pop3d proxy

Ken Murchison ken at oceana.com
Mon Mar 15 15:20:04 EST 2004 

Michael J Farina wrote:

> I am still chasing this pop3 problem. I have now tried PLAIN+TLS for proxy
> authentication. I see the same issue of pop3 proxy being slow. With more
> investigation I see that I can open alot of connections on the frontend
> server but they don't see to get passed to the backend. I have tried
> starting master with a -l 1024 and in my cyrus.conf I have preforked 50
> pop3d and maxchild=-1. Nothing seems to make the connection counts greater.
> Could I be hitting some max connection per IP limit that I can't see when I
> connect directly to the backend?

I still think this is network related.  Is it possible that DNS is slow? 
  Can you strace/truss the process to see what it is doing?  What 
happens if you use pop3test against the proxy, specifying the number of 
logins with the -n option.

> 
> 
> ----- Original Message ----- 
> From: "Michael J Farina" <mfarina at cvzoom.net>
> To: "Ken Murchison" <ken at oceana.com>
> Cc: <info-cyrus at lists.andrew.cmu.edu>
> Sent: Friday, March 12, 2004 1:13 PM
> Subject: Re: pop3d proxy
> 
> 
> 
>>It seems that the delay is in the connection. I have played with the
> 
> backlog
> 
>>queue, the max child, and prefork settings without being able to make it
> 
> any
> 
>>faster. I am logging in a doing a list command. The mailboxes are all
> 
> empty
> 
>>so I am not thinking that once the connection is authed it is slow. It is
>>just getting the frontend to open enough connections to the backend. I
> 
> can't
> 
>>seem to nail down what the problem is. If I connect the stress test to the
>>backend it is very fast less than a second a connection. If I can provide
>>anymore info let me know. I am looking to have over 150,000 boxes they are
>>all pop now but I want to offer IMAP.
>>
>>--Mike
>>
>>
>>----- Original Message ----- 
>>From: "Ken Murchison" <ken at oceana.com>
>>To: "Michael J Farina" <mfarina at cvzoom.net>
>>Cc: <info-cyrus at lists.andrew.cmu.edu>
>>Sent: Friday, March 12, 2004 9:54 AM
>>Subject: Re: pop3d proxy
>>
>>
>>
>>>Michael J Farina wrote:
>>>
>>>
>>>>Ken,
>>>>
>>>>    Is there a way to do PLAIN from the frontends to the backends? The
>>>>servers I am testing are on a isolated network no network traffic
> 
> other
> 
>>than
>>
>>>>the mail servers. Any help would be appreciated. sasl_maximum_layer:0
>>
>>didn't
>>
>>>>seem to change the pop3 proxy timing. The server are also dual 1.4s
> 
> with
> 
>>2
>>
>>>>gigs of ram if that helps at all.
>>>
>>>You can do PLAIN, but the frontends will also need to use TLS, since
>>>PLAIN won't be advertised by the backends unless a security layer is in
>>>place.
>>>
>>>Are you saying that there is a delay for every command, or for every
>>>login?  Is your stress test only doing one command per login?
>>>
>>>
>>>
>>>>----- Original Message ----- 
>>>>From: "Ken Murchison" <ken at oceana.com>
>>>>To: "Michael J Farina" <mfarina at cvzoom.net>
>>>>Cc: <info-cyrus at lists.andrew.cmu.edu>
>>>>Sent: Thursday, March 11, 2004 4:58 PM
>>>>Subject: Re: pop3d proxy
>>>>
>>>>
>>>>
>>>>
>>>>>Michael J Farina wrote:
>>>>>
>>>>>
>>>>>
>>>>>>I am setting up a cyrus imap murder for a large number of accounts.
> 
> In
> 
>>>>my
>>>>
>>>>
>>>>>>stress testing I have noticed that the pop3 proxy has quite a delay.
>>>>
>>>>When I
>>>>
>>>>
>>>>>>connect directly to a backend I can check mail at a very fast rate
>>
>>about
>>
>>>>.5
>>>>
>>>>
>>>>>>secs a mailbox. When I connect to the proxy the wait time increases a
>>>>
>>>>ton to
>>>>
>>>>
>>>>>>about 5 secs. I am thinking I must have a configuration problem. I
> 
> will
> 
>>>>>>include my imapd.conf and my cyrus.conf I am using cyrus 2.2.3.
>>>>>
>>>>>Once you authenticate and the mailbox is opened on the backend, the
>>>>>proxy just acts as a bitpipe between the client and backend, so there
>>>>>should be very little overhead.
>>>>>
>>>>>You *might* be seeing a slowdown because the frontend is
