RE: Imap client with ~7500 imap cmds ~250/~500 read() syscall
> On 31/12/2020 13:18 Marc Roos wrote:
>
>
> >
> >
> >
> >>
> >> Looks like this mail client has problems with the archive
> >> namespace[1], I assume I have nothing strange in there because other
> >> clients just issue around ~50 cmds. So I guess this is just bad
> >> programming of some new flashy trendy tool someone has downloaded?
> >>
> >> The raw in log has
> >> nr
> >> 34212 LIST ""
> >> 35190 SELECT Archive
> >>
> >> Like this:
> >>
> >
> >> ..(more mailboxes)..
> >>
> >> mailbox Archive {
> >> auto = create
> >> autoexpunge = 0
> >> autoexpunge_max_mails = 0
> >> comment =
> >> driver =
> >> special_use = \Archive
> >> }
> >> mailbox "Archived mail" {
> >> auto = no
> >> autoexpunge = 0
> >> autoexpunge_max_mails = 0
> >> comment =
> >> driver =
> >> special_use = \Archive
> >> }
> >> mailbox "Archived messages" {
> >> auto = no
> >> autoexpunge = 0
> >> autoexpunge_max_mails = 0
> >> comment =
> >> driver =
> >> special_use = \Archive
> >> }
> >> ..(more mailboxes)..
> >>
> >> order = 0
> >> prefix =
> >> separator = /
> >> subscriptions = yes
> >> type = private
> >> }
> >
> >Bit curious config, do you have an INBOX namespace somewhere as
> >well? This looks like root namespace as it has no prefix.
> >
>
> Yes I have inbox namespace[1]. I think this config comes from in the
> past wanting to have different mail locations and being bound to the
> /var/spool/mail mbox files of sendmail.
>
> [1]
> namespace inbox {
> disabled = no
> hidden = no
> ignore_on_failure = no
> inbox = yes
> list = yes
> location =
> mailbox Deleted {
> auto = no
> autoexpunge = 0
> autoexpunge_max_mails = 0
> comment =
> driver =
> special_use = \Trash
> }
>
> ..
>
> mailbox Trash {
> auto = create
> autoexpunge = 0
> autoexpunge_max_mails = 0
> comment =
> driver =
> special_use = \Trash
> }
> order = 0
> prefix =
> separator = /
> subscriptions = yes
> type = private
> }
You are not supposed to have more than one namespace with same prefix.
Aki
RE: Imap client with ~7500 imap cmds ~250/~500 read() syscall
>
>
>
>>
>> Looks like this mail client has problems with the archive
>> namespace[1], I assume I have nothing strange in there because other
>> clients just issue around ~50 cmds. So I guess this is just bad
>> programming of some new flashy trendy tool someone has downloaded?
>>
>> The raw in log has
>> nr
>> 34212 LIST ""
>> 35190 SELECT Archive
>>
>> Like this:
>>
>
>> ..(more mailboxes)..
>>
>> mailbox Archive {
>> auto = create
>> autoexpunge = 0
>> autoexpunge_max_mails = 0
>> comment =
>> driver =
>> special_use = \Archive
>> }
>> mailbox "Archived mail" {
>> auto = no
>> autoexpunge = 0
>> autoexpunge_max_mails = 0
>> comment =
>> driver =
>> special_use = \Archive
>> }
>> mailbox "Archived messages" {
>> auto = no
>> autoexpunge = 0
>> autoexpunge_max_mails = 0
>> comment =
>> driver =
>> special_use = \Archive
>> }
>> ..(more mailboxes)..
>>
>> order = 0
>> prefix =
>> separator = /
>> subscriptions = yes
>> type = private
>> }
>
>Bit curious config, do you have an INBOX namespace somewhere as
>well? This looks like root namespace as it has no prefix.
>
Yes I have inbox namespace[1]. I think this config comes from in the
past wanting to have different mail locations and being bound to the
/var/spool/mail mbox files of sendmail.
