[EXT] max number of connections per ip

Esteban L esteban at little-beak.com
Fri Feb 28 19:12:59 EET 2020 

Interesting, the line:

imap_client_workarounds = "delay-newmail"

I do not have. What does it do? The problem does seem to manifest itself
with initial logins.

On 28.02.20 17:28, Remo Mattei wrote:
> Here is mine and I have no issue if they client is netted.
>
> Remo 
>
> protocol imap {
>   imap_client_workarounds = "delay-newmail"
>   mail_plugins = $mail_plugins imap_quota
>   mail_max_userip_connections = 50
> }
>
>
>
>> On Feb 28, 2020, at 8:21 AM, Esteban L <esteban at little-beak.com> wrote:
>>
>> Ok. That is a nice command.
>>
>> I am able to see connections. It doesn't seem remotely close to 500,
>> though.
>>
>> If I understand things correctly, dovecot makes connections PER folder,
>> and keeps making more connections via IDLE (I am not entirely sure how
>> idle works, other than it keeps sockets open)?
>>
>> For example, in my case, I have about a dozen users, which combined
>> equals around 80 folders.
>>
>> If I am on an IP it is fine.
>>
>> My partner, also has about a dozen different users, which combined, also
>> has about 70-80 folders. 
>>
>> If we are on the same IP, we can no longer connect.
>>
>> 1. Is this general understanding ok?
>>
>> 2. Am I supposed to set the limit like at 10,000? I mean, I am not
>> running anything other than a little private email server for some
>> family and friends. As soon as my partner and I are on the same IP, it
>> just ceases.
>>
>> I see how if I check the doveadm who, periodically, I will have 2
>> propagations, and can imagine if my partner is there--yeah it's probably
>> breaking 500.
>>
>> On 28.02.20 08:05, Aki Tuomi wrote:
>>> You can usually see from doveadm who or logs if your router/whatever is doing NAT.
>>>
>>> Which would be the reason why 500 connections wouldn't be enough.
>>>
>>> Aki
>>>
>>>> On 27/02/2020 23:21 Esteban L <esteban at little-beak.com> wrote:
>>>>
>>>>
>>>>
>>>> It's not behind a proxy (unless the router is acting as a proxy?). Could it be that my router is doing some Hairpin NAT tomfoolery? The router is generic, so I run into that from time to time with my webserver.
>>>>
>>>>
>>>> I tried doveadm who, but didn't see anything too peculiar. There is the expect half dozen or so users on common IPs.
>>>>
>>>>
>>>> On 27.02.20 21:49, Aki Tuomi wrote:
>>>>
>>>>
>>>>> Is your server behind proxy maybe? Can you see in logs that you get different IPs?
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Maybe check with `doveadm who` how many connections you have?
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Aki
>>>>>
>>>>>> On 27/02/2020 22:44 Esteban L < esteban at little-beak.com> wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> I have tried a lot of different things, still no success. =(
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> here is my dove -n if anyone could help that would be great:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf
>>>>>>
>>>>>> # Pigeonhole version 0.4.16 (fed8554)
>>>>>>
>>>>>> # OS: Linux 4.9.0-12-amd64 x86_64 Debian 9.12
>>>>>>
>>>>>> auth_debug = yes
>>>>>>
>>>>>> auth_debug_passwords = yes
>>>>>>
>>>>>> auth_mechanisms = plain login
>>>>>>
>>>>>> auth_verbose = yes
>>>>>>
>>>>>> auth_verbose_passwords = yes
>>>>>>
>>>>>> mail_home = /var/mail/vmail/%d/%n
>>>>>>
>>>>>> mail_location = maildir:~/Mail
>>>>>>
>>>>>> mail_max_userip_connections = 500
>>>>>>
>>>>>> mail_plugins = " quota"
>>>>>>
>>>>>> mail_privileged_group = vmail
>>>>>>
>>>>>> managesieve_notify_capability = mailto
>>>>>>
>>>>>> managesieve_sieve_capability = fileinto reject envelope
>>>>>>
>>>>>> encoded-character vacation subaddress comparator-i;ascii-numeric
>>>>>>
>>>>>> relational regex imap4flags copy include variables body enotify
>>>>>>
>>>>>> environment mailbox date index ihave duplicate mime foreverypart extracttext
>>>>>>
>>>>>> namespace inbox {
>>>>>>
>>>>>> inbox = yes
>>>>>>
>>>>>> location =
>>>>>>
>>>>>> mailbox Archive {
>>>>>>
>>>>>> auto = subscribe
>>>>>>
>>>>>> special_use = \Archive
>>>>>>
>>>>>> }
>>>>>>
>>>>>> mailbox Drafts {
>>>>>>
>>>>>> auto = subscribe
>>>>>>
>>>>>> special_use = \Drafts
>>>>>>
>>>>>> }
>>>>>>
>>>>>> mailbox Junk {
>>>>>>
