Am 07.04.2013 12:36, schrieb David Benfell: > On 04/07/2013 03:15 AM, Reindl Harald wrote: >> Am 06.04.2013 10:09, schrieb David Benfell: >>> So I changed it again: >>> >>> default_process_limit = 128 default_client_limit = 512 >>> >>> And now it seems to be fine. But I'm mystified because what you >>> say is the case on your system, that is, that the process limit >>> needs to be greater than the client limit, is what I would >>> expect: wouldn't each client require at least one process? > >> no, 512x128 = 65536 connections each process can serve >> default_client_limit clients > > Thanks a million! I had no idea that was how it worked. I would think > that 65536 would be enough. ;-)
http://wiki2.dovecot.org/LoginProcess High-performance mode: It works by using a number of long running login processes, each handling a number of connections. This loses much of the security benefits of the login process design, because in case of a security hole (in Dovecot or SSL library) the attacker is now able to see other users logging in and steal their passwords, read their mails, etc. Default client_limit * process_limit = 1000*100 = 100k connections vsz_limit should be increased to avoid out of memory errors, especially if you're using SSL/TLS.
signature.asc
Description: OpenPGP digital signature
