It's not behind a proxy (unless the router is acting as a proxy?). Could it be that my router is doing some Hairpin NAT tomfoolery? The router is generic, so I run into that from time to time with my webserver.

I tried doveadm who, but didn't see anything too peculiar. There is the expect half dozen or so users on common IPs.

On 27.02.20 21:49, Aki Tuomi wrote:

Is your server behind proxy maybe? Can you see in logs that you get different IPs? 

Maybe check with doveadm who how many connections you have?

Aki

...

On 27/02/2020 22:44 Esteban L < esteban@little-beak.com <mailto:esteban@little-beak.com>> wrote:

I have tried a lot of different things, still no success. =(

here is my dove -n if anyone could help that would be great:

2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf

Pigeonhole version 0.4.16 (fed8554)

OS: Linux 4.9.0-12-amd64 x86_64 Debian 9.12

auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = yes mail_home = /var/mail/vmail/%d/%n mail_location = maildir:~/Mail mail_max_userip_connections = 500 mail_plugins = " quota" mail_privileged_group = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace inbox { inbox = yes location = mailbox Archive { auto = subscribe special_use = \Archive } mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { quota = maildir:User quota quota_grace = 10%% quota_rule = *:storage=10G quota_rule2 = Trash:storage=+1G quota_status_overquota = 552 5.2.2 Mailbox is full quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = ~/.dovecot.sieve sieve_after = /etc/dovecot/sieve/spamfilter.sieve sieve_dir = ~/sieve } protocols = " imap lmtp sieve" service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } service imap-login { inet_listener imaps { port = 993 ssl = yes } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl = required ssl_cert = </etc/letsencrypt/live/little-beak.com/fullchain.pem ssl_key =  # hidden, use -P to show it userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } protocol lmtp { mail_plugins = " quota sieve" postmaster_address = *****@little-beak.com <mailto:*****@little-beak.com> } protocol lda { mail_plugins = " quota sieve" } protocol imap { mail_max_userip_connections = 500 mail_plugins = " quota imap_quota" } protocol sieve { mail_max_userip_connections = 500 }

On 27.02.20 18:54, Esteban L wrote:

...

I have been haunted by the following error message or months, that we see using Thunderbird. Unable to connect to your IMAP server. You may have exceeded the maximum number of connections to this server. If so, use the Advanced IMAP Server Settings dialogue to reduce the number of cached connections. If I change my location, via a VPN, the error message goes away and I can connect. I have edited my /etc/dovcot/conf.d/20-imap.conf file by adding the following:

protocol imap { # Space separated list of plugins to load (default is global mail_plugins). mail_plugins = $mail_plugins imap_quota # Maximum number of IMAP connections allowed for a user from each IP address. # NOTE: The username is compared case-sensitively. mail_max_userip_connections = 500 }

And, I still get the error message. I know myself, I have about 8-9 accounts, some with as many as 10 folders (I know each one count's as it's own mailbox), as does my partner--who would access the internet from my IP. Does that number really have to be like 10,000, or something? If so, why does it start out so small in the first place. If not, what else could I do to avoid this message going forward??

---

Aki Tuomi

Ok. That is a nice command.

I am able to see connections. It doesn't seem remotely close to 500, though.

If I understand things correctly, dovecot makes connections PER folder, and keeps making more connections via IDLE (I am not entirely sure how idle works, other than it keeps sockets open)?

For example, in my case, I have about a dozen users, which combined equals around 80 folders.

If I am on an IP it is fine.

My partner, also has about a dozen different users, which combined, also has about 70-80 folders. 

If we are on the same IP, we can no longer connect.

1. Is this general understanding ok?

2. Am I supposed to set the limit like at 10,000? I mean, I am not running anything other than a little private email server for some family and friends. As soon as my partner and I are on the same IP, it just ceases.

I see how if I check the doveadm who, periodically, I will have 2 propagations, and can imagine if my partner is there--yeah it's probably breaking 500.

On 28.02.20 08:05, Aki Tuomi wrote:

You can usually see from doveadm who or logs if your router/whatever is doing NAT.

Which would be the reason why 500 connections wouldn't be enough.

Aki

...

On 27/02/2020 23:21 Esteban L <esteban@little-beak.com> wrote:

It's not behind a proxy (unless the router is acting as a proxy?). Could it be that my router is doing some Hairpin NAT tomfoolery? The router is generic, so I run into that from time to time with my webserver.

I tried doveadm who, but didn't see anything too peculiar. There is the expect half dozen or so users on common IPs.

