[Dovecot] Login processes in Dovecot
I will be deploying Dovecot on OS X shortly. I am looking for
clarification on the limits imposed by OS X and sysctl
[kern.maxproc]. I understand that it is defaulting to 532, but can be
raised to 2500. I believe the OS uses around 100 or so, plus I will
have other processes and shells at times.
Does Dovecot use one process per user logged in? I find Apple Mail
uses about 4 IMAP connections per account. I am not sure that my
current number of mail users would be able to be supported on OS X
even if I bump up to 2500.
Does Dovecot use one process per user logged in differently based on
IMAP versus POP? Perhaps this is something that can also be changed
in Dovecot, if so, can someone point me to the docs about it, or
explain the downsides of going against default behavior.
If this is the case, what are my options? Does OS X server have a
higher limit in their kernel, or is this across the board? Is it even
possible to compile a kernel for OS X with this change, or does that
generally mess things up pretty bad?
FreeBSD and Solaris seem to have much higher limits, and certainly a
much more approachable way of upping those limits. Does anyone know
why OS X chose to set these so low, especially given that they do sell
server based hardware with a server based OS.
Thanks.
Scott * If you contact me off list replace talklists@ with scott@ *
On Jun 8, 2009, at 2:47 PM, Scott Haneda wrote:
I will be deploying Dovecot on OS X shortly. I am looking for
clarification on the limits imposed by OS X and sysctl
[kern.maxproc]. I understand that it is defaulting to 532, but can
be raised to 2500. I believe the OS uses around 100 or so, plus I
will have other processes and shells at times.
Which version of OS X? 10.4 or 10.5 ? Server or client ? It matters.
B. Bodger
On Jun 8, 2009, at 1:03 PM, Bruce Bodger wrote:
On Jun 8, 2009, at 2:47 PM, Scott Haneda wrote:
I will be deploying Dovecot on OS X shortly. I am looking for
clarification on the limits imposed by OS X and sysctl
[kern.maxproc]. I understand that it is defaulting to 532, but can
be raised to 2500. I believe the OS uses around 100 or so, plus I
will have other processes and shells at times.Which version of OS X? 10.4 or 10.5 ? Server or client ? It
matters.
My current target for deployment is a Dual 2.0 PPC G5, running OS X
10.5 client. Thank you.
Scott * If you contact me off list replace talklists@ with scott@ *
On Jun 8, 2009, at 3:35 PM, Scott Haneda wrote:
I will be deploying Dovecot on OS X shortly. I am looking for
clarification on the limits imposed by OS X and sysctl
[kern.maxproc]. I understand that it is defaulting to 532, but
can be raised to 2500. I believe the OS uses around 100 or so,
plus I will have other processes and shells at times.Which version of OS X? 10.4 or 10.5 ? Server or client ? It
matters.My current target for deployment is a Dual 2.0 PPC G5, running OS X
10.5 client. Thank you.
From http://www.postfix.org/TUNING_README.html#proc_limit
I would presume relevant to Dovecot as well:
===
Tuning the number of processes on the system
MacOS X will run out of process slots when you increase Postfix process limits. The following works with OSX 10.4 and OSX 10.5.
MacOS X kernel parameters can be specified in /etc/sysctl.conf.
/etc/sysctl.conf:
kern.maxproc=2048
kern.maxprocperuid=2048
Unfortunately these can't simply be set on the fly with "sysctl -w". You also have to set the following in /etc/launchd.conf
so that the root user after boot will have the right process limit
(2048). Otherwise you have to always run ulimit -u 2048 as root, then
start a user shell, and then start processes for things to take effect.
/etc/launchd.conf:
limit maxproc 2048
Once these are in place, reboot the system. After that, the limits will stay in place.
Hope it helps,
B. Bodger
On Jun 8, 2009, at 1:51 PM, Bruce Bodger wrote:
On Jun 8, 2009, at 3:35 PM, Scott Haneda wrote:
I will be deploying Dovecot on OS X shortly. I am looking for
clarification on the limits imposed by OS X and sysctl
[kern.maxproc]. I understand that it is defaulting to 532, but
can be raised to 2500. I believe the OS uses around 100 or so,
plus I will have other processes and shells at times.Which version of OS X? 10.4 or 10.5 ? Server or client ? It
matters.My current target for deployment is a Dual 2.0 PPC G5, running OS X
10.5 client. Thank you.From http://www.postfix.org/TUNING_README.html#proc_limit
I would presume relevant to Dovecot as well:
===
Tuning the number of processes on the system
MacOS X will run out of process slots when you increase Postfixprocess limits. The following works with OSX 10.4 and OSX 10.5.
MacOS X kernel parameters can be specified in /etc/sysctl.conf. /etc/sysctl.conf: kern.maxproc=2048 kern.maxprocperuid=2048 Unfortunately these can't simply be set on the fly with "sysctl-w". You also have to set the following in /etc/launchd.conf so that
the root user after boot will have the right process limit (2048).
Otherwise you have to always run ulimit -u 2048 as root, then start
a user shell, and then start processes for things to take effect./etc/launchd.conf: limit maxproc 2048 Once these are in place, reboot the system. After that, thelimits will stay in place.
Hope it helps,
Thanks, I have been looking at those adjustments. My concern, is that
if Dovecot uses a process per imap or pop connection, 2048 is not
nearly enough for any significant email system.
Scott * If you contact me off list replace talklists@ with scott@ *
On Jun 8, 2009, at 4:17 PM, Scott Haneda wrote:
Thanks, I have been looking at those adjustments. My concern, is
that if Dovecot uses a process per imap or pop connection, 2048 is
not nearly enough for any significant email system.
