Optimize dovecot service limits

Attempt to follow recommendations in https://doc.dovecot.org/2.3/configuration_manual/service_configuration/#service-limits we set a fixed number of -login processes, and set client_limit=1 on all disk-bound processes.

Optimize dovecot service limits
bfa2e8ed · ale · 14881e5d · bfa2e8ed · bfa2e8ed
Commit bfa2e8ed authored 8 months ago by ale
--- a/roles/mail/templates/dovecot-backend/conf.d/10-master.conf
+++ b/roles/mail/templates/dovecot-backend/conf.d/10-master.conf
@@ -23,15 +23,10 @@ service imap-login {
    #ssl = yes
  }

-  # Number of connections to handle before starting a new process. Typically
-  # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
-  # is faster. <doc/wiki/LoginProcess.txt>
  service_count = 0
-
-  # Number of processes to always keep waiting for more connections.
-  process_min_avail = 4
-
-  # If you set service_count=0, you probably need to grow this.
+  client_limit = 65536
+  process_limit = 8
+  process_min_avail = 8
  vsz_limit = 1G
 }

@@ -43,6 +38,12 @@ service pop3-login {
    #port = 995
    #ssl = yes
  }
+
+  service_count = 0
+  client_limit = 65536
+  process_limit = 8
+  process_min_avail = 8
+  vsz_limit = 1G
 }

 service managesieve-login {
@@ -54,16 +55,11 @@ service managesieve-login {
  #  port = 2000
  #}

-  # Number of connections to handle before starting a new process. Typically
-  # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
-  # is faster. <doc/wiki/LoginProcess.txt>
  service_count = 0
-
-  # Number of processes to always keep waiting for more connections.
+  client_limit = 65536
+  process_limit = 4
  process_min_avail = 2
-
-  # If you set service_count=0, you probably need to grow this.
-  vsz_limit = 128M
+  vsz_limit = 1G
 }

 service lmtp {
@@ -73,26 +69,21 @@ service lmtp {
    group = postfix
  }

-  # Create inet listener only if you can't use the above UNIX socket
-  #inet_listener lmtp {
-    # Avoid making LMTP visible for the entire internet
-    #address =
-    #port = 
-  #}
+  service_count = 0
+  client_limit = 1
+  process_limit = 1024
+  vsz_limit = 1G
 }

 service imap {
-  # Most of the memory goes to mmap()ing files. You may need to increase this
-  # limit if you have huge mailboxes.
-  vsz_limit = 2G
-
-  # Max. number of IMAP processes (connections)
-  # Default is 1024, increased because we occasionally reached the limit.
-  process_limit = 4096
-
  unix_listener imap-master {
    user = $default_internal_user
  }
+
+  service_count = 0
+  client_limit = 1
+  process_limit = 8192
+  vsz_limit = 2G
 }

 service imap-hibernate {
@@ -103,14 +94,17 @@ service imap-hibernate {
 }

 service pop3 {
-  # Max. number of POP3 processes (connections)
-  #process_limit = 1024
+  service_count = 0
+  client_limit = 1
+  process_limit = 8192
  vsz_limit = 2G
 }

 service managesieve {
  # Max. number of ManageSieve processes (connections)
-  #process_count = 1024
+  service_count = 0
+  client_limit = 1
+  process_limit = 8192
 }

 service auth {

--- a/roles/mail/templates/dovecot-frontend/conf.d/10-master.conf
+++ b/roles/mail/templates/dovecot-frontend/conf.d/10-master.conf
@@ -23,17 +23,11 @@ service imap-login {
    #ssl = yes
  }

-  # Number of connections to handle before starting a new process. Typically
-  # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
-  # is faster. <doc/wiki/LoginProcess.txt>
-  #service_count = 1
-
-  # Number of processes to always keep waiting for more connections.
-  #process_min_avail = 0
-  process_limit = 4096
-
-  # If you set service_count=0, you probably need to grow this.
-  #vsz_limit = $default_vsz_limit
+  service_count = 0
+  process_limit = 8
+  process_min_avail = 8
+  client_limit = 65536
+  vsz_limit = 4096M
 }

 service pop3-login {
@@ -44,23 +38,18 @@ service pop3-login {
    #port = 995
    #ssl = yes
  }
-  process_limit = 2048
+
+  service_count = 0
+  process_limit = 8
+  process_min_avail = 8
+  client_limit = 65536
+  vsz_limit = 4096M
 }

 service imap {
-  # Most of the memory goes to mmap()ing files. You may need to increase this
-  # limit if you have huge mailboxes.
-  #vsz_limit = $default_vsz_limit
-
-  # Max. number of IMAP processes (connections)
-  # Default is 1024, increased because we occasionally reached the limit.
-  process_limit = 2048
 }

 service pop3 {
-  # Max. number of POP3 processes (connections)
-  #process_limit = 1024
-  process_limit = 2048
 }

 service auth {