First, why use SASL auth? It needs a database. Have you considered
more scalable alternatives such as TLS client certificates?
Postfix can use certificate fingerprints instead of PKI.

Second, if you must use SASL auth:

What is the authentication backend database query latency? Have you
looked at their logging? Even if the latency is an unrealistic 10ms
then you cannot expect to handle thousands of SASL logins per second.

Thanks for the suggestions, I will look into these when I am back in 2 weeks.

If a submission process limit of 100 still results in auth server
timeouts, then Postfix is definitely overwhelming the Dovecot auth
server. Have you looked at their logging?

What about the number of Dovecot auth workers? The configured 60
means the auth server can have only 60 database requests in flight
at any point in time. This may not be sufficient to handle the
onslaught.

I am currently adjusting this setting incrementally, I am not a fan of a big bang approach. As for dovecot logging, it seems to be oblivious to any process/service problems.

As you say, it could simply be ubuntu sending them to /dev/null, will check this as well, once I am back.

Thanks,

Stuart

_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org

Reply via email to