[1]
namespace inbox {
disabled = no
hidden = no
ignore_on_failure = no
inbox = yes
list = yes
location =
mailbox Deleted {
auto = no
autoexpunge = 0
autoexpunge_max_mails = 0
comment =
driver =
special_use = \Trash
}
..
mailbox Trash {
auto = create
autoexpunge = 0
autoexpunge_max_mails = 0
comment =
driver =
special_use = \Trash
}
order = 0
prefix =
separator = /
subscriptions = yes
type = private
}
RE: Imap client with ~7500 imap cmds ~250/~500 read() syscall
> On 31/12/2020 11:51 Marc Roos wrote:
>
>
> Looks like this mail client has problems with the archive namespace[1],
> I assume I have nothing strange in there because other clients just
> issue around ~50 cmds. So I guess this is just bad programming of some
> new flashy trendy tool someone has downloaded?
>
> The raw in log has
> nr
> 34212 LIST ""
> 35190 SELECT Archive
>
> Like this:
>
> ..(more mailboxes)..
>
> mailbox Archive {
> auto = create
> autoexpunge = 0
> autoexpunge_max_mails = 0
> comment =
> driver =
> special_use = \Archive
> }
> mailbox "Archived mail" {
> auto = no
> autoexpunge = 0
> autoexpunge_max_mails = 0
> comment =
> driver =
> special_use = \Archive
> }
> mailbox "Archived messages" {
> auto = no
> autoexpunge = 0
> autoexpunge_max_mails = 0
> comment =
> driver =
> special_use = \Archive
> }
> ..(more mailboxes)..
>
> order = 0
> prefix =
> separator = /
> subscriptions = yes
> type = private
> }
Bit curious config, do you have an INBOX namespace somewhere as well? This
looks like root namespace as it has no prefix.
Aki
RE: Imap client with ~7500 imap cmds ~250/~500 read() syscall
Looks like this mail client has problems with the archive namespace[1],
I assume I have nothing strange in there because other clients just
issue around ~50 cmds. So I guess this is just bad programming of some
new flashy trendy tool someone has downloaded?
The raw in log has
nr
34212 LIST ""
35190 SELECT Archive
Like this:
350 SELECT Archive
2351 LIST "" "*"
2352 SELECT Archive
2353 LIST "" "*"
2354 SELECT Archive
2355 LIST "" "*"
2356 SELECT Archive
2357 LIST "" "*"
2358 SELECT Archive
2359 LIST "" "*"
2360 SELECT Archive
2361 LIST "" "*"
2362 SELECT Archive
2363 LIST "" "*"
2364 SELECT Archive
2365 LIST "" "*"
2366 SELECT Archive
2367 LIST "" "*"
2368 SELECT Archive
2369 LIST "" "*"
2370 SELECT Archive
2371 LIST "" "*"
2372 SELECT Archive
2373 LIST "" "*"
2374 SELECT Archive
2375 LIST "" "*"
2376 SELECT Archive
2377 LIST "" "*"
2378 SELECT Archive
2379 LIST "" "*"
2380 SELECT Archive
2381 LIST "" "*"
2382 SELECT Archive
2383 LIST "" "*"
2384 SELECT Archive
2385 LIST "" "*"
2386 SELECT Archive
2387 LIST "" "*"
2388 SELECT Archive
2389 LIST "" "*"
2390 SELECT Archive
2391 LIST "" "*"
2392 SELECT Archive
2393 LIST "" "*"
2394 SELECT Archive
2395 LIST "" "*"
2396 SELECT Archive
2397 LIST "" "*"
2398 SELECT Archive
2399 LIST "" "*"
2400 SELECT Archive
2401 LIST "" "*"
2402 SELECT Archive
2403 LIST "" "*"
2404 SELECT Archive
[1]
namespace 4archives {
disabled = no
hidden = no
ignore_on_failure = no
inbox = no
list = yes
location =
mdbox:/home/mail-archive/%u/Archive/:CONTROL=/home/mail-archive/%u/Archi
ve/control:INDEX=/home/archiveindex/%u/index
..(more mailboxes)..
mailbox Archive {
auto = create
autoexpunge = 0
autoexpunge_max_mails = 0
comment =
driver =
special_use = \Archive
}
mailbox "Archived mail" {
auto = no
autoexpunge = 0
autoexpunge_max_mails = 0
comment =
driver =
special_use = \Archive
}
mailbox "Archived messages" {
auto = no
autoexpunge = 0
autoexpunge_max_mails = 0
comment =
driver =
special_use = \Archive
}
..(more mailboxes)..
order = 0
prefix =
separator = /
subscriptions = yes
type = private
}
RE: Imap client with ~7500 imap cmds ~250/~500 read() syscall
>>
>> >
>> >>
>> >>
>> >> I am playing a bit with the monitoring, and I have noticed there
is
>> one
>> >> client of the chart with ~7500, while the others are between ~17
>> >> and
>> ~60
>> >> (dovecot_user_num_cmds).