On 27.02.20 21:49, Aki Tuomi wrote:

...

Is your server behind proxy maybe? Can you see in logs that you get different IPs?

Maybe check with doveadm who how many connections you have?

Aki

...

On 27/02/2020 22:44 Esteban L < esteban@little-beak.com> wrote:

I have tried a lot of different things, still no success. =(

here is my dove -n if anyone could help that would be great:

2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf

Pigeonhole version 0.4.16 (fed8554)

OS: Linux 4.9.0-12-amd64 x86_64 Debian 9.12

auth_debug = yes

auth_debug_passwords = yes

auth_mechanisms = plain login

auth_verbose = yes

auth_verbose_passwords = yes

mail_home = /var/mail/vmail/%d/%n

mail_location = maildir:~/Mail

mail_max_userip_connections = 500

mail_plugins = " quota"

mail_privileged_group = vmail

managesieve_notify_capability = mailto

managesieve_sieve_capability = fileinto reject envelope

encoded-character vacation subaddress comparator-i;ascii-numeric

relational regex imap4flags copy include variables body enotify

environment mailbox date index ihave duplicate mime foreverypart extracttext

namespace inbox {

inbox = yes

location =

mailbox Archive {

auto = subscribe

special_use = \Archive

}

mailbox Drafts {

auto = subscribe

special_use = \Drafts

}

mailbox Junk {

auto = subscribe

special_use = \Junk

}

mailbox Sent {

auto = subscribe

special_use = \Sent

}

mailbox "Sent Messages" {

special_use = \Sent

}

mailbox Trash {

auto = subscribe

special_use = \Trash

}

prefix =

}

passdb {

args = /etc/dovecot/dovecot-sql.conf.ext

driver = sql

}

plugin {

quota = maildir:User quota

quota_grace = 10%%

quota_rule = *:storage=10G

quota_rule2 = Trash:storage=+1G

quota_status_overquota = 552 5.2.2 Mailbox is full

quota_warning = storage=95%% quota-warning 95 %u

quota_warning2 = storage=80%% quota-warning 80 %u

sieve = ~/.dovecot.sieve

sieve_after = /etc/dovecot/sieve/spamfilter.sieve

sieve_dir = ~/sieve

}

protocols = " imap lmtp sieve"

service auth {

unix_listener /var/spool/postfix/private/auth {

group = postfix

mode = 0666

user = postfix

}

}

service imap-login {

inet_listener imaps {

port = 993

ssl = yes

}

}

service lmtp {

unix_listener /var/spool/postfix/private/dovecot-lmtp {

group = postfix

mode = 0600

user = postfix

}

}

ssl = required

ssl_cert = </etc/letsencrypt/live/little-beak.com/fullchain.pem

ssl_key = # hidden, use -P to show it

userdb {

args = /etc/dovecot/dovecot-sql.conf.ext

driver = sql

}

protocol lmtp {

mail_plugins = " quota sieve"

postmaster_address = *****@little-beak.com

}

protocol lda {

mail_plugins = " quota sieve"

}

protocol imap {

mail_max_userip_connections = 500

mail_plugins = " quota imap_quota"

}

protocol sieve {

mail_max_userip_connections = 500

}

On 27.02.20 18:54, Esteban L wrote:

...

I have been haunted by the following error message or months, that we

see using Thunderbird.

...

Unable to connect to your IMAP server.

...

You may have exceeded the maximum number of connections to this server.

If so, use the Advanced IMAP Server Settings dialogue to reduce the

number of cached connections.

...

If I change my location, via a VPN, the error message goes away and I

can connect.

...

I have edited my /etc/dovcot/conf.d/20-imap.conf file by adding the

following:

...

protocol imap {

Space separated list of plugins to load (default is global

mail_plugins).

mail_plugins = $mail_plugins imap_quota

...

Maximum number of IMAP connections allowed for a user from each IP

address.

NOTE: The username is compared case-sensitively.

mail_max_userip_connections = 500

}

...

And, I still get the error message. I know myself, I have about 8-9

accounts, some with as many as 10 folders (I know each one count's as

it's own mailbox), as does my partner--who would access the internet

from my IP.

...

Does that number really have to be like 10,000, or something? If so, why

does it start out so small in the first place. If not, what else could I

do to avoid this message going forward??

---

Aki Tuomi

-- https://www.little-beak.com "Doing what we can."

Interesting, the line:

imap_client_workarounds = "delay-newmail"

I do not have. What does it do? The problem does seem to manifest itself with initial logins.

