Bug 38718

Summary: Make Dovecot connection/memory limits configurable
Product: UCS Reporter: Daniel Tröder <troeder>
Component: Mail - DovecotAssignee: Daniel Tröder <troeder>
Status: CLOSED FIXED QA Contact: Sönke Schwardt-Krummrich <schwardt>
Severity: normal    
Priority: P5 CC: schwardt, walkenhorst
Version: UCS 4.0   
Target Milestone: ---   
Hardware: Other   
OS: Linux   
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:
Bug Depends on:    
Bug Blocks: 34839    

Description Daniel Tröder univentionstaff 2015-06-17 09:18:10 CEST 
* UCRVs to match univention-mail-cyrus default max. 400 (?) impa+pop connections
* UCRVs to generally make Dovecot more adaptable to different performance scenarios
Comment 1 Daniel Tröder univentionstaff 2015-06-18 11:50:33 CEST 
Commit 61361 adds 20 UCVs mail/dovecot/limits/* to configure IMAP, POP3, managesieve, login, auth and anvil services separately.

The default limits are set to 400 connections to each service like in Cyrus.

The limit on open file descriptors (ulimit -n) is set to the maximum possible number of connections (when Dovecot is restarted).

No magic is done to set other variables automatically to sane values if one variable is changed - that is left up to the user. Dovecots log and documentation is very helpful with this though.
Comment 2 Daniel Tröder univentionstaff 2015-06-18 12:55:46 CEST 
P.S.: Default configuration is the so called "High-security mode".

"High-performance mode" can be enabled by setting:
mail/dovecot/limits/imap-login/service_count=0
mail/dovecot/limits/pop3-login/service_count=0

(see http://wiki2.dovecot.org/LoginProcess)
Comment 3 Sönke Schwardt-Krummrich univentionstaff 2015-07-03 13:16:57 CEST 
Tested with via 30_imap_server_with_hundreds_of_connections:
- Limits were set to 
   mail/dovecot/limits/default_process_limit=2000
   mail/dovecot/limits/default_client_limit=2000
   mail/dovecot/limits/auth/client_limit=10000
   mail/dovecot/limits/anvil/client_limit=8003
- test sets ulimit to 2048
- test establishes 1500 simultaneous IMAP connection
- each connection does a login with the same user
- if all logins were successful, each connection is closed

No problems occurred.
Comment 4 Sönke Schwardt-Krummrich univentionstaff 2015-07-06 23:35:17 CEST 
There were code changes to the process limits → have to repeat QA
Comment 5 Sönke Schwardt-Krummrich univentionstaff 2015-07-08 00:29:53 CEST 
Reviewed settings again; tested with 400 simultaneous SSL connections
→ OK → VERIFIED
Comment 6 Janek Walkenhorst univentionstaff 2015-07-09 18:14:53 CEST 
<http://errata.univention.de/ucs/4.0/237.html>