>> >>
>> >> I assume this is related to the client, or is it possible
something
>> is
>> >> wrong on the server side? Is someone having also such numbers or
is
>> this
>> >> really strange. Is it possible to limit these cmd's?
>> >
>> >Maybe you should look into what command(s) are being executed first?
>> >
>> >event_exporter cmd_export {
>> > format = json
>> > format_args = time-rfc3339
>> > transport = log
>> >}
>> >
>> >metric imap_command {
>> > event_name = imap_command_finished
>> > filter {
>> > user = anomalous
>> > }
>> > exporter = cmd_export
>> >}
>> >
>>
>> Is there also a way to do this on dovecot 2.2?
>
>With rawlogs, I suppose.
>
If I get this raw log, I am getting huge amount of lists
cut -d ' ' -f2 20201230-181651-16624.out |sort | uniq -c | sort -n
..
17 FLAGS
20 0
328 NO
1284 )
1284
9021 OK
133350 LIST
RE: Imap client with ~7500 imap cmds ~250/~500 read() syscall
> On 30/12/2020 12:06 Marc Roos wrote:
>
>
> >
> >>
> >>
> >> I am playing a bit with the monitoring, and I have noticed there is
> one
> >> client of the chart with ~7500, while the others are between ~17 and
> ~60
> >> (dovecot_user_num_cmds).
> >>
> >> I assume this is related to the client, or is it possible something
> is
> >> wrong on the server side? Is someone having also such numbers or is
> this
> >> really strange. Is it possible to limit these cmd's?
> >
> >Maybe you should look into what command(s) are being executed first?
> >
> >event_exporter cmd_export {
> > format = json
> > format_args = time-rfc3339
> > transport = log
> >}
> >
> >metric imap_command {
> > event_name = imap_command_finished
> > filter {
> > user = anomalous
> > }
> > exporter = cmd_export
> >}
> >
>
> Is there also a way to do this on dovecot 2.2?
With rawlogs, I suppose.
Aki
RE: Imap client with ~7500 imap cmds ~250/~500 read() syscall
>
>>
>>
>> I am playing a bit with the monitoring, and I have noticed there is
one
>> client of the chart with ~7500, while the others are between ~17 and
~60
>> (dovecot_user_num_cmds).
>>
>> I assume this is related to the client, or is it possible something
is
>> wrong on the server side? Is someone having also such numbers or is
this
>> really strange. Is it possible to limit these cmd's?
>
>Maybe you should look into what command(s) are being executed first?
>
>event_exporter cmd_export {
> format = json
> format_args = time-rfc3339
> transport = log
>}
>
>metric imap_command {
> event_name = imap_command_finished
> filter {
> user = anomalous
> }
> exporter = cmd_export
>}
>
Is there also a way to do this on dovecot 2.2?
Re: Imap client with ~7500 imap cmds ~250/~500 read() syscall
> On 30/12/2020 11:46 Marc Roos wrote:
>
>
> I am playing a bit with the monitoring, and I have noticed there is one
> client of the chart with ~7500, while the others are between ~17 and ~60
> (dovecot_user_num_cmds).
>
> I assume this is related to the client, or is it possible something is
> wrong on the server side? Is someone having also such numbers or is this
> really strange. Is it possible to limit these cmd's?
Maybe you should look into what command(s) are being executed first?
event_exporter cmd_export {
format = json
format_args = time-rfc3339
transport = log
}
metric imap_command {
event_name = imap_command_finished
filter {
user = anomalous
}
exporter = cmd_export
}
Aki
Imap client with ~7500 imap cmds ~250/~500 read() syscall
I am playing a bit with the monitoring, and I have noticed there is one client of the chart with ~7500, while the others are between ~17 and ~60 (dovecot_user_num_cmds). I assume this is related to the client, or is it possible something is wrong on the server side? Is someone having also such numbers or is this really strange. Is it possible to limit these cmd's?