On 28.02.20 17:28, Remo Mattei wrote:

Here is mine and I have no issue if they client is netted.

Remo

protocol imap { imap_client_workarounds = "delay-newmail" mail_plugins = $mail_plugins imap_quota mail_max_userip_connections = 50 }

...

On Feb 28, 2020, at 8:21 AM, Esteban L <esteban@little-beak.com> wrote:

Ok. That is a nice command.

I am able to see connections. It doesn't seem remotely close to 500, though.

If I understand things correctly, dovecot makes connections PER folder, and keeps making more connections via IDLE (I am not entirely sure how idle works, other than it keeps sockets open)?

For example, in my case, I have about a dozen users, which combined equals around 80 folders.

If I am on an IP it is fine.

My partner, also has about a dozen different users, which combined, also has about 70-80 folders.

If we are on the same IP, we can no longer connect.

1. Is this general understanding ok?

2. Am I supposed to set the limit like at 10,000? I mean, I am not running anything other than a little private email server for some family and friends. As soon as my partner and I are on the same IP, it just ceases.

I see how if I check the doveadm who, periodically, I will have 2 propagations, and can imagine if my partner is there--yeah it's probably breaking 500.

On 28.02.20 08:05, Aki Tuomi wrote:

...

You can usually see from doveadm who or logs if your router/whatever is doing NAT.

Which would be the reason why 500 connections wouldn't be enough.

Aki

...

On 27/02/2020 23:21 Esteban L <esteban@little-beak.com> wrote:

It's not behind a proxy (unless the router is acting as a proxy?). Could it be that my router is doing some Hairpin NAT tomfoolery? The router is generic, so I run into that from time to time with my webserver.

I tried doveadm who, but didn't see anything too peculiar. There is the expect half dozen or so users on common IPs.

On 27.02.20 21:49, Aki Tuomi wrote:

...

Is your server behind proxy maybe? Can you see in logs that you get different IPs?

Maybe check with doveadm who how many connections you have?

Aki

...

On 27/02/2020 22:44 Esteban L < esteban@little-beak.com> wrote:

I have tried a lot of different things, still no success. =(

here is my dove -n if anyone could help that would be great:

2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf

Pigeonhole version 0.4.16 (fed8554)

OS: Linux 4.9.0-12-amd64 x86_64 Debian 9.12

auth_debug = yes

auth_debug_passwords = yes

auth_mechanisms = plain login

auth_verbose = yes

auth_verbose_passwords = yes

mail_home = /var/mail/vmail/%d/%n

mail_location = maildir:~/Mail

mail_max_userip_connections = 500

mail_plugins = " quota"

mail_privileged_group = vmail

managesieve_notify_capability = mailto

managesieve_sieve_capability = fileinto reject envelope

encoded-character vacation subaddress comparator-i;ascii-numeric

relational regex imap4flags copy include variables body enotify

environment mailbox date index ihave duplicate mime foreverypart extracttext

namespace inbox {

inbox = yes

location =

mailbox Archive {

auto = subscribe

special_use = \Archive

}

mailbox Drafts {

auto = subscribe

special_use = \Drafts

}

mailbox Junk {

auto = subscribe

special_use = \Junk

}

mailbox Sent {

auto = subscribe

special_use = \Sent

}

mailbox "Sent Messages" {

special_use = \Sent

}

mailbox Trash {

auto = subscribe

special_use = \Trash

}

prefix =

}

passdb {

args = /etc/dovecot/dovecot-sql.conf.ext

driver = sql

}

plugin {

quota = maildir:User quota

quota_grace = 10%%

quota_rule = *:storage=10G

quota_rule2 = Trash:storage=+1G

quota_status_overquota = 552 5.2.2 Mailbox is full

quota_warning = storage=95%% quota-warning 95 %u

quota_warning2 = storage=80%% quota-warning 80 %u

sieve = ~/.dovecot.sieve

sieve_after = /etc/dovecot/sieve/spamfilter.sieve

sieve_dir = ~/sieve

}

protocols = " imap lmtp sieve"

service auth {

unix_listener /var/spool/postfix/private/auth {

group = postfix

mode = 0666

user = postfix

}

}

service imap-login {

inet_listener imaps {

port = 993

ssl = yes

}

}

service lmtp {

unix_listener /var/spool/postfix/private/dovecot-lmtp {

group = postfix

mode = 0600

user = postfix

}

}

ssl = required

ssl_cert = </etc/letsencrypt/live/little-beak.com/fullchain.pem

ssl_key = # hidden, use -P to show it

userdb {

args = /etc/dovecot/dovecot-sql.conf.ext

driver = sql

}

protocol lmtp {

mail_plugins = " quota sieve"

postmaster_address = *****@little-beak.com

}

protocol lda {

mail_plugins = " quota sieve"