There are several parameters in dovecot.conf that can be adjusted to
prevent the problem that you're concerned about...
# Should each login be processed in it's own process (yes), or should
one
# login process be allowed to process multiple connections (no)? Yes
is more
# secure, espcially with SSL/TLS enabled. No is faster since there's
no need
# to create processes all the time.
login_process_per_connection = no
# Maximum number of login processes to create. The listening process
count
# usually stays at login_processes_count, but when multiple users
start logging
# in at the same time more extra processes are created. To prevent
fork-bombing
# we check only once in a second if new processes should be created -
if all
# of them are used at the time, we double their amount until the
limit set by
# this setting is reached.
login_max_processes_count = 128
[..]
Search dovecot-example.conf for 'process'
B. Bodger
Bruce Bodger wrote:
On Jun 8, 2009, at 4:17 PM, Scott Haneda wrote:
Thanks, I have been looking at those adjustments. My concern, is that if Dovecot uses a process per imap or pop connection, 2048 is not nearly enough for any significant email system.
There are several parameters in dovecot.conf that can be adjusted to prevent the problem that you're concerned about...
# Should each login be processed in it's own process (yes), or should one # login process be allowed to process multiple connections (no)? Yes is more # secure, espcially with SSL/TLS enabled. No is faster since there's no need # to create processes all the time. login_process_per_connection = no
# Maximum number of login processes to create. The listening process count # usually stays at login_processes_count, but when multiple users start logging # in at the same time more extra processes are created. To prevent fork-bombing # we check only once in a second if new processes should be created - if all # of them are used at the time, we double their amount until the limit set by # this setting is reached. login_max_processes_count = 128
This only partly addresses the concern.
There will still be a process per IMAP or POP connection once the connection is logged in. I believe those settings only control what happens until a successful authentication.
David
On Jun 8, 2009, at 2:17 PM, Scott Haneda wrote:
Thanks, I have been looking at those adjustments. My concern, is
that if Dovecot uses a process per imap or pop connection, 2048 is
not nearly enough for any significant email system.
Yes, it uses a process per each logged in user. POP3 processes are
short living sho they shouldn't matter much, but yeah, if you have
lots of IMAP connections that can become a problem. But typically what
I've seen a single server can handle maybe 1000 simultaneous
connections before running out of disk I/O. So are you sure the fd
limit is the first problem you run into?
You could of course also apply Apple's multiple-connections-per-
process patch posted to this list some months ago or wait for Snow
Leopard which distributes Dovecot with that patch..
On Jun 8, 2009, at 2:28 PM, Timo Sirainen wrote:
On Jun 8, 2009, at 2:17 PM, Scott Haneda wrote:
Thanks, I have been looking at those adjustments. My concern, is
that if Dovecot uses a process per imap or pop connection, 2048 is
not nearly enough for any significant email system.Yes, it uses a process per each logged in user. POP3 processes are
short living sho they shouldn't matter much, but yeah, if you have
lots of IMAP connections that can become a problem. But typically
what I've seen a single server can handle maybe 1000 simultaneous
connections before running out of disk I/O. So are you sure the fd
limit is the first problem you run into?
Just to be clear, I have not run into this problem yet, and do not
hope to :) Good point, there is indeed probably other overheard I
would run into. Apple Mail plays non friendly, and opens a ton of
IMAP connections. I believe, ~4 for each account, and maybe ~4 for
each folder you are subscribed to as well.
I was simply estimating, what my upper limits are going to be. I have
a client who has a really busy IMAP server, one day I want to bring
him on over to Dovecot. At this time, just covering my bases to make
sure I do not spend a lot of time installing and building things to
find out there is a ceiling.
As to disk I/O, that indeed could be an issue. I am trying to build
out a very fast set of drives. Most of the time, IMAP is going to be
idle for my users, and a slow trickle of emails will be coming in on
demand. But that does not mean that the connections/processes are not
going to be open.
Sounds good to me though, looks like the previous post by Bruce clears
up any issues I would have and allows me to move around this in a
config file as well.
You could of course also apply Apple's multiple-connections-per- process patch posted to this list some months ago or wait for Snow
Leopard which distributes Dovecot with that patch.
From what I heard today, Snow is only going to support non PPC
machines. I eventually will get a Intel machine, but if I do not have
to migrate, it would be a lot simpler on my life. Great to know there
is a patch, I will look into it.
Does the patch work on PPC? Is this patch a Dovecot patch, or an OS
patch of some form? If you could point me to what to search on to
locate the details, I can start looking at it. I would like to see if
it would be a good idea to update the portfile for macports, in order
to bring this to Dovecot within the MacPorts project. That is what I
used to install Dovecot, and it worked very well for me.
Thanks to everyone who helped me in this thread.
Scott * If you contact me off list replace talklists@ with scott@ *
On Jun 8, 2009, at 2:40 PM, Scott Haneda wrote:
You could of course also apply Apple's multiple-connections-per- process patch posted to this list some months ago or wait for Snow
Leopard which distributes Dovecot with that patch.From what I heard today, Snow is only going to support non PPC
machines. I eventually will get a Intel machine, but if I do not
have to migrate, it would be a lot simpler on my life. Great to
know there is a patch, I will look into it.Does the patch work on PPC?
Yes.
Is this patch a Dovecot patch, or an OS patch of some form? If
you could point me to what to search on to locate the details, I
can start looking at it.
http://www.dovecot.org/list/dovecot/2009-January/036160.html
I don't know how nicely it applies to newer Dovecot versions. Also the
other bad thing about it is that it's not really supported by anyone.
I'm going to implement it differently for Dovecot v2.0.
participants (4)
-
Bruce Bodger
-
David S. Madole
-
Scott Haneda
-
Timo Sirainen