[Dovecot] Maximum number of connections from user+IP exceeded

[Stan Hoeppner]

On 8/19/2013 6:55 PM, Reindl Harald wrote:

> Am 20.08.2013 01:45, schrieb Stan Hoeppner:
>> On 8/19/2013 4:10 PM, Reindl Harald wrote:
>>
>>> may i suggest you read about how IMAP IDLE works?
>>
>> Oh, well sure, if you hang your hat on IDLE then your arguments here
>> might make sense.  But because of the brain dead one socket per folder
>> architecture of IDLE few have adopted it en masse.  Which is why my
>> comments ignored the existence of IDLE.  And which is also why the
>> creators of the RFC stated clients must not count on the existence of
>> IDLE and must poll, which seems really odd.  Many have, and still ask,
>> why even have IDLE then if we must still poll?
>>
>> http://tools.ietf.org/html/rfc2177
>>
>> "(While the spec actually does allow a server to push EXISTS responses
>> aysynchronously, a client can't expect this behaviour and must poll.)"
>>
>> Given the option of potentially dozens of open sockets between his
>> server and any client simply to allow IDLE to work for all folders, or
>> one or two connections and strictly client polling, I'd guess most
>> admins will choose the latter
> 
> why we have IDLE is easy explained, i get around 500 mails per day
> well, i can't imagine my personal work-load woking without IDLE
> 
> 30 folders sorted with Sieve
> 
> * several lists with own folders
> * company (there folders, one for internal lists)
> * customers
> * vendors
> * server-status (logwatch, mail-stats of 20 servers)
> * error-notifies from watchdog (own cron-watchdogs, HP ILO, VMware vSphere, UPS...)
> 
> INBOX is a place where rarely a message comes in and with K9 on Android
> it's easy to select which folders should be considered for the
> common-inbox and which are pointless on a mobile (INBOX is none of them)

IDLE is not required for this.  Polling, which is the default on all
MUAs, accomplishes the same over one socket, a few max, depending on
what you're doing -concurrently- in the MUA.

> on a mailserver which can handle thousands of connections there
> is rarely a reason to disable IDLE and so a connection limit
> of 10 per IP is questionable

The server resources aren't necessarily a problem as you can always go
cluster.  One potential problem though, and there are likely others, is
that you're potentially increasing the SPI/NAT session tracking on the
edge router by 3-6 fold by allowing 30 sessions vs 5 or 10.  Add that on
top of the other traffic types and, for many, this may require larger
routers, a license upgrade, or both.  If you're an org of any size and
tunneling the IMAP sessions through VPN routers, an upgrade would likely
be mandatory.

Thus for some orgs simply increasing allowed connections to support IDLE
on arbitrary folder counts may come with a $20-100K price tag.  If this
was money in your pocket, would you spend it to simply replace poll with
push, given that poll works fine, and given that push yields no -real-
advantage over poll?

-- 
Stan