[EXT] Re: max number of connections per ip
Aki Tuomi
aki.tuomi at open-xchange.com
Fri Feb 28 09:05:20 EET 2020
You can usually see from doveadm who or logs if your router/whatever is doing NAT.
Which would be the reason why 500 connections wouldn't be enough.
Aki
> On 27/02/2020 23:21 Esteban L <esteban at little-beak.com> wrote:
>
>
>
> It's not behind a proxy (unless the router is acting as a proxy?). Could it be that my router is doing some Hairpin NAT tomfoolery? The router is generic, so I run into that from time to time with my webserver.
>
>
> I tried doveadm who, but didn't see anything too peculiar. There is the expect half dozen or so users on common IPs.
>
>
> On 27.02.20 21:49, Aki Tuomi wrote:
>
>
> > Is your server behind proxy maybe? Can you see in logs that you get different IPs?
> >
> >
> >
> >
> > Maybe check with `doveadm who` how many connections you have?
> >
> >
> >
> >
> > Aki
> >
> > > On 27/02/2020 22:44 Esteban L < esteban at little-beak.com> wrote:
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > I have tried a lot of different things, still no success. =(
> > >
> > >
> > >
> > >
> > > here is my dove -n if anyone could help that would be great:
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf
> > >
> > > # Pigeonhole version 0.4.16 (fed8554)
> > >
> > > # OS: Linux 4.9.0-12-amd64 x86_64 Debian 9.12
> > >
> > > auth_debug = yes
> > >
> > > auth_debug_passwords = yes
> > >
> > > auth_mechanisms = plain login
> > >
> > > auth_verbose = yes
> > >
> > > auth_verbose_passwords = yes
> > >
> > > mail_home = /var/mail/vmail/%d/%n
> > >
> > > mail_location = maildir:~/Mail
> > >
> > > mail_max_userip_connections = 500
> > >
> > > mail_plugins = " quota"
> > >
> > > mail_privileged_group = vmail
> > >
> > > managesieve_notify_capability = mailto
> > >
> > > managesieve_sieve_capability = fileinto reject envelope
> > >
> > > encoded-character vacation subaddress comparator-i;ascii-numeric
> > >
> > > relational regex imap4flags copy include variables body enotify
> > >
> > > environment mailbox date index ihave duplicate mime foreverypart extracttext
> > >
> > > namespace inbox {
> > >
> > > inbox = yes
> > >
> > > location =
> > >
> > > mailbox Archive {
> > >
> > > auto = subscribe
> > >
> > > special_use = \Archive
> > >
> > > }
> > >
> > > mailbox Drafts {
> > >
> > > auto = subscribe
> > >
> > > special_use = \Drafts
> > >
> > > }
> > >
> > > mailbox Junk {
> > >
> > > auto = subscribe
> > >
> > > special_use = \Junk
> > >
> > > }
> > >
> > > mailbox Sent {
> > >
> > > auto = subscribe
> > >
> > > special_use = \Sent
> > >
> > > }
> > >
> > > mailbox "Sent Messages" {
> > >
> > > special_use = \Sent
> > >
> > > }
> > >
> > > mailbox Trash {
> > >
> > > auto = subscribe
> > >
> > > special_use = \Trash
> > >
> > > }
> > >
> > > prefix =
> > >
> > > }
> > >
> > > passdb {
> > >
> > > args = /etc/dovecot/dovecot-sql.conf.ext
> > >
> > > driver = sql
> > >
> > > }
> > >
> > > plugin {
> > >
> > > quota = maildir:User quota
> > >
> > > quota_grace = 10%%
> > >
> > > quota_rule = *:storage=10G
> > >
> > > quota_rule2 = Trash:storage=+1G
> > >
> > > quota_status_overquota = 552 5.2.2 Mailbox is full
> > >
> > > quota_warning = storage=95%% quota-warning 95 %u
> > >
> > > quota_warning2 = storage=80%% quota-warning 80 %u
> > >
> > > sieve = ~/.dovecot.sieve
> > >
> > > sieve_after = /etc/dovecot/sieve/spamfilter.sieve
> > >
> > > sieve_dir = ~/sieve
> > >
> > > }
> > >
> > > protocols = " imap lmtp sieve"
> > >
> > > service auth {
> > >
> > > unix_listener /var/spool/postfix/private/auth {
> > >
> > > group = postfix
> > >
> > > mode = 0666
> > >
> > > user = postfix
> > >
> > > }
> > >
> > > }
> > >
> > > service imap-login {
> > >
> > > inet_listener imaps {
> > >
> > > port = 993
> > >
> > > ssl = yes
> > >
> > > }
> > >
> > > }
> > >
> > > service lmtp {
> > >
> > > unix_listener /var/spool/postfix/private/dovecot-lmtp {
> > >
> > > group = postfix
> > >
> > > mode = 0600
> > >
> > > user = postfix
> > >
> > > }
> > >
> > > }
> > >
> > > ssl = required
> > >
> > > ssl_cert = </etc/letsencrypt/live/little-beak.com/fullchain.pem
> > >
> > > ssl_key = # hidden, use -P to show it
> > >
> > > userdb {
> > >
> > > args = /etc/dovecot/dovecot-sql.conf.ext
> > >
> > > driver = sql
> > >
> > > }
> > >
> > > protocol lmtp {
> > >
> > > mail_plugins = " quota sieve"
> > >
> > > postmaster_address = *****@little-beak.com
> > >
> > > }
> > >
> > > protocol lda {
> > >
> > > mail_plugins = " quota sieve"
> > >
> > > }
> > >
> > > protocol imap {
> > >
> > > mail_max_userip_connections = 500
> > >
> > > mail_plugins = " quota imap_quota"
> > >
> > > }
> > >
> > > protocol sieve {
> > >
> > > mail_max_userip_connections = 500
> > >
> > > }
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > On 27.02.20 18:54, Esteban L wrote:
> > >
> > > > I have been haunted by the following error message or months, that we
> > > >
> > > > see using Thunderbird.
> > >
> > > > Unable to connect to your IMAP server.
> > >
> > > > You may have exceeded the maximum number of connections to this server.
> > > >
> > > > If so, use the Advanced IMAP Server Settings dialogue to reduce the
> > > >
> > > > number of cached connections.
> > >
> > > > If I change my location, via a VPN, the error message goes away and I
> > > >
> > > > can connect.
> > >
> > > > I have edited my /etc/dovcot/conf.d/20-imap.conf file by adding the
> > > >
> > > > following:
> > >
> > > >
> > >
> > > > protocol imap {
> > > >
> > > > # Space separated list of plugins to load (default is global
> > > >
> > > > mail_plugins).
> > > >
> > > > mail_plugins = $mail_plugins imap_quota
> > >
> > > > # Maximum number of IMAP connections allowed for a user from each IP
> > > >
> > > > address.
> > > >
> > > > # NOTE: The username is compared case-sensitively.
> > > >
> > > > mail_max_userip_connections = 500
> > > >
> > > > }
> > >
> > > >
> > >
> > > > And, I still get the error message. I know myself, I have about 8-9
> > > >
> > > > accounts, some with as many as 10 folders (I know each one count's as
> > > >
> > > > it's own mailbox), as does my partner--who would access the internet
> > > >
> > > > from my IP.
> > >
> > > > Does that number really have to be like 10,000, or something? If so, why
> > > >
> > > > does it start out so small in the first place. If not, what else could I
> > > >
> > > > do to avoid this message going forward??
> > >
> > > >
> > >
> > > >
> > >
> > > >
> >
> >
> >
> >
> > ---
> > Aki Tuomi
> >
More information about the dovecot
mailing list