}

protocol imap {

mail_max_userip_connections = 500

mail_plugins = " quota imap_quota"

}

protocol sieve {

mail_max_userip_connections = 500

}

On 27.02.20 18:54, Esteban L wrote:

> I have been haunted by the following error message or months, that we > > see using Thunderbird. > Unable to connect to your IMAP server. > You may have exceeded the maximum number of connections to this server. > > If so, use the Advanced IMAP Server Settings dialogue to reduce the > > number of cached connections. > If I change my location, via a VPN, the error message goes away and I > > can connect. > I have edited my /etc/dovcot/conf.d/20-imap.conf file by adding the > > following:

> protocol imap { > > # Space separated list of plugins to load (default is global > > mail_plugins). > > mail_plugins = $mail_plugins imap_quota > # Maximum number of IMAP connections allowed for a user from each IP > > address. > > # NOTE: The username is compared case-sensitively. > > mail_max_userip_connections = 500 > > }

> And, I still get the error message. I know myself, I have about 8-9 > > accounts, some with as many as 10 folders (I know each one count's as > > it's own mailbox), as does my partner--who would access the internet > > from my IP. > Does that number really have to be like 10,000, or something? If so, why > > does it start out so small in the first place. If not, what else could I > > do to avoid this message going forward??

---

Aki Tuomi

-- https://www.little-beak.com "Doing what we can."

Naturally, everything works fine if I use a VPN/translocation.

On 27.02.20 21:49, Aki Tuomi wrote:

Is your server behind proxy maybe? Can you see in logs that you get different IPs? 

Maybe check with doveadm who how many connections you have?

Aki

...

On 27/02/2020 22:44 Esteban L < esteban@little-beak.com <mailto:esteban@little-beak.com>> wrote:

I have tried a lot of different things, still no success. =(

here is my dove -n if anyone could help that would be great:

2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf

Pigeonhole version 0.4.16 (fed8554)

OS: Linux 4.9.0-12-amd64 x86_64 Debian 9.12

auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = yes mail_home = /var/mail/vmail/%d/%n mail_location = maildir:~/Mail mail_max_userip_connections = 500 mail_plugins = " quota" mail_privileged_group = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace inbox { inbox = yes location = mailbox Archive { auto = subscribe special_use = \Archive } mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { quota = maildir:User quota quota_grace = 10%% quota_rule = *:storage=10G quota_rule2 = Trash:storage=+1G quota_status_overquota = 552 5.2.2 Mailbox is full quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u sieve = ~/.dovecot.sieve sieve_after = /etc/dovecot/sieve/spamfilter.sieve sieve_dir = ~/sieve } protocols = " imap lmtp sieve" service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } service imap-login { inet_listener imaps { port = 993 ssl = yes } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl = required ssl_cert = </etc/letsencrypt/live/little-beak.com/fullchain.pem ssl_key =  # hidden, use -P to show it userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } protocol lmtp { mail_plugins = " quota sieve" postmaster_address = *****@little-beak.com <mailto:*****@little-beak.com> } protocol lda { mail_plugins = " quota sieve" } protocol imap { mail_max_userip_connections = 500 mail_plugins = " quota imap_quota" } protocol sieve { mail_max_userip_connections = 500 }

On 27.02.20 18:54, Esteban L wrote:

...

I have been haunted by the following error message or months, that we see using Thunderbird. Unable to connect to your IMAP server. You may have exceeded the maximum number of connections to this server. If so, use the Advanced IMAP Server Settings dialogue to reduce the number of cached connections. If I change my location, via a VPN, the error message goes away and I can connect. I have edited my /etc/dovcot/conf.d/20-imap.conf file by adding the following:

protocol imap { # Space separated list of plugins to load (default is global mail_plugins). mail_plugins = $mail_plugins imap_quota # Maximum number of IMAP connections allowed for a user from each IP address. # NOTE: The username is compared case-sensitively. mail_max_userip_connections = 500 }

And, I still get the error message. I know myself, I have about 8-9 accounts, some with as many as 10 folders (I know each one count's as it's own mailbox), as does my partner--who would access the internet from my IP. Does that number really have to be like 10,000, or something? If so, why does it start out so small in the first place. If not, what else could I do to avoid this message going forward??

---

Aki Tuomi