[Dovecot] MOSTLY SOLVED: Re: client limit and STARTTLS

[David Benfell]

Hi Noel,

On Sat, Apr 06, 2013 at 12:43:02PM +1000, Noel Butler wrote:
> 
> > Second question: STARTTLS isn't working. What am I missing? Sorry if
> > this is something that should be obvious; I'm fighting a similar
> > battle with postfix and I'm being pushed around the bend while I
> > really need to be working on other things.
> > 
> 
> Are your certificate chains valid?  Simply saying "isn't working"  is
> almost a requirement for a *sigh* 
> log output please, or a better description than "isn't working" ;)
> 
Clearly this had been wrong at the previous installation as well. I
don't know why I had seen it differently before.

Yes, the certificate chains were screwed up. And you hit the nail on the
head when you pointed to chains. It's a StartSSL cert and I've had
trouble getting this straight from the beginning.

Thanks!

Now if we can sort out how to set the client and process limits. I
changed the settings like thus:

default_process_limit = 1024
default_client_limit = 4096

Now it tells me something different, but much less urgently, at startup:

Apr 06 00:13:42 munich.parts-unknown.org dovecot[1816]: Warning: fd
limit (ulimit -n) is lower than required under max. load (1024 < 4096),
because of default_client_count

The truth is, I can't imagine having 4096 clients. I mean, it's true, I
like my toys, but.....

So I changed it again:

default_process_limit = 128
default_client_limit = 512

And now it seems to be fine. But I'm mystified because what you say is
the case on your system, that is, that the process limit needs to be
greater than the client limit, is what I would expect: wouldn't each
client require at least one process?

Thanks!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://dovecot.org/pipermail/dovecot/attachments/20130406/38bb8be9/attachment.bin>