Dovecot performance tuning





Since power failures and kernel panics are quite rare, many people are tempted to disable fsyncing because it may increase the performance quite a lot. Dovecot allows this by setting mail_fsync=never.

# Default to no fsyncing
mail_fsync = never

protocol lda {
  # Enable fsyncing for LDA
  mail_fsync = optimized
protocol lmtp {
  # Enable fsyncing for LMTP
  mail_fsync = optimized


Version 2


mail_fsync = never

LDA (local delivery agent)

which takes mail from an MTA and delivers it to a user's mailbox, while keeping

# Default to no fsyncing
mail_fsync = never

protocol lda {
  # Enable fsyncing for LDA
  mail_fsync = optimized


Login processes


Dovecot: v2

Default: High-security mode (default)

* running each connection in a separate process

* processes run in a highly restricted chroot

* handle proxying the SSL and TLS connections even after the user has logged in

* maximum login process count is reached, logging-in state (ie. non-proxying) is destroyed

舉 imap 為例

service imap-login {
  idle_kill = 0
  client_limit = 0
  service_count = 1             <-- 當 0 時, 會一個 proccess 可以 handling 幾多 connections. 作用: reduce forks 
  process_min_avail = 3         <-- avoid startup latency 
  process_limit = 16            <-- 同時幾多人可以 login, defaults: default_process_limit, 亦即是 100
  #vsz_limit = 64M


service pop3-login {
  service_count = 1
  process_min_avail = 3
  process_limit = 16

有幾多人可以用 imap

protocol imap {
    mail_max_userip_connections = 32


service imap-login {
  service_count = 0
  #client_limit = $default_client_limit
  #vsz_limit = 64M

client_limit:  每個 process 可以 handle 多少個 client connection

# Default: client_limit * process_limit = 1000*100 = 100k connections


vsz_limit should be increased to avoid out of memory errors (尤其在用 SSL/TLS 時要注意)


Dovecot: v1

High-security mode (Default) 設定

# number of login processes that are tried to be kept listening for new connections

# check every second if we need to start up new processes to keep the listening process count the same as the wanted count

# listening, non-listening and SSL/TLS-proxying processes
login_max_processes_count = 128


小心 fork-bombing


High-performance mode 設定

# default yes. 當 no 時, 每個 process 可以處理多個一個 connection

# 每個 process 能夠處理多少個 connection.
# 當數量達到時, Dovecot 就會開新 process

# 在 High-performance mode 時, 最好 1 CPUS 1, default 設定值是用於 High-security mode


支援人數 = login_max_connections * login_max_processes_count

已建立的 process 會繼續存在, 不會被 destroy



verbose_auth = yes


    If a process doesn't appear to be doing anything after this much time
    If set to 0, default_idle_kill is used.


    Maximum number of simultaneous client connections.
    If set to 0, default_client_limit is used instead.


    Number of client connections to handle until the process kills itself.
    0 means unlimited.


    Maximum number of processes that can exist for this service.
    If set to 0, default_process_limit is used instead.

# default: 60

# default: 1000