Date:  Tue, 11 Mar 2008 22:17:56 +0000
From:  Dogsbody <dan (at mark) dogsbody.org>
Subject:  [coba-e:12247] Re: [testing] dovecot udpate
To:  coba-e (at mark) bluequartz.org
Message-Id:  <47D70514.7000402 (at mark) dogsbody.org>
In-Reply-To:  <BAY129-DAV123818537FFE857E7E51E9CA0F0 (at mark) phx.gbl>
References:  <327DE0A0-4C10-47A0-B6F7-71D79103911B (at mark) alpha.or.jp> <BAY129-DAV76CAC02DDE71D0BCF8FBECA0E0 (at mark) phx.gbl> <D0D0ED72-1F66-473E-A0EE-1D43EC435A28 (at mark) alpha.or.jp> <BAY129-DAV123818537FFE857E7E51E9CA0F0 (at mark) phx.gbl>
X-Mail-Count: 12247


>>> I have the following issues with this.
>>> #1 This will not fix to the db crashing problem
>>
>> I'm not sure this package fixes or not,
>> If you are right, what is the cause of db crashing issue?
>> And, will you send us your patch to fix it?
> 
> The problem is in the way dovecot starts new child processes.  they 
> double their amount until the limit set by this setting is reached..  
> which by default is unlimited.  When a dos attack and or a exchange 
> server opens multiple auth sessions the db program can't keep up.  The 
> solution is to limit the potential processess...  (The version update is 
> just good pratice)
> 
> @@ -159,7 +159,7 @@
> # we check only once in a second if new processes should be created - if 
> all
> # of them are used at the time, we double their amount until the limit 
> set by
> # this setting is reached.
> -#login_max_processes_count = 128
> +login_max_processes_count = 12

Just trying to understand, not criticizing anyone.

As I understand it the problem is not so much with dovecot but with the auth 
plugin?  So it's the auth plugin we should really be fixing?

You say the default is unlimited but above your changing it from 128 to 12?

Surely it's better to keep dovecot at 128 and change auth to return a fail if 
things start to get busy?

Just trying to understand.

Dan