How can we help?




Follow

Dovecot Performance Optimisation

Stewart -

PROBLEM

I want to optimise dovecot specifically to my system and user base.

ENVIRONMENT

  • atmail mail server

CAUSE
Default dovecot configuration does not utilise my system to its full potential

RESOLUTION

Note: Setting the variable service_count = 0, can raise security concerns as this allows long running processors to handle multiple connections and authentications. This loses much of the security benefits of the login process design, because in the case of a security hole (in Dovecot or SSL library) the attacker is now able to see other users logging in and steal their passwords, read their mails, etc. Please see here for further information.

Optimisation of dovecot specific to your system will require you to first gather the following information. Your desired amount of user and type(SSL/TLS) of connections will effect the starting point for these variables. This document will use the IMAP protocol as a reference, but the same settings will apply to POP3 configurations. The following findings are based on a system with 100 users, but the same principals will apply when tuning larger systems.

  • Number of CPU cores available. This will be the integer set for the process_min_avail variable.
    [root@7801 ~]# nproc
    1
  • Number of users
    MariaDB [mailserver]> select count(username) from users;
    +-----------------+
    | count(username) |
    +-----------------+
    | 100 |
    +-----------------+
    1 row in set (0.03 sec)

This document has been generated from testing with dovecot 2 and will optimise the following sections of your dovecot.conf:

  • General Configuration
  • Login Process
  • Sessions

Your configuration can be found at:

/etc/dovecot/dovecot.conf

To make permeant changes, edit the ansible configuration file at:

/var/lib/atmail/mailserver/roles/ss1ip/templates/dovecot/dovecot.conf.j2

If you are unsure what version of dovecot your system has:

[root@localhost ~]# dovecot --version
2.2.19

If you are unsure what configuration dovecot is currently using:

[root@localhost dovecot]# doveconf | head -n 1
# 2.2.19: /etc/dovecot/dovecot.conf

PRESUMPTIONS

  • 100 users
  • Multiple devices
  • atmail is the only service running
  • SSL/TLS connections
    The service_count X process_limit variables = 250 SSL connections. This will account for each user to connect on two devices and allow the system 50 spare SSL/TLS logins.

Login Process

The following can be placed in the service imap-login or service pop3-login section of your dovecot.conf. For clarity and reference, i have appended ## to the performance optimised variables. 

service imap-login {

service_count = 5 ## Number of client connections to handle until the process kills itself. 0 = unlimited
process_limit = 50 ## Proc limit for imap-login service. SSL/TLS processes remain persistent for session.
process_min_avail = 1 ## Number of CPU cores
service pop3-login {

service_count = 5 ## Number of client connections to handle until the process kills itself. 0 = unlimited
process_limit = 50 ## Proc limit for pop3-login service. SSL/TLS processes remain persistent for session.
process_min_avail = 1 ## Number of CPU cores

Sessions

The following can be placed in the service imap or service pop3 section of your dovecot.conf. For clarity and reference, i have appended ## to the performance optimized variables. 

service imap {
process_limit = 50 ## Proc limit for imap service.
}

...truncated configuration...

service pop3 {
process_limit = 50 ## Proc limit for pop3 service.
}

...truncated configuration...

service anvil {
client_limit = 300 ## Advised by MAX.load in dovecot logs while issuing doveadm reload
}

The client_limit variables in service auth and service anvil are set as referenced by MAX.load in the dovecot logs. While testing your configuration, you can quickly have dovecot re-read its configuration by issuing the following command:

doveadm reload

Summary

This document recommends using the above settings with appropriate ratios to apply them to your current system. These are only starting points that may require further tuning as your user base grows and the the system demands it.

Have more questions? Submit a request

Comments


Contact our support team


+61 (7) 5357 6605       support@atmail.com