目錄

• fsync
• Login processes

 

fsync

Since power failures and kernel panics are quite rare, many people are tempted to disable fsyncing because it may increase the performance quite a lot. Dovecot allows this by setting mail_fsync=never.

# Default to no fsyncing
mail_fsync = never

protocol lda {
  # Enable fsyncing for LDA
  mail_fsync = optimized
}
protocol lmtp {
  # Enable fsyncing for LMTP
  mail_fsync = optimized
}

 

Version 2

加入

mail_fsync = never

LDA (local delivery agent)

which takes mail from an MTA and delivers it to a user's mailbox, while keeping

# Default to no fsyncing
mail_fsync = never

protocol lda {
  # Enable fsyncing for LDA
  mail_fsync = optimized
}

 

---

Login processes

 

Dovecot: v2

Default: High-security mode (default)

* running each connection in a separate process

* processes run in a highly restricted chroot

* handle proxying the SSL and TLS connections even after the user has logged in

* maximum login process count is reached, logging-in state (ie. non-proxying) is destroyed

舉 imap 為例

service imap-login {
  idle_kill = 0
  client_limit = 0
  service_count = 1             <-- 當 0 時, 會一個 proccess 可以 handling 幾多 connections. 作用: reduce forks 
  process_min_avail = 3         <-- avoid startup latency 
  process_limit = 16            <-- 同時幾多人可以 login, defaults: default_process_limit, 亦即是 100
  #vsz_limit = 64M
}

POP3

service pop3-login {
  service_count = 1
  process_min_avail = 3
  process_limit = 16
}

有幾多人可以用 imap

protocol imap {
    ........
    mail_max_userip_connections = 32
}

High-performance:

service imap-login {
  service_count = 0
  #client_limit = $default_client_limit
  #vsz_limit = 64M
}

client_limit:  每個 process 可以 handle 多少個 client connection

# Default: client_limit * process_limit = 1000*100 = 100k connections

P.S.

vsz_limit should be increased to avoid out of memory errors (尤其在用 SSL/TLS 時要注意)

 

Dovecot: v1

High-security mode (Default) 設定

# number of login processes that are tried to be kept listening for new connections
login_processes_count=3

# check every second if we need to start up new processes to keep the listening process count the same as the wanted count

# listening, non-listening and SSL/TLS-proxying processes
login_max_processes_count = 128

P.S.

小心 fork-bombing

 

High-performance mode 設定

# default yes. 當 no 時, 每個 process 可以處理多個一個 connection
login_process_per_connection=no

# 每個 process 能夠處理多少個 connection.
# 當數量達到時, Dovecot 就會開新 process
login_max_connections=256

# 在 High-performance mode 時, 最好 1 CPUS 1, default 設定值是用於 High-security mode
login_max_processes_count=128

P.S.

支援人數 = login_max_connections * login_max_processes_count

已建立的 process 會繼續存在, 不會被 destroy

 

Remark

verbose_auth = yes

idle_kill

    If a process doesn't appear to be doing anything after this much time
    If set to 0, default_idle_kill is used.

client_limit

    Maximum number of simultaneous client connections.
    If set to 0, default_client_limit is used instead.

service_count

    Number of client connections to handle until the process kills itself.
    0 means unlimited.

process_limit

    Maximum number of processes that can exist for this service.
    If set to 0, default_process_limit is used instead.

# default: 60
default_idle_kill

# default: 1000
default_client_limit

 

---