[EXT] max number of connections per ip
Sami Ketola
sami.ketola at dovecot.fi
Sat Feb 29 13:17:52 EET 2020
Hi,
dovecot does not make "connections PER folder". it is your MUA that does it.
for example Thunderbird is known to open 1 connection per folder. It's a client setting that can be changed.
Sami
> On 28 Feb 2020, at 18.21, Esteban L <esteban at little-beak.com> wrote:
>
> Ok. That is a nice command.
>
> I am able to see connections. It doesn't seem remotely close to 500,
> though.
>
> If I understand things correctly, dovecot makes connections PER folder,
> and keeps making more connections via IDLE (I am not entirely sure how
> idle works, other than it keeps sockets open)?
>
> For example, in my case, I have about a dozen users, which combined
> equals around 80 folders.
>
> If I am on an IP it is fine.
>
> My partner, also has about a dozen different users, which combined, also
> has about 70-80 folders.
>
> If we are on the same IP, we can no longer connect.
>
> 1. Is this general understanding ok?
>
> 2. Am I supposed to set the limit like at 10,000? I mean, I am not
> running anything other than a little private email server for some
> family and friends. As soon as my partner and I are on the same IP, it
> just ceases.
>
> I see how if I check the doveadm who, periodically, I will have 2
> propagations, and can imagine if my partner is there--yeah it's probably
> breaking 500.
>
> On 28.02.20 08:05, Aki Tuomi wrote:
>> You can usually see from doveadm who or logs if your router/whatever is doing NAT.
>>
>> Which would be the reason why 500 connections wouldn't be enough.
>>
>> Aki
>>
>>> On 27/02/2020 23:21 Esteban L <esteban at little-beak.com> wrote:
>>>
>>>
>>>
>>> It's not behind a proxy (unless the router is acting as a proxy?). Could it be that my router is doing some Hairpin NAT tomfoolery? The router is generic, so I run into that from time to time with my webserver.
>>>
>>>
>>> I tried doveadm who, but didn't see anything too peculiar. There is the expect half dozen or so users on common IPs.
>>>
>>>
>>> On 27.02.20 21:49, Aki Tuomi wrote:
>>>
>>>
>>>> Is your server behind proxy maybe? Can you see in logs that you get different IPs?
>>>>
>>>>
>>>>
>>>>
>>>> Maybe check with `doveadm who` how many connections you have?
>>>>
>>>>
>>>>
>>>>
>>>> Aki
>>>>
>>>>> On 27/02/2020 22:44 Esteban L < esteban at little-beak.com> wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> I have tried a lot of different things, still no success. =(
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> here is my dove -n if anyone could help that would be great:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf
>>>>>
>>>>> # Pigeonhole version 0.4.16 (fed8554)
>>>>>
>>>>> # OS: Linux 4.9.0-12-amd64 x86_64 Debian 9.12
>>>>>
>>>>> auth_debug = yes
>>>>>
>>>>> auth_debug_passwords = yes
>>>>>
>>>>> auth_mechanisms = plain login
>>>>>
>>>>> auth_verbose = yes
>>>>>
>>>>> auth_verbose_passwords = yes
>>>>>
>>>>> mail_home = /var/mail/vmail/%d/%n
>>>>>
>>>>> mail_location = maildir:~/Mail
>>>>>
>>>>> mail_max_userip_connections = 500
>>>>>
>>>>> mail_plugins = " quota"
>>>>>
>>>>> mail_privileged_group = vmail
>>>>>
>>>>> managesieve_notify_capability = mailto
>>>>>
>>>>> managesieve_sieve_capability = fileinto reject envelope
>>>>>
>>>>> encoded-character vacation subaddress comparator-i;ascii-numeric
>>>>>
>>>>> relational regex imap4flags copy include variables body enotify
>>>>>
>>>>> environment mailbox date index ihave duplicate mime foreverypart extracttext
>>>>>
>>>>> namespace inbox {
>>>>>
>>>>> inbox = yes
>>>>>
>>>>> location =
>>>>>
>>>>> mailbox Archive {
>>>>>
>>>>> auto = subscribe
>>>>>
>>>>> special_use = \Archive
>>>>>
>>>>> }
>>>>>
>>>>> mailbox Drafts {
>>>>>
>>>>> auto = subscribe
>>>>>
>>>>> special_use = \Drafts
>>>>>
>>>>> }
>>>>>
>>>>> mailbox Junk {
>>>>>
>>>>> auto = subscribe
>>>>>
>>>>> special_use = \Junk
>>>>>
>>>>> }
>>>>>
>>>>> mailbox Sent {
>>>>>
>>>>> auto = subscribe
>>>>>