> 
> authenticating
> 
>>>>>to the backend using DIGEST-MD5 with a security layer or TLS+PLAIN.
> 
> In
> 
>>>>>either case you have encrypt/decrypt overhead.
>>>>>
>>>>>If using DIGEST-MD5, you could try setting sasl_maximum_layer:0 on the
>>>>>backend, which will prevent the security layer from being negotiated.
>>>>>
>>>>>Otherwise, the only other delay that I could think of would be network
>>>>>related.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>Frontend cyrus.conf
>>>>>>
>>>>>>START {
>>>>>> mboxlist      cmd="ctl_cyrusdb -r"
>>>>>>}
>>>>>>
>>>>>># UNIX sockets start with a slash and are put into /var/imap/sockets
>>>>>>SERVICES {
>>>>>> # mupdate database service - must prefork atleast 1
>>>>>> mupdate       cmd="/usr/cyrus/bin/mupdate -m" listen=3905 prefork=1
>>>>>>
>>>>>> # add or remove based on preferences
>>>>>> imap          cmd="proxyd" listen="imap" prefork=5
>>>>>> pop3          cmd="pop3proxyd" listen="pop3" prefork=5 maxchild=-1
>>>>>> sieve         cmd="timsieved" listen="sieve" prefork=0
>>>>>>
>>>>>> lmtp          cmd="lmtpproxyd" listen="/var/imap/socket/lmtp"
>>>>
>>>>prefork=0
>>>>
>>>>
>>>>>>}
>>>>>>
>>>>>>EVENTS {
>>>>>> checkpoint    cmd="ctl_cyrusdb -c" period=5
>>>>>>}
>>>>>>
>>>>>>Frontend imapd.conf
>>>>>>
>>>>>>configdirectory: /var/imap
>>>>>>partition-default: /tmp
>>>>>>admins: cyrus
>>>>>>sasl_pwcheck_method: saslauthd
>>>>>>allowplaintext: 1
>>>>>>mupdate_admin: murder
>>>>>>mupdate_server: frontend
>>>>>>mupdate_password: murder pass
>>>>>>proxy_authname: proxy
>>>>>>proxy_password: proxy pass
>>>>>>unixhierarchysep: 1
>>>>>>sasl_mech_list: PLAIN
>>>>>>
>>>>>>
>>>>>>Backend cyrus.conf
>>>>>>
>>>>>>START {
>>>>>> recover       cmd="ctl_cyrusdb -r"
>>>>>> mupdatepush   cmd="ctl_mboxlist -m"
>>>>>>}
>>>>>>
>>>>>># UNIX sockets start with a slash and are put into /var/imap/sockets
>>>>>>SERVICES {
>>>>>> # add or remove based on preferences
>>>>>> imap          cmd="imapd" listen="imap" prefork=5
>>>>>> pop3          cmd="pop3d" listen="pop3" prefork=0  maxchild=-1
>>>>>>
>>>>>> # at least one LMTP is required for delivery
>>>>>> lmtp          cmd="lmtpd" listen="lmtp" prefork=2
>>>>>>
>>>>>>}
>>>>>>EVENTS {
>>>>>> # this is required
>>>>>> checkpoint    cmd="ctl_cyrusdb -c" period=5
>>>>>>}
>>>>>>
>>>>>>Backend imapd.conf
>>>>>>
>>>>>>configdirectory: /var/imap
>>>>>>partition-default: /var/spool/imap
>>>>>>admins: cyrus
>>>>>>mupdate_server: frontend
>>>>>>mupdate_authname: murder
>>>>>>mupdate_password: murder pass
>>>>>>
>>>>>>allowplaintext: yes
>>>>>>sasl_pwcheck_method: saslauthd
>>>>>>sasl_mech_list: PLAIN DIGEST-MD5
>>>>>>proxyservers: proxy
>>>>>>unixhierarchysep: 1
>>>>>>defaultacl: anyone rsd
>>>>>>
>>>>>>
>>>>>>---
>>>>>>Home Page: http://asg.web.cmu.edu/cyrus
>>>>>>Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>>>>>>List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>>>>>
>>>>>
>>>>>
>>>>>-- 
>>>>>Kenneth Murchison     Oceana Matrix Ltd.
>>>>>Software Engineer     21 Princeton Place
>>>>>716-662-8973 x26      Orchard Park, NY 14127
>>>>>--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp
>>>>>
>>>>>
>>>>
>>>>
>>>>---
>>>>Home Page: http://asg.web.cmu.edu/cyrus
>>>>Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>>>>List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>>>
>>>
>>>
>>>-- 
>>>Kenneth Murchison     Oceana Matrix Ltd.
>>>Software Engineer     21 Princeton Place
>>>716-662-8973 x26      Orchard Park, NY 14127
>>>--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp
>>>---
>>>Home Page: http://asg.web.cmu.edu/cyrus
>>>Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>>>List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>>
> 


-- 
Kenneth Murchison     Oceana Matrix Ltd.
Software Engineer     21 Princeton Place
716-662-8973 x26      Orchard Park, NY 14127
--PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

More information about the Info-cyrus mailing list