auth client limit versus service count of mail processes

Tue Nov 29 12:30:37 UTC 2016

On 29 Nov 2016, at 2.57, Christian Balzer <chibi at gol.com> wrote:
> 
> service imap {
>  # Most of the memory goes to mmap()ing files. You may need to increase this
>  # limit if you have huge mailboxes.
>  #vsz_limit = $default_vsz_limit
>  vsz_limit = 512M
> 
>  # Max. number of IMAP processes (connections)
>  #process_limit = 1024
>  process_limit = 524288
> }
..
> But adding a "service_count = 100" line (any value larger than 1 really) to
> the imap section we get the dreaded: 
> ---
> Nov 28 17:05:40 mbx09 dovecot: config: Warning: service auth { client_limit=16384} is lower than required under max. load (528384)
> ---
> 
> 1. Where's the difference in Dovecot's logic between a mail service that
> has a service count of 1 versus one with >1?

With service_count=1 it disconnects from auth immediately after logging in. With service_count>0 the auth connection is kept open for the entire existence of the imap process. This is mainly because after dropping privileges it wouldn't be able to connect to the auth-master socket again. In theory if the socket permissions were changed, it could keep reconnecting to auth-master and not keep connections open all the time.

> 2. Any way to get the process recycling for IMAP going w/o setting the fd
> limit to a ridiculous amount? 

How about shrinking the imap process_limit? I highly doubt you can actually run 500k imap processes per server and have it still working. The largest I've ever heard people running has been 50k processes per server. 