[EXT] Re: max number of connections per ip

Esteban L esteban at little-beak.com
Fri Feb 28 18:21:41 EET 2020


Ok. That is a nice command.

I am able to see connections. It doesn't seem remotely close to 500,
though.

If I understand things correctly, dovecot makes connections PER folder,
and keeps making more connections via IDLE (I am not entirely sure how
idle works, other than it keeps sockets open)?

For example, in my case, I have about a dozen users, which combined
equals around 80 folders.

If I am on an IP it is fine.

My partner, also has about a dozen different users, which combined, also
has about 70-80 folders. 

If we are on the same IP, we can no longer connect.

1. Is this general understanding ok?

2. Am I supposed to set the limit like at 10,000? I mean, I am not
running anything other than a little private email server for some
family and friends. As soon as my partner and I are on the same IP, it
just ceases.

I see how if I check the doveadm who, periodically, I will have 2
propagations, and can imagine if my partner is there--yeah it's probably
breaking 500.

On 28.02.20 08:05, Aki Tuomi wrote:
> You can usually see from doveadm who or logs if your router/whatever is doing NAT.
>
> Which would be the reason why 500 connections wouldn't be enough.
>
> Aki
>
>> On 27/02/2020 23:21 Esteban L <esteban at little-beak.com> wrote:
>>
>>
>>  
>> It's not behind a proxy (unless the router is acting as a proxy?). Could it be that my router is doing some Hairpin NAT tomfoolery? The router is generic, so I run into that from time to time with my webserver.
>>
>>  
>> I tried doveadm who, but didn't see anything too peculiar. There is the expect half dozen or so users on common IPs.
>>
>>  
>> On 27.02.20 21:49, Aki Tuomi wrote:
>>
>>  
>>> Is your server behind proxy maybe? Can you see in logs that you get different IPs?
>>>  
>>>
>>>
>>>  
>>> Maybe check with `doveadm who` how many connections you have?
>>>  
>>>
>>>
>>>  
>>> Aki
>>>  
>>>> On 27/02/2020 22:44 Esteban L < esteban at little-beak.com> wrote:
>>>>  
>>>>
>>>>
>>>>  
>>>>
>>>>
>>>>  
>>>> I have tried a lot of different things, still no success. =(
>>>>  
>>>>
>>>>
>>>>  
>>>> here is my dove -n if anyone could help that would be great:
>>>>  
>>>>
>>>>
>>>>  
>>>>
>>>>
>>>>  
>>>> # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf
>>>>  
>>>> # Pigeonhole version 0.4.16 (fed8554)
>>>>  
>>>> # OS: Linux 4.9.0-12-amd64 x86_64 Debian 9.12
>>>>  
>>>> auth_debug = yes
>>>>  
>>>> auth_debug_passwords = yes
>>>>  
>>>> auth_mechanisms = plain login
>>>>  
>>>> auth_verbose = yes
>>>>  
>>>> auth_verbose_passwords = yes
>>>>  
>>>> mail_home = /var/mail/vmail/%d/%n
>>>>  
>>>> mail_location = maildir:~/Mail
>>>>  
>>>> mail_max_userip_connections = 500
>>>>  
>>>> mail_plugins = " quota"
>>>>  
>>>> mail_privileged_group = vmail
>>>>  
>>>> managesieve_notify_capability = mailto
>>>>  
>>>> managesieve_sieve_capability = fileinto reject envelope
>>>>  
>>>> encoded-character vacation subaddress comparator-i;ascii-numeric
>>>>  
>>>> relational regex imap4flags copy include variables body enotify
>>>>  
>>>> environment mailbox date index ihave duplicate mime foreverypart extracttext
>>>>  
>>>> namespace inbox {
>>>>  
>>>> inbox = yes
>>>>  
>>>> location =
>>>>  
>>>> mailbox Archive {
>>>>  
>>>> auto = subscribe
>>>>  
>>>> special_use = \Archive
>>>>  
>>>> }
>>>>  
>>>> mailbox Drafts {
>>>>  
>>>> auto = subscribe
>>>>  
>>>> special_use = \Drafts
>>>>  
>>>> }
>>>>  
>>>> mailbox Junk {
>>>>  
>>>> auto = subscribe
>>>>  
>>>> special_use = \Junk
>>>>  
>>>> }
>>>>  
>>>> mailbox Sent {
>>>>  
>>>> auto = subscribe
>>>>  
>>>> special_use = \Sent
>>>>  
>>>> }
>>>>  
>>>> mailbox "Sent Messages" {
>>>>  
>>>> special_use = \Sent
>>>>  
>>>> }
>>>>  
>>>> mailbox Trash {
