Re: 4sec latency when using director

2019-03-19 Thread Erik de Waard via dovecot 
ok, i've found out that the directors are in the doveadm penalty list.

i believe adding the following solves the issue (still testing but looking
promising.
login_trusted_networks = 10.0.10.0/24

On Tue, Mar 19, 2019 at 2:19 PM Erik de Waard  wrote:

> Hi,
>
> I've been running dovecot for many years, but now i've hit a strange
> problem.
> when retrieving imap there is sometimes in 1 of 4 imap requests a 4sec
> latency.
>
> * notes:
> - connected directly to the backends this latency disappears
> - removing a director from the loadbalancer(lvs) so i'm the only connected
> to the director
> this latency disappears too
>
> I would appreciate some feedback of where to look because i tried various
> options. (client_limit,process_limit) perhaps its just as simple as to add
> more directors
> but any feedback would be welcome.
>
> Thank you.
>
> This is the setup:
>
> -- Internet -> LVS -> 3 Directors ->  9 Backends.
>
> doveadm director status
> mail server ip tag vhosts state state changed users
>
> 10.0.10.110100up- 3309
>
> 10.0.10.111100up- 3412
>
> 10.0.10.112100up- 3458
>
> 10.0.10.113100up- 3437
>
> 10.0.10.115100up- 3368
>
> 10.0.10.116100up- 3320
>
> 10.0.10.117100up- 3305
>
> 10.0.10.118100up- 3291
>
> 10.0.10.223100up- 3280
>
> #Director doveconf -n
> # Pigeonhole version 0.4.22 (22940fb7)
> # OS: Linux 4.9.0-6-amd64 x86_64 Debian 9.4
> # Hostname: server312.company.com
> auth_cache_negative_ttl = 0
> auth_cache_size = 10 M
> auth_cache_ttl = 1 days
> auth_username_chars =
> "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@#"
> default_client_limit = 3000
> director_mail_servers = 10.0.10.223 10.0.10.110 10.0.10.111 10.0.10.112
> 10.0.10.113 10.0.10.115 10.0.10.116 10.0.10.117 10.0.10.118
> director_servers = 10.0.10.114 10.0.10.181 10.0.10.182
> director_user_expire = 1 days
> disable_plaintext_auth = no
> info_log_path = /dev/null
> lmtp_proxy = yes
> login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e
> encryption=%k secured=%c
> mail_max_userip_connections = 100
> passdb {
>   args = proxy=y nopassword=y
>   driver = static
> }
> protocols = imap lmtp
> service director {
>   fifo_listener login/proxy-notify {
> mode = 0600
> user = $default_login_user
>   }
>   inet_listener {
> port = 9090
>   }
>   unix_listener director-userdb {
> mode = 0600
>   }
>   unix_listener login/director {
> mode = 0666
>   }
> }
> service imap-login {
>   client_limit = 6000
>   executable = imap-login director
>   process_limit = 4
>   process_min_avail = 4
>   service_count = 0
>   vsz_limit = 600 M
> }
> service ipc {
>   unix_listener ipc {
> user = dovecot
>   }
> }
> service lmtp {
>   inet_listener lmtp {
> port = 24
>   }
> }
> ssl_cert =  ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL:!RC4:!SEED@STRENGTH
> ssl_key =  # hidden, use -P to show it
> ssl_prefer_server_ciphers = yes
> protocol lmtp {
>   auth_socket_path = director-userdb
> }
>
>
> #backend doveconf -n
> # 2.2.34 (874deae): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.4.22 (22940fb7)
> # OS: Linux 4.9.0-6-amd64 x86_64 Debian 9.4
> # Hostname: server250.company.com
> auth_cache_negative_ttl = 0
> auth_cache_size = 10 M
> auth_cache_ttl = 1 days
> auth_username_chars =
> "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@#"
> default_client_limit = 1500
> default_vsz_limit = 600 M
> disable_plaintext_auth = no
> info_log_path = /dev/null
> listen = *
> log_timestamp = "%Y-%m-%d %H:%M:%S "
> mail_max_userip_connections = 100
> mail_privileged_group = mail
> mmap_disable = yes
> namespace inbox {
>   inbox = yes
>   location =
>   mailbox Drafts {
> special_use = \Drafts
>   }
>   mailbox Junk {
> special_use = \Junk
>   }
>   mailbox Sent {
> special_use = \Sent
>   }
>   mailbox "Sent Messages" {
> special_use = \Sent
>   }
>   mailbox Trash {
> special_use = \Trash
>   }
>   prefix = INBOX.
>   separator = .
>   type = private
> }
> passdb {
>   args = /etc/dovecot/dovecot-sql.conf
>   driver = sql
> }
> plugin {
>   sieve_execute_bin_dir = /etc/dovecot/sieve-executables
>   sieve_global_extensions = +vnd.dovecot.execute
>   sieve_plugins = sieve_extprograms
> }
> protocols = imap lmtp
> service anvil {
>   unix_listener anvil-auth-penalty {
> mode = 0600
>   }
> }
> service auth {
>   user = root
> }
> service imap-login {
>   client_limit = 6000
>   process_limit = 4
>   process_min_avail = 4
>   service_count = 0
>   vsz_limit = 600 M
> }
> service imap {
>   client_limit = 1
>   process_limit = 1024
>   service_count = 50
> }
> service lmtp {
>   inet_listener lmtp {
> port = 24
>   }
> }
> ssl = no
> ssl_cert =  ssl_key =  # hidden, use -P to show it
> userdb {
>   driver =