>>>>>> auto = subscribe
>>>>>>
>>>>>> special_use = \Junk
>>>>>>
>>>>>> }
>>>>>>
>>>>>> mailbox Sent {
>>>>>>
>>>>>> auto = subscribe
>>>>>>
>>>>>> special_use = \Sent
>>>>>>
>>>>>> }
>>>>>>
>>>>>> mailbox "Sent Messages" {
>>>>>>
>>>>>> special_use = \Sent
>>>>>>
>>>>>> }
>>>>>>
>>>>>> mailbox Trash {
>>>>>>
>>>>>> auto = subscribe
>>>>>>
>>>>>> special_use = \Trash
>>>>>>
>>>>>> }
>>>>>>
>>>>>> prefix =
>>>>>>
>>>>>> }
>>>>>>
>>>>>> passdb {
>>>>>>
>>>>>> args = /etc/dovecot/dovecot-sql.conf.ext
>>>>>>
>>>>>> driver = sql
>>>>>>
>>>>>> }
>>>>>>
>>>>>> plugin {
>>>>>>
>>>>>> quota = maildir:User quota
>>>>>>
>>>>>> quota_grace = 10%%
>>>>>>
>>>>>> quota_rule = *:storage=10G
>>>>>>
>>>>>> quota_rule2 = Trash:storage=+1G
>>>>>>
>>>>>> quota_status_overquota = 552 5.2.2 Mailbox is full
>>>>>>
>>>>>> quota_warning = storage=95%% quota-warning 95 %u
>>>>>>
>>>>>> quota_warning2 = storage=80%% quota-warning 80 %u
>>>>>>
>>>>>> sieve = ~/.dovecot.sieve
>>>>>>
>>>>>> sieve_after = /etc/dovecot/sieve/spamfilter.sieve
>>>>>>
>>>>>> sieve_dir = ~/sieve
>>>>>>
>>>>>> }
>>>>>>
>>>>>> protocols = " imap lmtp sieve"
>>>>>>
>>>>>> service auth {
>>>>>>
>>>>>> unix_listener /var/spool/postfix/private/auth {
>>>>>>
>>>>>> group = postfix
>>>>>>
>>>>>> mode = 0666
>>>>>>
>>>>>> user = postfix
>>>>>>
>>>>>> }
>>>>>>
>>>>>> }
>>>>>>
>>>>>> service imap-login {
>>>>>>
>>>>>> inet_listener imaps {
>>>>>>
>>>>>> port = 993
>>>>>>
>>>>>> ssl = yes
>>>>>>
>>>>>> }
>>>>>>
>>>>>> }
>>>>>>
>>>>>> service lmtp {
>>>>>>
>>>>>> unix_listener /var/spool/postfix/private/dovecot-lmtp {
>>>>>>
>>>>>> group = postfix
>>>>>>
>>>>>> mode = 0600
>>>>>>
>>>>>> user = postfix
>>>>>>
>>>>>> }
>>>>>>
>>>>>> }
>>>>>>
>>>>>> ssl = required
>>>>>>
>>>>>> ssl_cert = </etc/letsencrypt/live/little-beak.com/fullchain.pem
>>>>>>
>>>>>> ssl_key = # hidden, use -P to show it
>>>>>>
>>>>>> userdb {
>>>>>>
>>>>>> args = /etc/dovecot/dovecot-sql.conf.ext
>>>>>>
>>>>>> driver = sql
>>>>>>
>>>>>> }
>>>>>>
>>>>>> protocol lmtp {
>>>>>>
>>>>>> mail_plugins = " quota sieve"
>>>>>>
>>>>>> postmaster_address = *****@little-beak.com
>>>>>>
>>>>>> }
>>>>>>
>>>>>> protocol lda {
>>>>>>
>>>>>> mail_plugins = " quota sieve"
>>>>>>
>>>>>> }
>>>>>>
>>>>>> protocol imap {
>>>>>>
>>>>>> mail_max_userip_connections = 500
>>>>>>
>>>>>> mail_plugins = " quota imap_quota"
>>>>>>
>>>>>> }
>>>>>>
>>>>>> protocol sieve {
>>>>>>
>>>>>> mail_max_userip_connections = 500
>>>>>>
>>>>>> }
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 27.02.20 18:54, Esteban L wrote:
>>>>>>
>>>>>>> I have been haunted by the following error message or months, that we
>>>>>>>
>>>>>>> see using Thunderbird.
>>>>>>> Unable to connect to your IMAP server.
>>>>>>> You may have exceeded the maximum number of connections to this server.
>>>>>>>
>>>>>>> If so, use the Advanced IMAP Server Settings dialogue to reduce the
>>>>>>>
>>>>>>> number of cached connections.
>>>>>>> If I change my location, via a VPN, the error message goes away and I
>>>>>>>
>>>>>>> can connect.
>>>>>>> I have edited my /etc/dovcot/conf.d/20-imap.conf file by adding the
>>>>>>>
>>>>>>> following:
>>>>>>
>>>>>>> protocol imap {
>>>>>>>
>>>>>>> # Space separated list of plugins to load (default is global
>>>>>>>
>>>>>>> mail_plugins).
>>>>>>>
>>>>>>> mail_plugins = $mail_plugins imap_quota
>>>>>>> # Maximum number of IMAP connections allowed for a user from each IP
>>>>>>>
>>>>>>> address.
>>>>>>>
>>>>>>> # NOTE: The username is compared case-sensitively.
>>>>>>>
>>>>>>> mail_max_userip_connections = 500
>>>>>>>
>>>>>>> }
>>>>>>
>>>>>>> And, I still get the error message. I know myself, I have about 8-9
>>>>>>>
>>>>>>> accounts, some with as many as 10 folders (I know each one count's as
>>>>>>>
>>>>>>> it's own mailbox), as does my partner--who would access the internet
>>>>>>>
>>>>>>> from my IP.
>>>>>>> Does that number really have to be like 10,000, or something? If so, why
>>>>>>>
>>>>>>> does it start out so small in the first place. If not, what else could I
>>>>>>>
>>>>>>> do to avoid this message going forward??
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> ---
>>>>> Aki Tuomi
>>>>>
>> -- 
>> https://www.little-beak.com
>> "Doing what we can."
>>
>>

More information about the dovecot mailing list