subject:"RE\: Imap client with \~7500 imap cmds \~250\/\~500 read\(\) syscall"

RE: Imap client with ~7500 imap cmds ~250/~500 read() syscall

2020-12-31 Thread aki.tuomi



> On 31/12/2020 13:18 Marc Roos  wrote:
> 
>  
> >
> >
> >
> >>  
> >> Looks like this mail client has problems with the archive 
> >> namespace[1], I assume I have nothing strange in there because other 
> >> clients just issue around ~50 cmds. So I guess this is just bad 
> >> programming of some new flashy trendy tool someone has downloaded?
> >> 
> >> The raw in log has 
> >> nr
> >>   34212 LIST ""
> >>   35190 SELECT Archive
> >> 
> >> Like this:
> >> 
> >
> >> ..(more mailboxes)..
> >> 
> >>   mailbox Archive {
> >> auto = create
> >> autoexpunge = 0
> >> autoexpunge_max_mails = 0
> >> comment =
> >> driver =
> >> special_use = \Archive
> >>   }
> >>   mailbox "Archived mail" {
> >> auto = no
> >> autoexpunge = 0
> >> autoexpunge_max_mails = 0
> >> comment =
> >> driver =
> >> special_use = \Archive
> >>   }
> >>   mailbox "Archived messages" {
> >> auto = no
> >> autoexpunge = 0
> >> autoexpunge_max_mails = 0
> >> comment =
> >> driver =
> >> special_use = \Archive
> >>   }
> >> ..(more mailboxes)..
> >> 
> >>   order = 0
> >>   prefix =
> >>   separator = /
> >>   subscriptions = yes
> >>   type = private
> >> }
> >
> >Bit curious config, do you have an INBOX namespace somewhere as 
> >well? This looks like root namespace as it has no prefix.
> >
> 
> Yes I have inbox namespace[1]. I think this config comes from in the 
> past wanting to have different mail locations and being bound to the 
> /var/spool/mail mbox files of sendmail. 
> 
> [1]
> namespace inbox {
>   disabled = no
>   hidden = no
>   ignore_on_failure = no
>   inbox = yes
>   list = yes
>   location =
>   mailbox Deleted {
> auto = no
> autoexpunge = 0
> autoexpunge_max_mails = 0
> comment =
> driver =
> special_use = \Trash
>   }
> 
> ..
>   
>   mailbox Trash {
> auto = create
> autoexpunge = 0
> autoexpunge_max_mails = 0
> comment =
> driver =
> special_use = \Trash
>   }
>   order = 0
>   prefix =
>   separator = /
>   subscriptions = yes
>   type = private
> }

You are not supposed to have more than one namespace with same prefix.

Aki

RE: Imap client with ~7500 imap cmds ~250/~500 read() syscall

2020-12-31 Thread Marc Roos

>
>
>
>>  
>> Looks like this mail client has problems with the archive 
>> namespace[1], I assume I have nothing strange in there because other 
>> clients just issue around ~50 cmds. So I guess this is just bad 
>> programming of some new flashy trendy tool someone has downloaded?
>> 
>> The raw in log has 
>> nr
>>   34212 LIST ""
>>   35190 SELECT Archive
>> 
>> Like this:
>> 
>
>> ..(more mailboxes)..
>> 
>>   mailbox Archive {
>> auto = create
>> autoexpunge = 0
>> autoexpunge_max_mails = 0
>> comment =
>> driver =
>> special_use = \Archive
>>   }
>>   mailbox "Archived mail" {
>> auto = no
>> autoexpunge = 0
>> autoexpunge_max_mails = 0
>> comment =
>> driver =
>> special_use = \Archive
>>   }
>>   mailbox "Archived messages" {
>> auto = no
>> autoexpunge = 0
>> autoexpunge_max_mails = 0
>> comment =
>> driver =
>> special_use = \Archive
>>   }
>> ..(more mailboxes)..
>> 
>>   order = 0
>>   prefix =
>>   separator = /
>>   subscriptions = yes
>>   type = private
>> }
>
>Bit curious config, do you have an INBOX namespace somewhere as 
>well? This looks like root namespace as it has no prefix.
>

Yes I have inbox namespace[1]. I think this config comes from in the 
past wanting to have different mail locations and being bound to the 
/var/spool/mail mbox files of sendmail. 

