Dear Eric,
Thanks for your help. I tried your above advise and changed in local.conf
file then i restarted the service dovecot restart. After restart the server
i tried this command doveconf -d still service count shows 1. FYR below.
service imap-login {
chroot = login
client_limit = 0
drop_priv_before_exec = no
executable = imap-login
extra_groups =
group =
idle_kill = 0
inet_listener imap {
address =
port = 143
reuse_port = no
ssl = no
}
inet_listener imaps {
address =
port = 993
reuse_port = no
ssl = yes
}
privileged_group =
process_limit = 0
process_min_avail = 0
protocol = imap
service_count = 1
type = login
user = $default_login_user
vsz_limit = 18446744073709551615 B
}
My changes in local.conf.
service imap-login {
service_count = 0
#client_limit = $default_client_limit
#process_min_avail = 0
#vsz_limit = 64M
}
service pop3-login {
service_count = 0
}
My 10-master.conf under conf.d file below.
service imap-login {
inet_listener imap {
# process_limit = 15
# client_limit = 10740
#port = 143
}
inet_listener imaps {
#port = 993
#ssl = yes
}
# Number of connections to handle before starting a new process. Typically
# the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
# is faster. <doc/wiki/LoginProcess.txt>
#service_count = 1
# Number of processes to always keep waiting for more connections.
#process_min_avail = 0
# If you set service_count=0, you probably need to grow this.
#vsz_limit = $default_vsz_limit
}
service pop3-login {
inet_listener pop3 {
#port = 110
}
inet_listener pop3s {
#port = 995
#ssl = yes
}
}
I think the problem is whatever change did in dovecot folder means
local.conf or toaster.conf or 10-master.conf it's not overwrite in doveconf
file that's why i couldn't fix this issue.
Is any mismatch configuration there in dovecot package or qmailtoaster.
Or do i reinstall the current dovecot toaster package will it fix this
issue.
Please advise it and help me.
If i need to do reinstall kindly let me know the command procedures.
Because this is live server and would not affect any email accounts or data.
Please help me to resolve this issue.
On Thu, Jul 23, 2015 at 7:45 PM, Eric Broch <[email protected]> wrote:
> Chandran,
>
> From the configuration you sent you have the following setting...
>
> service imap-login {
> .
> .
> .
> service_count = 1
> .
> .
> .
> }
>
> from http://wiki2.dovecot.org/LoginProcess
>
> It should be...
>
> service imap-login {
> service_count = 0
> }
>
> For High-performance mode.
>
> And, I would not change any configuration file in /etc/dovecot/conf.d
> directory, make all your changes in local.conf
>
> In the above link, here's the High-Performance section:
>
> High-performance mode
>
> You can enable high-performance mode with:
>
> service imap-login { service_count = 0 #client_limit =
> $default_client_limit #process_min_avail = 0 #vsz_limit = 64M}service
> pop3-login { service_count = 0}
>
> It works by using a number of long running login processes, each
> handling a number of connections. This loses much of the security benefits
> of the login process design, because in case of a security hole (in Dovecot
> or SSL library) the attacker is now able to see other users logging in and
> steal their passwords, read their mails, etc.
>
> -
>
> process_min_avail should be set to be at least the number of CPU cores
> in the system, so that all of them will be used.
> - Otherwise new processes are created only once an existing one's
> connection count reaches client_limit
> - Default client_limit * process_limit = 1000*100 = 100k connections
> - vsz_limit should be increased to avoid out of memory errors,
> especially if you're using SSL/TLS.
>
>
>
> Eric
>
>
>
> On 7/23/2015 1:01 AM, Chandran Manikandan wrote:
>
> Dear Eric,
> Please find the attached file FYR . please check and help me to resolve it.
>
> On Wed, Jul 22, 2015 at 8:21 PM, Eric Broch <[email protected]>
> wrote:
>
>>
>> Look here http://wiki2.dovecot.org/LoginProcess
>>
>>
>> On 7/22/2015 3:56 AM, Chandran Manikandan wrote:
>>
>> Dear Friends,
>> I have faced below issues since two weeks to till now. Could anyone help
>> me to rectify this issue.
>>
>> Below message retrieve from logs and getting disconnection from Outlook
>> and other email clients.
>>
>> Error Message
>>
>> master: Warning: service(imap-login): process_limit (100) reached,
>> client connections are being dropped
>>
>> My local.conf from dovecot folder
>>
>> protocol imap {
>> imap_client_workarounds = "delay-newmail"
>> mail_max_userip_connections = 20
>> default_process_limit = 300
>> }
>>
>> 10-master.conf
>>
>> default_process_limit = 300
>> default_client_limit = 1000
>>
>> service imap-login {
>> inet_listener imap {
>> # process_limit = 15
>> # client_limit = 300
>> #port = 143
>> }
>> protocol imap {"process_limit = 300"}
>>
>> Please check above config. I have modified in dovecot folder but
>> doesn't reflect the server. Is there anything in toaster issue. could any
>> one help me to solve it.
>>
>> My server toaster is dovecot-2.2.7-0.qt.el6.i686
>> Server is Centos 6.6
>>
>>
>>
>> --
>> *Thanks,*
>> *Manikandan.C*
>> *System Administrator*
>>
>>
>>
>
>
> --
> *Thanks,*
> *Manikandan.C*
> *System Administrator*
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
>
--
*Thanks,*
*Manikandan.C*
*System Administrator*
