First, why use SASL auth? It needs a database. Have you considered more scalable alternatives such as TLS client certificates? Postfix can use certificate fingerprints instead of PKI. Second, if you must use SASL auth: What is the authentication backend database query latency? Have you looked at their logging? Even if the latency is an unrealistic 10ms then you cannot expect to handle thousands of SASL logins per second.
Thanks for the suggestions, I will look into these when I am back in 2 weeks.
If a submission process limit of 100 still results in auth server timeouts, then Postfix is definitely overwhelming the Dovecot auth server. Have you looked at their logging? What about the number of Dovecot auth workers? The configured 60 means the auth server can have only 60 database requests in flight at any point in time. This may not be sufficient to handle the onslaught.
I am currently adjusting this setting incrementally, I am not a fan of a big bang approach. As for dovecot logging, it seems to be oblivious to any process/service problems.
As you say, it could simply be ubuntu sending them to /dev/null, will check this as well, once I am back.
Thanks, Stuart _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org