[1]
namespace inbox {
  disabled = no
  hidden = no
  ignore_on_failure = no
  inbox = yes
  list = yes
  location =
  mailbox Deleted {
auto = no
autoexpunge = 0
autoexpunge_max_mails = 0
comment =
driver =
special_use = \Trash
  }

..
  
  mailbox Trash {
auto = create
autoexpunge = 0
autoexpunge_max_mails = 0
comment =
driver =
special_use = \Trash
  }
  order = 0
  prefix =
  separator = /
  subscriptions = yes
  type = private
}

RE: Imap client with ~7500 imap cmds ~250/~500 read() syscall

2020-12-31 Thread aki.tuomi



> On 31/12/2020 11:51 Marc Roos  wrote:
> 
>  
> Looks like this mail client has problems with the archive namespace[1], 
> I assume I have nothing strange in there because other clients just 
> issue around ~50 cmds. So I guess this is just bad programming of some 
> new flashy trendy tool someone has downloaded?
> 
> The raw in log has 
> nr
>   34212 LIST ""
>   35190 SELECT Archive
> 
> Like this:
> 

> ..(more mailboxes)..
> 
>   mailbox Archive {
> auto = create
> autoexpunge = 0
> autoexpunge_max_mails = 0
> comment =
> driver =
> special_use = \Archive
>   }
>   mailbox "Archived mail" {
> auto = no
> autoexpunge = 0
> autoexpunge_max_mails = 0
> comment =
> driver =
> special_use = \Archive
>   }
>   mailbox "Archived messages" {
> auto = no
> autoexpunge = 0
> autoexpunge_max_mails = 0
> comment =
> driver =
> special_use = \Archive
>   }
> ..(more mailboxes)..
> 
>   order = 0
>   prefix =
>   separator = /
>   subscriptions = yes
>   type = private
> }

Bit curious config, do you have an INBOX namespace somewhere as well? This 
looks like root namespace as it has no prefix.

Aki

RE: Imap client with ~7500 imap cmds ~250/~500 read() syscall

2020-12-31 Thread Marc Roos

 
Looks like this mail client has problems with the archive namespace[1], 
I assume I have nothing strange in there because other clients just 
issue around ~50 cmds. So I guess this is just bad programming of some 
new flashy trendy tool someone has downloaded?

The raw in log has 
nr
  34212 LIST ""
  35190 SELECT Archive

Like this:

350 SELECT Archive
2351 LIST "" "*"
2352 SELECT Archive
2353 LIST "" "*"
2354 SELECT Archive
2355 LIST "" "*"
2356 SELECT Archive
2357 LIST "" "*"
2358 SELECT Archive
2359 LIST "" "*"
2360 SELECT Archive
2361 LIST "" "*"
2362 SELECT Archive
2363 LIST "" "*"
2364 SELECT Archive
2365 LIST "" "*"
2366 SELECT Archive
2367 LIST "" "*"
2368 SELECT Archive
2369 LIST "" "*"
2370 SELECT Archive
2371 LIST "" "*"
2372 SELECT Archive
2373 LIST "" "*"
2374 SELECT Archive
2375 LIST "" "*"
2376 SELECT Archive
2377 LIST "" "*"
2378 SELECT Archive
2379 LIST "" "*"
2380 SELECT Archive
2381 LIST "" "*"
2382 SELECT Archive
2383 LIST "" "*"
2384 SELECT Archive
2385 LIST "" "*"
2386 SELECT Archive
2387 LIST "" "*"
2388 SELECT Archive
2389 LIST "" "*"
2390 SELECT Archive
2391 LIST "" "*"
2392 SELECT Archive
2393 LIST "" "*"
2394 SELECT Archive
2395 LIST "" "*"
2396 SELECT Archive
2397 LIST "" "*"
2398 SELECT Archive
2399 LIST "" "*"
2400 SELECT Archive
2401 LIST "" "*"
2402 SELECT Archive
2403 LIST "" "*"
2404 SELECT Archive

[1]
namespace 4archives {
  disabled = no
  hidden = no
  ignore_on_failure = no
  inbox = no
  list = yes
  location = 
mdbox:/home/mail-archive/%u/Archive/:CONTROL=/home/mail-archive/%u/Archi
ve/control:INDEX=/home/archiveindex/%u/index

..(more mailboxes)..

  mailbox Archive {
auto = create
autoexpunge = 0
autoexpunge_max_mails = 0
comment =
driver =
special_use = \Archive
  }
  mailbox "Archived mail" {
auto = no
autoexpunge = 0
autoexpunge_max_mails = 0
comment =
driver =
special_use = \Archive
  }
  mailbox "Archived messages" {
auto = no
autoexpunge = 0
autoexpunge_max_mails = 0
comment =
driver =
special_use = \Archive
  }
..(more mailboxes)..