>>>>  
>>>> auto = subscribe
>>>>  
>>>> special_use = \Trash
>>>>  
>>>> }
>>>>  
>>>> prefix =
>>>>  
>>>> }
>>>>  
>>>> passdb {
>>>>  
>>>> args = /etc/dovecot/dovecot-sql.conf.ext
>>>>  
>>>> driver = sql
>>>>  
>>>> }
>>>>  
>>>> plugin {
>>>>  
>>>> quota = maildir:User quota
>>>>  
>>>> quota_grace = 10%%
>>>>  
>>>> quota_rule = *:storage=10G
>>>>  
>>>> quota_rule2 = Trash:storage=+1G
>>>>  
>>>> quota_status_overquota = 552 5.2.2 Mailbox is full
>>>>  
>>>> quota_warning = storage=95%% quota-warning 95 %u
>>>>  
>>>> quota_warning2 = storage=80%% quota-warning 80 %u
>>>>  
>>>> sieve = ~/.dovecot.sieve
>>>>  
>>>> sieve_after = /etc/dovecot/sieve/spamfilter.sieve
>>>>  
>>>> sieve_dir = ~/sieve
>>>>  
>>>> }
>>>>  
>>>> protocols = " imap lmtp sieve"
>>>>  
>>>> service auth {
>>>>  
>>>> unix_listener /var/spool/postfix/private/auth {
>>>>  
>>>> group = postfix
>>>>  
>>>> mode = 0666
>>>>  
>>>> user = postfix
>>>>  
>>>> }
>>>>  
>>>> }
>>>>  
>>>> service imap-login {
>>>>  
>>>> inet_listener imaps {
>>>>  
>>>> port = 993
>>>>  
>>>> ssl = yes
>>>>  
>>>> }
>>>>  
>>>> }
>>>>  
>>>> service lmtp {
>>>>  
>>>> unix_listener /var/spool/postfix/private/dovecot-lmtp {
>>>>  
>>>> group = postfix
>>>>  
>>>> mode = 0600
>>>>  
>>>> user = postfix
>>>>  
>>>> }
>>>>  
>>>> }
>>>>  
>>>> ssl = required
>>>>  
>>>> ssl_cert = </etc/letsencrypt/live/little-beak.com/fullchain.pem
>>>>  
>>>> ssl_key = # hidden, use -P to show it
>>>>  
>>>> userdb {
>>>>  
>>>> args = /etc/dovecot/dovecot-sql.conf.ext
>>>>  
>>>> driver = sql
>>>>  
>>>> }
>>>>  
>>>> protocol lmtp {
>>>>  
>>>> mail_plugins = " quota sieve"
>>>>  
>>>> postmaster_address = *****@little-beak.com
>>>>  
>>>> }
>>>>  
>>>> protocol lda {
>>>>  
>>>> mail_plugins = " quota sieve"
>>>>  
>>>> }
>>>>  
>>>> protocol imap {
>>>>  
>>>> mail_max_userip_connections = 500
>>>>  
>>>> mail_plugins = " quota imap_quota"
>>>>  
>>>> }
>>>>  
>>>> protocol sieve {
>>>>  
>>>> mail_max_userip_connections = 500
>>>>  
>>>> }
>>>>  
>>>>
>>>>
>>>>  
>>>>
>>>>
>>>>  
>>>> On 27.02.20 18:54, Esteban L wrote:
>>>>  
>>>>> I have been haunted by the following error message or months, that we
>>>>>  
>>>>> see using Thunderbird.
>>>>  
>>>>> Unable to connect to your IMAP server.
>>>>  
>>>>> You may have exceeded the maximum number of connections to this server.
>>>>>  
>>>>> If so, use the Advanced IMAP Server Settings dialogue to reduce the
>>>>>  
>>>>> number of cached connections.
>>>>  
>>>>> If I change my location, via a VPN, the error message goes away and I
>>>>>  
>>>>> can connect.
>>>>  
>>>>> I have edited my /etc/dovcot/conf.d/20-imap.conf file by adding the
>>>>>  
>>>>> following:
>>>>  
>>>>  
>>>>> protocol imap {
>>>>>  
>>>>> # Space separated list of plugins to load (default is global
>>>>>  
>>>>> mail_plugins).
>>>>>  
>>>>> mail_plugins = $mail_plugins imap_quota
>>>>  
>>>>> # Maximum number of IMAP connections allowed for a user from each IP
>>>>>  
>>>>> address.
>>>>>  
>>>>> # NOTE: The username is compared case-sensitively.
>>>>>  
>>>>> mail_max_userip_connections = 500
>>>>>  
>>>>> }
>>>>  
>>>>  
>>>>> And, I still get the error message. I know myself, I have about 8-9
>>>>>  
>>>>> accounts, some with as many as 10 folders (I know each one count's as
>>>>>  
>>>>> it's own mailbox), as does my partner--who would access the internet
>>>>>  
>>>>> from my IP.
>>>>  
>>>>> Does that number really have to be like 10,000, or something? If so, why
>>>>>  
>>>>> does it start out so small in the first place. If not, what else could I
>>>>>  
>>>>> do to avoid this message going forward??
>>>>  
>>>>  
>>>>  
>>>  
>>>
>>>
>>>  
>>> ---
>>> Aki Tuomi
>>>
-- 
https://www.little-beak.com
"Doing what we can."




More information about the dovecot mailing list