[Dovecot] Tuning!

Robert Schetterer rs at sys4.de
Thu May 2 21:08:51 EEST 2013 

Am 02.05.2013 19:54, schrieb Gedalya:
> Dovecot is probably waiting for your storage to respond, you should
> probably take a more detailed look at your NFS link and at the
> conditions on the NFS server side.
> 
> 
> On 05/02/2013 01:00 PM, Rafael VOlpe TI wrote:
>> Hi Buddies,
>>
>> I have 2 servers running dovecot + postfix for pop/imap users.
>> The users mailbox are in a Nfs storage.
>> The load of server is ranging at 3.0 to 15.0.
>> I really dont know what happened.. I read a lot about tuning of dovecot,
>> and the changes are applied, how you can see.
>> The Hardware of server is really good!
>> The host have 8GB of mem and 2 sockets with 2 cores anyone.
>> The server receives 900-1000 user connections in pop and imap.
>> How i can aprimmorate this processes?
>>
>> Some errors are displayed on the console randomly when the load rises.
>> Example:
>>
>> May 02 13:57:42 pop3(user at domain.com): Error: Timeout (180s) while
>> waiting
>> for lock for transaction log file //var/vmail/
>> domain.com/user//dovecot.index.log
>> May 02 13:57:42 pop3(user at domain.com): Error: Couldn't init INBOX:
>> Internal
>> error occurred. Refer to server log for more information. [2013-05-02
>> 13:54:40]
>> May 02 13:57:42 pop3(user at domain.com): Info: Mailbox init failed top=0/0,
>> retr=0/0, del=0/0, size=0
>>
>> I really appreciate any suggestion!
>>
>> Thanks and Regards,
>>
>> Rafael Volpe
>>
>>
>> Dovecot conf:
>>
>> # 2.0.19: /etc/dovecot/dovecot.conf
>> # OS: Linux 3.2.0-40-generic x86_64 Ubuntu 12.04.2 LTS
>> auth_mechanisms = plain login
>> auth_verbose = yes
>> debug_log_path = /var/log/dovecot-debug.log
>> disable_plaintext_auth = no
>> dotlock_use_excl = no
>> first_valid_gid = 125
>> first_valid_uid = 125
>> last_valid_gid = 125
>> last_valid_uid = 125
>> log_path = /var/log/dovecot.log
>> mail_debug = yes
>> mail_fsync = always
>> mail_location = maildir:/%Lh/:INDEX=/%Lh/
>> mail_nfs_index = yes
>> mail_nfs_storage = yes
>> mmap_disable = yes
>> passdb {
>>    args = /etc/dovecot/dovecot-sql.conf
>>    driver = sql
>> }
>> protocols = " imap pop3"
>> service auth {
>>    unix_listener /var/spool/postfix/private/auth {
>>      group = postfix
>>      mode = 0660
>>      user = postfix
>>    }
>> }
>> service imap-login {
>>    inet_listener imap {
>>      port = 143
>>    }
>>    inet_listener imaps {
>>      port = 993
>>      ssl = yes
>>    }
>>    service_count = 0
>> }
>> service pop3-login {
>>    inet_listener pop3 {
>>      port = 110
>>    }
>>    inet_listener pop3s {
>>      port = 995
>>      ssl = yes
>>    }
>> }
>> ssl_cert = </etc/postfix/ssl/wildcard.domain.com.crt
>> ssl_key = </etc/postfix/ssl/wildcard.domain.com.key
>> userdb {
>>    args = /etc/dovecot/dovecot-sql.conf
>>    driver = sql
>> }
>> verbose_proctitle = yes
>> protocol imap {
>>    imap_idle_notify_interval = 2 mins
>>    mail_max_userip_connections = 150
>> }
>> protocol pop3 {
>>    pop3_lock_session = no
>>    pop3_uidl_format = %08Xu%08Xv
>> }
>>
>>
>> Postfix conf:
>>
>> alias_database = hash:/etc/aliases
>> alias_maps = hash:/etc/aliases
>> append_dot_mydomain = no
>> biff = no
>> bounce_queue_lifetime = 1d
>> broken_sasl_auth_clients = yes
>> config_directory = /etc/postfix
>> content_filter = smtp-amavis:[127.0.0.1]:10024
>> inet_interfaces = all
>> mailbox_size_limit = 0
>> maximal_queue_lifetime = 1d
>> message_size_limit = 20240000
>> myhostname = myname.mydomain.com
>> mynetworks = 127.0.0.0/8
>> myorigin = /etc/mailname
>> policy-spf_time_limit = 3600s
>> readme_directory = no
>> recipient_bcc_maps = mysql:/etc/postfix/mysql_bcc.cf
>> recipient_delimiter = +
>> relay_domains = proxy:mysql:/etc/postfix/mysql_relay_domains_maps.cf
>> relayhost =
>> sender_bcc_maps = mysql:/etc/postfix/mysql_bcc.cf
>> smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
>> smtpd_banner = Welcome to $myhostname
>> smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated,
>> check_client_access mysql:/etc/postfix/mysql_access.cf,
>> reject_unknown_client, reject_unknown_client_hostname,
>> reject_unauth_pipelining, reject_rbl_client bl.spamcop.net,
>> reject_rbl_client zen.spamhaus.org, reject_rbl_client
>> b.barracudacentral.org
>> smtpd_end_of_data_restrictions = check_policy_service
>> inet:127.0.0.1:10031
>> smtpd_helo_required = yes
>> smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated,
>> reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname,
>> reject_invalid_hostname
>> smtpd_recipient_restrictions = reject_unknown_sender_domain,
>> reject_unknown_recipient_domain, reject_non_fqdn_sender,
>> reject_non_fqdn_recipient, reject_unlisted_recipient,
>> check_policy_service
>> inet:127.0.0.1:10031, permit_mynetworks, permit_sasl_authenticated,
>> reject_unauth_destination, check_policy_service unix:private/policy-spf
>> smtpd_reject_unlisted_sender = yes
>> smtpd_sasl_auth_enable = yes
>> smtpd_sasl_local_domain = $mydomain
>> smtpd_sasl_path = private/auth
>> smtpd_sasl_security_options = noanonymous
>> smtpd_sasl_type = dovecot
>> smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated,
>> reject_unauth_pipelining, reject_unauth_destination
>> smtpd_timeout = 30
>> smtpd_tls_cert_file = /etc/postfix/ssl/wildcard.domain.com.crt
>> smtpd_tls_key_file = /etc/postfix/ssl/wildcard.domain.com.key
>> smtpd_tls_security_level = may
>> smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
>> transport_maps = mysql:/etc/postfix/mysql_transport.cf
>> vacation_destination_recipient_limit = 1
>> virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
>> virtual_gid_maps = static:125
>> virtual_mailbox_base = /var/vmail
>> virtual_mailbox_domains =
>> mysql:/etc/postfix/mysql_virtual_domains_maps.cf
>> virtual_mailbox_limit = 51200000
>> virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
>> virtual_minimum_uid = 125
>> virtual_transport = virtual
>> virtual_uid_maps = static:125
>>
> 

did you notice

http://wiki2.dovecot.org/NFS

...

NFS is commonly used in one of these ways:

    Dovecot is run in a single computer.
    Dovecot is run in multiple computers, users are redirected more or
less randomly to different computers.
    Dovecot is run in multiple computers, each user is assigned a
specific computer which is used whenever possible.

The only way to reliably implement the 2nd setup is with the director
service

...

so you might read and setup

http://wiki2.dovecot.org/Director


Best Regards
MfG Robert Schetterer

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

More information about the dovecot mailing list