { ssl_cert = </usr/local/dovecot2/etc/dovecot/certs/cert3.crt ssl_key = </usr/local/dovecot2/etc/dovecot/certs/cert3.key } } local xxx.xxx.xxx.56 { protocol pop3 { ssl_cert = </usr/local/dovecot2/etc/dovecot/certs/cert3.crt ssl_key = </usr/local/dovecot2/etc/dovecot/certs/cert3.key } } local xxxx:xxxx::fa { protocol imap { ssl_cert = </usr/local/dovecot2/etc/dovecot/certs/cert1.crt ssl_key = </usr/local/dovecot2/etc/dovecot/certs/cert1.key } } local xxxx:xxxx::fa { protocol pop3 { ssl_cert = </usr/local/dovecot2/etc/dovecot/certs/cert1.crt ssl_key = </usr/local/dovecot2/etc/dovecot/certs/cert1.key } } local xxxx:xxxx::fb { protocol imap { ssl_cert = </usr/local/dovecot2/etc/dovecot/certs/cert2.crt ssl_key = </usr/local/dovecot2/etc/dovecot/certs/cert2.key } } local xxxx:xxxx::fb { protocol pop3 { ssl_cert = </usr/local/dovecot2/etc/dovecot/certs/cert2.crt ssl_key = </usr/local/dovecot2/etc/dovecot/certs/cert2.key } } local xxxx:xxxx::fc { protocol imap { ssl_cert = </usr/local/dovecot2/etc/dovecot/certs/cert3.crt ssl_key = </usr/local/dovecot2/etc/dovecot/certs/cert3.key } } local xxxx:xxxx::fc { protocol pop3 { ssl_cert = </usr/local/dovecot2/etc/dovecot/certs/cert3.crt ssl_key = </usr/local/dovecot2/etc/dovecot/certs/cert3.key } }
participants (1)
-
Daniel Betz