[Dovecot] Login processes in Dovecot

David S. Madole david at madole.net
Tue Jun 9 00:28:35 EEST 2009


Bruce Bodger wrote:
>
> On Jun 8, 2009, at 4:17 PM, Scott Haneda wrote:
>
>> Thanks, I have been looking at those adjustments.  My concern, is
>> that if Dovecot uses a process per imap or pop connection, 2048 is
>> not nearly enough for any significant email system.
>
> There are several parameters in dovecot.conf that can be adjusted to
> prevent the problem that you're concerned about...
>
> # Should each login be processed in it's own process (yes), or should one
> # login process be allowed to process multiple connections (no)? Yes
> is more
> # secure, espcially with SSL/TLS enabled. No is faster since there's
> no need
> # to create processes all the time.
> login_process_per_connection = no
>
> # Maximum number of login processes to create. The listening process
> count
> # usually stays at login_processes_count, but when multiple users
> start logging
> # in at the same time more extra processes are created. To prevent
> fork-bombing
> # we check only once in a second if new processes should be created -
> if all
> # of them are used at the time, we double their amount until the limit
> set by
> # this setting is reached.
> login_max_processes_count = 128

This only partly addresses the concern.

There will still be a process per IMAP or POP connection once the
connection is logged in. I believe those settings only control what
happens until a successful authentication.

David




More information about the dovecot mailing list