Rodrigo -
Thanks for the suggestion I have implemented the change as suggested and
still no change:
added this to /etc/rc.d/rc.local
----------------------------------------------------------------------------
---------------------
# tweak for heavy load management ROL 2006 from coba-e (at mark) bluequartz.org
echo 100000 > /proc/sys/kernel/threads-max
sysctl -w net.ipv4.tcp_max_syn_backlog=2048
ulimit -n 64000
----------------------------------------------------------------------------
---------------------
I have xinetd set to 600 see below:
----------------------------------------------------------------------------
---------------------
[root (at mark) marmailbq01 ~]# cat /etc/xinetd.conf # # Simple configuration
file for xinetd # # Some defaults, and include /etc/xinetd.d/
defaults
{
instances = 600
log_type = SYSLOG authpriv
log_on_success = HOST PID
log_on_failure = HOST
cps = 25 30
}
includedir /etc/xinetd.d
----------------------------------------------------------------------------
---------------------
There are 700 users total on the server. I would consider it heavy load but
I have to say that this never happened under qpopper on the old Cobalts.
I still get at random times the excessive dovecot auth issues. The only way
to relieve the trouble is by following the steps Marcelo outlined and issue:
service dovecot stop
service xinetd stop
I then run a "top" and watch the process go back down. There are anywhere
from 180 to 600 dovecot-auth when the service stops allowing people to check
mail and Squirrelmail then starts in with the IMAP timeouts (I followed
squirrelmail doc for the set php.ini to 600 for timeout issues) to help but
once the dovecot auth gets up there that does not matter..
Once the services return to normal (see below)
[root@marmailbq01 ~]# ps -aux | grep dovecot
Warning: bad syntax, perhaps a bogus '-'? See
/usr/share/doc/procps-3.2.3/FAQ
root 10617 0.1 0.0 3692 500 ? Ss 12:18 0:12
/usr/sbin/dovecot
root 10621 0.0 0.3 5456 1640 ? S 12:18 0:08 dovecot-auth
dovecot 18064 0.0 0.2 4932 1240 ? S 15:05 0:00 imap-login
dovecot 18116 0.0 0.2 4680 1236 ? S 15:05 0:00 imap-login
dovecot 18570 0.0 0.2 3932 1236 ? S 15:07 0:00 imap-login
dovecot 18626 0.0 0.2 5032 1228 ? S 15:07 0:00 pop3-login
dovecot 18628 0.0 0.2 3832 1228 ? S 15:07 0:00 pop3-login
dovecot 18635 0.0 0.2 4584 1228 ? S 15:07 0:00 pop3-login
dovecot 18636 0.0 0.2 5000 1228 ? S 15:07 0:00 pop3-login
root 18638 0.0 0.1 5352 656 pts/0 R+ 15:07 0:00 grep dovecot
[root@marmailbq01 ~]#
Once the ps -aux outout looks like above I issue:
service dovecot restart
service xinetd restart
Marcelo has posted a script that he uses to control the dovecot process:
----------------------------------------------------------------------------
---------------------
Script to control the dovecot processes
// The comments are in spanish if someone have some doubt, tell me.
#!/bin/bash
# Parametros (cantidad de dovecot en ejecucion,minino de dovecot para volver
a arrancar el servicio)
# comprovar.sh 25 4
while (sleep 3)
do
if test `ps -ef | grep dovecot | wc | tr -s ' ' | cut -d ' ' -f2`
-gt $1
then
echo "Dovecot se esta ejecutando `ps -ef | grep dovecot | wc
| tr -s ' ' | cut -d ' ' -f2` veces";
#b nos dira si el servicio esta arrancado.
if test `service dovecot status | grep running | wc | tr -s
' ' | cut -d ' ' -f2` -eq 1
then
service dovecot stop
`php mail.php`
#paramos servicio i ponemos b = false
fi
fi
if test `ps -ef | grep dovecot | wc | tr -s ' ' | cut -d ' ' -f2`
-lt $2
then
echo "Todo bien, servicio arrancado.";
if test `service dovecot status | grep stopped | wc | tr -s
' ' | cut -d ' ' -f2` -eq 1
then
service dovecot start
`php mailok.php`
#Arrancamos el servicio i ponemos b =true
fi
fi
done
----------------------------------------------------------------------------
---------------------
I am getting the comments translated as my Spanish is not that great but I
did post the below questions about the script
Marcelo -
I see in the script that you are referencing php mailok.php and php
mail.php. What are these and how do I get them? I have a defaul BQ load and
have not done anyting with my dovecot config. Do I need to make changes to
dovecot config? Is so then what?