>>>>> special_use = \Sent
>>>>>
>>>>> }
>>>>>
>>>>> mailbox "Sent Messages" {
>>>>>
>>>>> special_use = \Sent
>>>>>
>>>>> }
>>>>>
>>>>> mailbox Trash {
>>>>>
>>>>> auto = subscribe
>>>>>
>>>>> special_use = \Trash
>>>>>
>>>>> }
>>>>>
>>>>> prefix =
>>>>>
>>>>> }
>>>>>
>>>>> passdb {
>>>>>
>>>>> args = /etc/dovecot/dovecot-sql.conf.ext
>>>>>
>>>>> driver = sql
>>>>>
>>>>> }
>>>>>
>>>>> plugin {
>>>>>
>>>>> quota = maildir:User quota
>>>>>
>>>>> quota_grace = 10%%
>>>>>
>>>>> quota_rule = *:storage=10G
>>>>>
>>>>> quota_rule2 = Trash:storage=+1G
>>>>>
>>>>> quota_status_overquota = 552 5.2.2 Mailbox is full
>>>>>
>>>>> quota_warning = storage=95%% quota-warning 95 %u
>>>>>
>>>>> quota_warning2 = storage=80%% quota-warning 80 %u
>>>>>
>>>>> sieve = ~/.dovecot.sieve
>>>>>
>>>>> sieve_after = /etc/dovecot/sieve/spamfilter.sieve
>>>>>
>>>>> sieve_dir = ~/sieve
>>>>>
>>>>> }
>>>>>
>>>>> protocols = " imap lmtp sieve"
>>>>>
>>>>> service auth {
>>>>>
>>>>> unix_listener /var/spool/postfix/private/auth {
>>>>>
>>>>> group = postfix
>>>>>
>>>>> mode = 0666
>>>>>
>>>>> user = postfix
>>>>>
>>>>> }
>>>>>
>>>>> }
>>>>>
>>>>> service imap-login {
>>>>>
>>>>> inet_listener imaps {
>>>>>
>>>>> port = 993
>>>>>
>>>>> ssl = yes
>>>>>
>>>>> }
>>>>>
>>>>> }
>>>>>
>>>>> service lmtp {
>>>>>
>>>>> unix_listener /var/spool/postfix/private/dovecot-lmtp {
>>>>>
>>>>> group = postfix
>>>>>
>>>>> mode = 0600
>>>>>
>>>>> user = postfix
>>>>>
>>>>> }
>>>>>
>>>>> }
>>>>>
>>>>> ssl = required
>>>>>
>>>>> ssl_cert = </etc/letsencrypt/live/little-beak.com/fullchain.pem
>>>>>
>>>>> ssl_key = # hidden, use -P to show it
>>>>>
>>>>> userdb {
>>>>>
>>>>> args = /etc/dovecot/dovecot-sql.conf.ext
>>>>>
>>>>> driver = sql
>>>>>
>>>>> }
>>>>>
>>>>> protocol lmtp {
>>>>>
>>>>> mail_plugins = " quota sieve"
>>>>>
>>>>> postmaster_address = *****@little-beak.com
>>>>>
>>>>> }
>>>>>
>>>>> protocol lda {
>>>>>
>>>>> mail_plugins = " quota sieve"
>>>>>
>>>>> }
>>>>>
>>>>> protocol imap {
>>>>>
>>>>> mail_max_userip_connections = 500
>>>>>
>>>>> mail_plugins = " quota imap_quota"
>>>>>
>>>>> }
>>>>>
>>>>> protocol sieve {
>>>>>
>>>>> mail_max_userip_connections = 500
>>>>>
>>>>> }
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On 27.02.20 18:54, Esteban L wrote:
>>>>>
>>>>>> I have been haunted by the following error message or months, that we
>>>>>>
>>>>>> see using Thunderbird.
>>>>>
>>>>>> Unable to connect to your IMAP server.
>>>>>
>>>>>> You may have exceeded the maximum number of connections to this server.
>>>>>>
>>>>>> If so, use the Advanced IMAP Server Settings dialogue to reduce the
>>>>>>
>>>>>> number of cached connections.
>>>>>
>>>>>> If I change my location, via a VPN, the error message goes away and I
>>>>>>
>>>>>> can connect.
>>>>>
>>>>>> I have edited my /etc/dovcot/conf.d/20-imap.conf file by adding the
>>>>>>
>>>>>> following:
>>>>>
>>>>>
>>>>>> protocol imap {
>>>>>>
>>>>>> # Space separated list of plugins to load (default is global
>>>>>>
>>>>>> mail_plugins).
>>>>>>
>>>>>> mail_plugins = $mail_plugins imap_quota
>>>>>
>>>>>> # Maximum number of IMAP connections allowed for a user from each IP
>>>>>>
>>>>>> address.
>>>>>>
>>>>>> # NOTE: The username is compared case-sensitively.
>>>>>>
>>>>>> mail_max_userip_connections = 500
>>>>>>
>>>>>> }
>>>>>
>>>>>
>>>>>> And, I still get the error message. I know myself, I have about 8-9
>>>>>>
>>>>>> accounts, some with as many as 10 folders (I know each one count's as
>>>>>>
>>>>>> it's own mailbox), as does my partner--who would access the internet
>>>>>>
>>>>>> from my IP.
>>>>>
>>>>>> Does that number really have to be like 10,000, or something? If so, why
>>>>>>
>>>>>> does it start out so small in the first place. If not, what else could I
>>>>>>
>>>>>> do to avoid this message going forward??
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>>
>>>> ---
>>>> Aki Tuomi
>>>>
> --
> https://www.little-beak.com
> "Doing what we can."
>
>
More information about the dovecot
mailing list