  order = 0
  prefix =
  separator = /
  subscriptions = yes
  type = private
}

RE: Imap client with ~7500 imap cmds ~250/~500 read() syscall

2020-12-30 Thread Marc Roos

>>  
>> >
>> >> 
>> >>  
>> >> I am playing a bit with the monitoring, and I have noticed there 
is
>> one
>> >> client of the chart with ~7500, while the others are between ~17 
>> >> and
>> ~60
>> >> (dovecot_user_num_cmds).
>> >> 
>> >> I assume this is related to the client, or is it possible 
something
>> is
>> >> wrong on the server side? Is someone having also such numbers or 
is
>> this
>> >> really strange. Is it possible to limit these cmd's?
>> >
>> >Maybe you should look into what command(s) are being executed first?
>> >
>> >event_exporter cmd_export {
>> >  format = json
>> >  format_args = time-rfc3339
>> >  transport = log
>> >}
>> >
>> >metric imap_command {
>> >   event_name = imap_command_finished
>> >   filter {
>> >  user = anomalous
>> >   }
>> >   exporter = cmd_export
>> >}
>> >
>> 
>> Is there also a way to do this on dovecot 2.2?
>
>With rawlogs, I suppose.
>

If I get this raw log, I am getting huge amount of lists

cut -d ' ' -f2 20201230-181651-16624.out |sort | uniq -c | sort -n

..
 17 FLAGS
 20 0
328 NO
   1284 )
   1284
   9021 OK
 133350 LIST

RE: Imap client with ~7500 imap cmds ~250/~500 read() syscall

2020-12-30 Thread aki.tuomi



> On 30/12/2020 12:06 Marc Roos  wrote:
> 
>  
> >
> >> 
> >>  
> >> I am playing a bit with the monitoring, and I have noticed there is 
> one 
> >> client of the chart with ~7500, while the others are between ~17 and 
> ~60 
> >> (dovecot_user_num_cmds).
> >> 
> >> I assume this is related to the client, or is it possible something 
> is 
> >> wrong on the server side? Is someone having also such numbers or is 
> this 
> >> really strange. Is it possible to limit these cmd's?
> >
> >Maybe you should look into what command(s) are being executed first?
> >
> >event_exporter cmd_export {
> >  format = json
> >  format_args = time-rfc3339
> >  transport = log
> >}
> >
> >metric imap_command {
> >   event_name = imap_command_finished
> >   filter {
> >  user = anomalous
> >   }
> >   exporter = cmd_export
> >}
> >
> 
> Is there also a way to do this on dovecot 2.2?

With rawlogs, I suppose.

Aki

RE: Imap client with ~7500 imap cmds ~250/~500 read() syscall

2020-12-30 Thread Marc Roos

>
>> 
>>  
>> I am playing a bit with the monitoring, and I have noticed there is 
one 
>> client of the chart with ~7500, while the others are between ~17 and 
~60 
>> (dovecot_user_num_cmds).
>> 
>> I assume this is related to the client, or is it possible something 
is 
>> wrong on the server side? Is someone having also such numbers or is 
this 
>> really strange. Is it possible to limit these cmd's?
>
>Maybe you should look into what command(s) are being executed first?
>
>event_exporter cmd_export {
>  format = json
>  format_args = time-rfc3339
>  transport = log
>}
>
>metric imap_command {
>   event_name = imap_command_finished
>   filter {
>  user = anomalous
>   }
>   exporter = cmd_export
>}
>

Is there also a way to do this on dovecot 2.2?

Re: Imap client with ~7500 imap cmds ~250/~500 read() syscall

2020-12-30 Thread Aki Tuomi



> On 30/12/2020 11:46 Marc Roos  wrote:
> 
>  
> I am playing a bit with the monitoring, and I have noticed there is one 
> client of the chart with ~7500, while the others are between ~17 and ~60 
> (dovecot_user_num_cmds).
> 
> I assume this is related to the client, or is it possible something is 
> wrong on the server side? Is someone having also such numbers or is this 
> really strange. Is it possible to limit these cmd's?

Maybe you should look into what command(s) are being executed first?

event_exporter cmd_export {
  format = json
  format_args = time-rfc3339
  transport = log
}

metric imap_command {
   event_name = imap_command_finished
   filter {
  user = anomalous
   }
   exporter = cmd_export
}

Aki

RE: Imap client with ~7500 imap cmds ~250/~500 read() syscall

RE: Imap client with ~7500 imap cmds ~250/~500 read() syscall

RE: Imap client with ~7500 imap cmds ~250/~500 read() syscall

RE: Imap client with ~7500 imap cmds ~250/~500 read() syscall

RE: Imap client with ~7500 imap cmds ~250/~500 read() syscall

RE: Imap client with ~7500 imap cmds ~250/~500 read() syscall

RE: Imap client with ~7500 imap cmds ~250/~500 read() syscall

Re: Imap client with ~7500 imap cmds ~250/~500 read() syscall

8 matches

Site Navigation

Mail list logo

Footer information