Dovecot mail_max_userip_connections difficulties

M

MvdP

Verified User
Joined
Mar 3, 2011
Messages
14
Hi All,

I have a client which uses a lot of imap connection to a server. I figured out that I can solve the connection problems for that client by adding mail_max_userip_connections to my dovecot.conf and set the value to around 30.

That all seems just fine but... for some reason when I add this setting into my dovecot.conf the whole mail system starts to have connection problems.

Some users are randomly getting kicked out of the webmail client and remote imap connections could not be established. Once I restart dovecot everything works again for an amount of x time after which the troubles start again. Restarting Dovecot then solves the problems again but its really annoying and far from perfect.

Has anyone bumped up their mail_max_userip_connections without having these problems if so how did you do it?

Thanks!
Mark
 
Check your error log for problems. Increase sockets, Increase dovecot children.
 
Thanks scsi,

First thing I did of course was to check the logs but I have not noticed anything out of the ordinary otherwise I would have not posted my question here :)

I will take a look into the sockets and the children documentation.
 
Thanks ZeitEr,

I saw that thread and it looks interesting since my /etc/dovecot.conf does not contain any of these config parameters. What I wonder though is if anybody has experience with the specific mail_max_userip_connections setting since that once seems to bring the whole thing to its knees.
 
Sorry to dig up an old thread but this seems to be happening to me as well and I am wondering if you found a solution, basically some users are having their password rejected and in the maillog file I see
Code: 
 "imap-login: Maximum number of connections from user+IP exceeded (mail_max_userip_connections=10): user=<[email protected]>, method=PLAIN, rip=1.2.3.4, lip=1.2.3.4, TLS"
(I changed the ips and email address). I am thinking of simply updating "mail_max_userip_connections to 20" but this thread concerns me that it may cause more problems if I do so. Also, I am not totally sure where in the configuration file it should go, here is my file as it stands currently...
Code: 
## Dovecot 2.0 configuration file

#IPv4
listen = *

#IPv4 and IPv6:
#listen = *, ::

auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@&
auth_verbose = yes
disable_plaintext_auth = no
login_greeting = Dovecot DA ready.
mail_access_groups = mail
default_login_user = dovecot
mail_location = maildir:~/Maildir
passdb {
  driver = shadow
}
passdb {
  args = username_format=%n /etc/virtual/%d/passwd
  driver = passwd-file
}
protocols = imap pop3
service auth {
  user = root
}
service imap-login {
  client_limit = 1024
  process_limit = 1024
  process_min_avail = 16
  service_count = 1
  user = dovecot
  vsz_limit = 64 M
}
service pop3-login {
  client_limit = 1024
  process_limit = 1024
  process_min_avail = 16
  service_count = 1
  user = dovecot
  vsz_limit = 64 M
}
ssl_cert = </etc/httpd/conf/ssl.crt/server.crt
ssl_cipher_list = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
ssl_key = </etc/httpd/conf/ssl.key/server.key
userdb {
  driver = passwd
}
userdb {
  args = username_format=%n /etc/virtual/%d/passwd
  driver = passwd-file
}
verbose_proctitle = yes
protocol pop3 {
  pop3_uidl_format = %08Xu%08Xv
}

If I do decide to give this a try does it matter where I place the line? Should it be inside the "service imap-login" section? Or the "protocols = imap pop3" section? Or should be outside of those sections near the beginning or end of the file?

I seem to be having a difficult time finding good documentation for setting up a Dovecot 2 config file, can anyone recommend a good source for documentation on configuring Dovecot 2?

Thanks in advance.
 
I did some more searching on some mailing lists this morning and ended up adding this to my dovecot.conf file...
Code: 
protocol imap {
  mail_max_userip_connections = 20
}
I restarted dovecot, did a doveconf -n and that section appears in there so hopefully that is all that was needed. I should know later today if the problem is fixed or not.
 
roarkh said:
I did some more searching on some mailing lists this morning and ended up adding this to my dovecot.conf file...
Code: 
protocol imap {
  mail_max_userip_connections = 20
}
I restarted dovecot, did a doveconf -n and that section appears in there so hopefully that is all that was needed. I should know later today if the problem is fixed or not.
Click to expand...

How did this work out after some time, did it work correct?

I am having the same problem, a user with desktop, laptop, notepad and phone etc is giving this warnings in logwatch every morning (please note that I have changed the ip to not show the real ips):

Code: 
Dovecot limits exceeded:
max_userip_connections: [email protected] from 11.111.111.111 to 222.222.222.222: 38 Time(s)

However when I look at /etc/dovecot/dovecot.conf it looks a little different then in yours, it does not say "protocol imap", but only this:

Code: 
mail_max_userip_connections = 15
remote 127.0.0.1 {
  mail_max_userip_connections = 40
}

Also, I wonder if I raise the mail_max_userip_connections = 15 to say the double for example 30, if I also should raise the mail_max_userip_connections = 40 at the bottom to the double wich would be 80?

Also is it possible to create a custom directory for /etc/dovecot/dovecot.conf? Where should it be then?
 
Actual servers have /etc/dovecot/dovecot.conf and possibly /etc/dovecot.conf linked to /etc/dovecot/dovecot.conf. That's OK if you don't have "protocol imap" section. As you should use it if you want to set different limits for POP and IMAP.

If you change global value for mail_max_userip_connections to 30 there is no need to change value in "remote 127.0.0.1" section unless you face issue with allowed connections when working with webmails on your server.

I hope I answered all of your questions here.
 
You must log in or register to reply here.
Back
Top