First, why use SASL auth? It needs a database. Have you considered
more scalable alternatives such as TLS client certificates?
Postfix can use certificate fingerprints instead of PKI.
Second, if you must use SASL auth:
What is the authentication backend database query latency? Have you
looked at their logging? Even if the latency is an unrealistic 10ms
then you cannot expect to handle thousands of SASL logins per second.
If a submission process limit of 100 still results in auth server
timeouts, then Postfix is definitely overwhelming the Dovecot auth
server. Have you looked at their logging?
What about the number of Dovecot auth workers? The configured 60
means the auth server can have only 60 database requests in flight
at any point in time. This may not be sufficient to handle the
onslaught.
Ubuntu is sometimes configured to log warnings separate from
non-warning messages. This is incredibly unhelpful, because people
may forget to look there.
Wietse
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
