idled vs poll

Scott Adkins adkinss at ohio.edu
Wed Oct 18 08:59:29 EDT 2006 

--On Wednesday, October 18, 2006 2:00 PM +0200 Sebastian Hagedorn <Hagedorn at uni-koeln.de> wrote:

> --On 18. Oktober 2006 11:25:09 +0100 Adam Stephens <Adam.Stephens at bristol.ac.uk> wrote:
>
>> We deployed idled here over the summer on our main staff IMAP server, a
>> Sunfire v480 running Solaris 8 and cyrus-imap 2.2.12. It typically has
>> about 13,000 concurrent IMAP processes
>
> Wow, that's a lot of sessions! I'm surprised about that. We have about
> 35,000 users, yet we rarely have more than 700 concurrent IMAP processes.

We regularly have between 10,000 and 13,000 concurrent processes each day,
depending on the day of the week (heavier on Mon-Wed).

>> cannot connect to saslauthd server: Connection refused
>> Failed to connect to socket /var/cyrus/imap/socket/lmtp for
>>        local_cyrus_deliver
>> transport: Connection refused
>> error sending to idled: 0

The first thing I would do here is to use LMTP as a TCP socket instead of
a UNIX domain socket.  We use Tru64 in our environment, and when I first
deployed Cyrus under that architecture, the first thing I noticed what that
as load increased, the more "connection refused" messages I saw with LMTP.
Pointing my MTA to a TCP LMTP socket completely eliminated that problem for
us.  However, you should still keep the UNIX socket, since the "deliver"
program still uses that instead of the TCP socket (the last time I checked).

Additionally, when setting up the TCP socket, it would be good to set it to
listen only on localhost or a private address (to prevent Internet users
from connecting to your LMTP server and bypassing your MTA and spam/virus
filtering controls).  It is either that, or you configure authentication
for the LMTP server (which, admittedly, I have never done).

For SASL, I don't know if there can be any changes there.  We use UNIX
sockets for it as well, and I haven't investigated to see if there is a
TCP socket option.  That might help if there is one.  On our system, when
I see load increase, I definitely see SASL authentication take longer as
well.  We have worked most of our load problems out (Tru64 related), so
that has improved considerably.  We use the "poll" method, not "idled".

Good luck.
Scott
-- 
 +-----------------------------------------------------------------------+
      Scott W. Adkins                http://www.cns.ohiou.edu/~sadkins/
   UNIX Systems Engineer                  mailto:adkinss at ohio.edu
        ICQ 7626282                 Work (740)593-9478 Fax (740)593-1944
 +-----------------------------------------------------------------------+
     PGP Public Key available at http://www.cns.ohiou.edu/~sadkins/pgp/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 229 bytes
Desc: not available
Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20061018/6204e2cd/attachment.bin

More information about the Info-cyrus mailing list