[Dovecot] Re: dovecot died

Dean Blackburn dean.blackburn at viz.com
Tue Mar 28 00:36:21 EEST 2006 

Marten Lehmann wrote:
> Hello,
>
>> You could look at inreasing the file limits, on debian its in 
>> /etc/security/limits.conf, increase the default 'nofile' from 1024 to 
>> say, 20000 or something. 
>
> no, thats the wrong way. This would help for now but it is just a 
> workaround and sooner or later even these limits might be exceeded. So 
> dovecot definitely needs max_connections_per_user or 
> max_connections_per_ip option.
>
Here's an example of what we're seeing, haven't pinned it down to a 
specific client setting yet:

dovecot: Mar 27 13:14:26 Info: imap-login: Login: user=<username1>, 
method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=10.1.0.102
dovecot: Mar 27 13:14:28 Info: imap-login: Login: user=<username1>, 
method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=10.1.0.102
dovecot: Mar 27 13:14:30 Info: imap-login: Login: user=<username1>, 
method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=10.1.0.102
dovecot: Mar 27 13:14:32 Info: imap-login: Login: user=<username1>, 
method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=10.1.0.102
dovecot: Mar 27 13:14:35 Info: imap-login: Login: user=<username1>, 
method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=10.1.0.102
dovecot: Mar 27 13:14:36 Info: imap-login: Login: user=<username1>, 
method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=10.1.0.102
dovecot: Mar 27 13:14:38 Info: imap-login: Login: user=<username1>, 
method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=10.1.0.102
dovecot: Mar 27 13:14:39 Info: imap-login: Login: user=<username1>, 
method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=10.1.0.102
dovecot: Mar 27 13:14:41 Info: imap-login: Login: user=<username1>, 
method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=10.1.0.102
dovecot: Mar 27 13:14:42 Info: imap-login: Login: user=<username1>, 
method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=10.1.0.102
dovecot: Mar 27 13:14:45 Info: imap-login: Login: user=<username1>, 
method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=10.1.0.102
dovecot: Mar 27 13:14:46 Info: imap-login: Login: user=<username1>, 
method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=10.1.0.102
dovecot: Mar 27 13:14:48 Info: imap-login: Login: user=<username1>, 
method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=10.1.0.102
dovecot: Mar 27 13:14:49 Info: imap-login: Login: user=<username1>, 
method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=10.1.0.102
dovecot: Mar 27 13:14:51 Info: imap-login: Login: user=<username1>, 
method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=10.1.0.102
dovecot: Mar 27 13:14:53 Info: imap-login: Login: user=<username1>, 
method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=10.1.0.102
dovecot: Mar 27 13:14:55 Info: imap-login: Login: user=<username1>, 
method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=10.1.0.102
dovecot: Mar 27 13:14:56 Info: imap-login: Login: user=<username1>, 
method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=10.1.0.102
dovecot: Mar 27 13:14:58 Info: imap-login: Login: user=<username1>, 
method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=10.1.0.102
dovecot: Mar 27 13:14:59 Info: imap-login: Login: user=<username1>, 
method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=10.1.0.102
dovecot: Mar 27 13:15:01 Info: imap-login: Login: user=<username1>, 
method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=10.1.0.102
dovecot: Mar 27 13:15:03 Info: imap-login: Login: user=<username1>, 
method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=10.1.0.102
dovecot: Mar 27 13:15:05 Info: imap-login: Login: user=<username1>, 
method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=10.1.0.102
dovecot: Mar 27 13:15:06 Info: imap-login: Login: user=<username1>, 
method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=10.1.0.102
dovecot: Mar 27 13:15:08 Info: imap-login: Login: user=<username1>, 
method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=10.1.0.102
dovecot: Mar 27 13:15:10 Info: imap-login: Login: user=<username1>, 
method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=10.1.0.102
dovecot: Mar 27 13:15:12 Info: imap-login: Login: user=<username1>, 
method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=10.1.0.102
dovecot: Mar 27 13:15:14 Info: imap-login: Login: user=<username1>, 
method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=10.1.0.102
dovecot: Mar 27 13:15:17 Info: imap-login: Login: user=<username1>, 
method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=10.1.0.102
dovecot: Mar 27 13:15:18 Info: imap-login: Login: user=<username1>, 
method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=10.1.0.102
dovecot: Mar 27 13:15:20 Info: imap-login: Login: user=<username1>, 
method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=10.1.0.102

When we get 1-2 of these going at a time, it kills the server, and we 
need to restart imap. If there was* some kind of per-ip/login limit, I 
bet we wouldn't exceed the resources. In this case, we know this is an 
employee using an unsupported client from outside - but, we have no way 
to block the IP (need to keep in contact with the remote IP), and there 
doesn't seem to be a "only accept from these imap clients" option, 
either... It's totally unacceptable for me to tell my boss the 
mailserver died because someone used a bad mail program. :/

Maybe this would be really hard to implement in dovecot, but I just 
wanted to second the notion that it would be a good thing(tm).

Thanks,

-deano

> Regards
> Marten

More information about the dovecot mailing list