[Dovecot] imap process limits problem
dovecot at r.paypc.com
Sat Dec 31 04:21:41 EET 2011
On 12/30/2011 10:53 AM, Calvin Cochran wrote:
> I am having a problem with the number of current processes that I cannot
> seem to diagnose adequately, and is a possible bug. This will be a bit
> long, but usually more info is better.
> verbose_proctitle, at this moment there are 99 connections from the IP in
> question, all of which show in ps output as:
> dovecot/imap-login [1 connections (1 TLS)]
> My understanding is that means they have successfully authenticated, and
> that there should be line with
> dovecot/imap [username ip TLS]
> in ps output, but there isn't, so I am taking that to mean the client
> closed the imap session.
This sounds like yet another round of buggy clients that just abruptly
dump connections instead of closing them down properly, or some
intervening firewalling configuration that's preventing the proper
signoff and TCP FIN handshakes from completing.
The 2 hours+ sounds like these sockets (and the processes that used
them) might be stuck in FIN_WAIT1, which isn't affected by the timeout
specified in /proc/sys/net/ipv4/tcp_fin_timeout
Use netstat -a these connections to see their disposition
You can try some of the following:
1) Lower tcp_keepalive intervals and reduce the # of probes before a
"kill" - does Dovecot make use of SO_KEEPALIVE, or can it be configured
to do so?
2) Lower application idle timeout settings. (Is there a mandated
"check-in" interval defined for IMAP clients?)
More information about the dovecot