4sec latency when using director

2019-03-19 Thread Erik de Waard via dovecot 
Hi,

I've been running dovecot for many years, but now i've hit a strange
problem.
when retrieving imap there is sometimes in 1 of 4 imap requests a 4sec
latency.

* notes:
- connected directly to the backends this latency disappears
- removing a director from the loadbalancer(lvs) so i'm the only connected
to the director
this latency disappears too

I would appreciate some feedback of where to look because i tried various
options. (client_limit,process_limit) perhaps its just as simple as to add
more directors
but any feedback would be welcome.

Thank you.

This is the setup:

-- Internet -> LVS -> 3 Directors ->  9 Backends.

doveadm director status
mail server ip tag vhosts state state changed users

10.0.10.110100up- 3309

10.0.10.111100up- 3412

10.0.10.112100up- 3458

10.0.10.113100up- 3437

10.0.10.115100up- 3368

10.0.10.116100up- 3320

10.0.10.117100up- 3305

10.0.10.118100up- 3291

10.0.10.223100up- 3280

#Director doveconf -n
# Pigeonhole version 0.4.22 (22940fb7)
# OS: Linux 4.9.0-6-amd64 x86_64 Debian 9.4
# Hostname: server312.company.com
auth_cache_negative_ttl = 0
auth_cache_size = 10 M
auth_cache_ttl = 1 days
auth_username_chars =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@#"
default_client_limit = 3000
director_mail_servers = 10.0.10.223 10.0.10.110 10.0.10.111 10.0.10.112
10.0.10.113 10.0.10.115 10.0.10.116 10.0.10.117 10.0.10.118
director_servers = 10.0.10.114 10.0.10.181 10.0.10.182
director_user_expire = 1 days
disable_plaintext_auth = no
info_log_path = /dev/null
lmtp_proxy = yes
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e
encryption=%k secured=%c
mail_max_userip_connections = 100
passdb {
  args = proxy=y nopassword=y
  driver = static
}
protocols = imap lmtp
service director {
  fifo_listener login/proxy-notify {
mode = 0600
user = $default_login_user
  }
  inet_listener {
port = 9090
  }
  unix_listener director-userdb {
mode = 0600
  }
  unix_listener login/director {
mode = 0666
  }
}
service imap-login {
  client_limit = 6000
  executable = imap-login director
  process_limit = 4
  process_min_avail = 4
  service_count = 0
  vsz_limit = 600 M
}
service ipc {
  unix_listener ipc {
user = dovecot
  }
}
service lmtp {
  inet_listener lmtp {
port = 24
  }
}
ssl_cert =