[Dovecot] v1.1 max connections per user

Charles Marcus CMarcus at Media-Brokers.com
Sun Jul 1 02:50:55 EEST 2007


Timo Sirainen, on 6/30/2007 7:25 PM, said the following:
> On Sat, 2007-06-30 at 19:11 -0400, Charles Marcus wrote:
>> Timo Sirainen, on 6/30/2007 6:43 PM, said the following:
>>> v1.1 has now:
>>>
>>> # Maximum number of connections allowed for a user. The limits are enforced
>>> # separately for IMAP and POP3 connections, so you can move this setting
>>> # inside protocol {} to have separate settings for them. NOTE: The user names
>>> # are compared case-sensitively, so make sure your userdb returns usernames
>>> # always using the same casing so users can't bypass this limit!
>>> #mail_max_user_connections = 10
>>>
>>> Is 10 a good default?
>> I'm assuming this is per IP?
> 
> No. I'm not sure if it should. Perhaps. It's mostly intended to prevent
> unintentional abuse by stupid clients, so having 3+ thunderbirds open in
> different locations with each having 5 connections should probably be
> allowed.

Ok - you said 10 was the default - but then said that 15 (3 TBirds x 5) 
connections should be allowed, which is more than 10... so... you just 
meant that one could accommodate that by upping this limit to 15?

>> In Courier, there were two settings:
>>
>> MAXDAEMONS = 40
>> (total number of IMAP connections the server would accept)

> Dovecot has max_mail_processes defaulting to 1024.

Ahhh... ok - but is that configurable? For smaller shops, I'd definitely 
want to be able to set it to a much lower value (one of my courier 
clients that I'm still trying to convince to upgrade to dovecot - I have 
more than a few of those it seems, including my primary client that I'm 
writing this from - I have MAXDAEMONS set to 75).

>> I think it would be a good thing to have both, *and* to allow for 
>> setting the MAXPERIP on both a per user and global basis (if a per user 
>> value is not provided it uses the global default).
>>
>> Later, adding the ability to set them both on a per domain basis, and 
>> the MAXPERIP on a per domain/user basis would be even better...

> All of these seem to be for handling intentional abuse. v2.0 maybe.

Definitely for handling abuse, but sometimes said abuse could be 
unintentional... ;)

This definitely falls into the 'it would be nice' category, so v2.0+ 
target is fine by me...

-- 

Best regards,

Charles


More information about the dovecot mailing list