Also I would like to ask the group again if any ISP's out there or BQ admins
with high user count how they are configured to prevent this auth process
issue that causes dovecot to hang. I need to get this figured out. I am
assuming that when this script runs it will prevent people from logging in
but get the process back within levels again?
----------------------------------------------------------------------------
---------------------
I have also made the below changes to the dovecot.conf file to attempt to
resolve this issue:
# Should each login be processed in it's own process (yes), or should one
# login process be allowed to process multiple Connections (no)? Yes is more
secure, espcially # with SSL/TLS enabled.
# No is faster since there's no need # to create processes all the time.
login_process_per_connection = yes
# Maximum number of connections allowed in login state. When this limit is
reached, the oldest # connections are dropped. If
login_process_per_connection # is no, this is a per-process value, # so the
absolute maximum number of users # logging in actually login_processes_count
* # max_logging_users.
login_max_logging_users = 256
# Should all IMAP and POP3 processes be killed when Dovecot master process #
shuts down. Setting # this to "no" means that Dovecot can be upgraded
without # forcing existing client connections # to close (although that
could also be # a problem if the upgrade is eg. because of a security #
fix). This however # means that after master process has died, the client
processes can't write # to log files anymore.
shutdown_clients = yes
----------------------------------------------------------------------------
---------------------
Where I am left is that I still have no solution. I am running the NuOnce
Networks implementation of BlueQuartz with CentOs
[root@marmailbq01 ~]# rpm -q base-bluequartz-capstone
base-bluequartz-capstone-5100R-1.20060918BQ74.centos4
I have the below version of dovecot installed:
[root@marmailbq01 ~]# rpm -q dovecot
dovecot-1.0-0.beta8.2.BQ
Please let me know if there are any other ideas for fixing this. I really
like Blue Quartz but this dovecot issue is killing me and making for some
very irate users. I really need a dovecot expert or someone to tell me what
config changes I need to make to allow this to work properly. I am sure that
there are other ISP out there that have similar issues???
Thanks
-=-
Christian
________________________________
From: Rodrigo Ordonez Licona [mailto:rodrigo (at mark) xnet.com.mx]
Sent: Tuesday, October 24, 2006 10:01 PM
To: coba-e (at mark) bluequartz.org
Subject: [coba-e:07710] Re: HELP - excessive dovecot-auth
We made this changes since qpopper problem and have 700 email accounts on a
Centos bq fully yummed,
We havent seen the dovecot auth issue, however we had to restart dovecot
once but seems to be to spam related (a whole other story spamd with users
over quota).
We added this to /etc/rc.d/rc.local
# tweak for heavy load management ROL 2006 from coba-e (at mark) bluequartz.org
echo 100000 > /proc/sys/kernel/threads-max
sysctl -w net.ipv4.tcp_max_syn_backlog=2048
ulimit -n 64000
Good Luck
Rodrigo O
Xnet
________________________________
From: Michael Aronoff [mailto:ma (at mark) ciic.com]
Sent: Martes, 24 de Octubre de 2006 06:24 p.m.
To: coba-e (at mark) bluequartz.org
Subject: [coba-e:07709] Re: HELP - excessive dovecot-auth
I have been lurking on this issue for a while and I have a small comment.
Has anyone with this problem looked at open file handles? When I had this
issue with Qpopper on my Raq 550 changing the files-max on boot helped solve
it. It appears that the Cent-OS uses a newer Kernel and even though the
system wide number for max files is high, there is a per user limit of 1024
set. There was some discussion of this in
http://bluequartz.org/ml/archive/coba-e/4900/4914.html and Michael Stauber
said he would let the list know if it helped but I could not find any later
post with info about if it worked. Anyway you may what to revisit this
aspect as well.
If it works please update us back so others can do the same things.
Thanks,
M Aronoff out