[Dovecot] imap process limits problem

Robin dovecot at r.paypc.com
Sat Dec 31 04:21:41 EET 2011

On 12/30/2011 10:53 AM, Calvin Cochran wrote:
> I am having a problem with the number of current processes that I cannot
> seem to diagnose adequately, and is a possible bug.  This will be a bit
> long, but usually more info is better.
> [....]
> verbose_proctitle, at this moment there are 99 connections from the IP in
> question, all of which show in ps output as:
> dovecot/imap-login [1 connections (1 TLS)]
> My understanding is that means they have successfully authenticated, and
> that there should be line with
> dovecot/imap [username ip TLS]
> in ps output, but there isn't, so I am taking that to mean the client
> closed the imap session.

This sounds like yet another round of buggy clients that just abruptly 
dump connections instead of closing them down properly, or some 
intervening firewalling configuration that's preventing the proper 
signoff and TCP FIN handshakes from completing.

The 2 hours+ sounds like these sockets (and the processes that used 
them) might be stuck in FIN_WAIT1, which isn't affected by the timeout 
specified in /proc/sys/net/ipv4/tcp_fin_timeout

Use netstat -a these connections to see their disposition

You can try some of the following:

1) Lower tcp_keepalive intervals and reduce the # of probes before a 
"kill" - does Dovecot make use of SO_KEEPALIVE, or can it be configured 
to do so?

2) Lower application idle timeout settings.  (Is there a mandated 
"check-in" interval defined for IMAP clients?)


More information about the dovecot mailing list