Commit c7595012 authored by Joshua Tauberer's avatar Joshua Tauberer

set dovecot default_process_limit and fs.inotify.max_user_instances to better defaults

See https://discourse.mailinabox.email/t/mailserver-limits/228.
parent f141af4b
...@@ -4,6 +4,10 @@ CHANGELOG ...@@ -4,6 +4,10 @@ CHANGELOG
in development in development
-------------- --------------
Mail:
* Set better default syste limits to accommodate boxes handling mail for 20+ users.
Control panel: Control panel:
* Status checks would fail to load if openssh-sever was not pre-installed, but openssh-server is not required. * Status checks would fail to load if openssh-sever was not pre-installed, but openssh-server is not required.
......
...@@ -26,6 +26,23 @@ apt_install \ ...@@ -26,6 +26,23 @@ apt_install \
# The `dovecot-imapd` and `dovecot-lmtpd` packages automatically enable IMAP and LMTP protocols. # The `dovecot-imapd` and `dovecot-lmtpd` packages automatically enable IMAP and LMTP protocols.
# Set basic daemon options.
# The `default_process_limit` is 100, which constrains the total number
# of active IMAP connections (at, say, 5 open connections per user that
# would be 20 users). Set it to 250 times the number of cores this
# machine has, so on a two-core machine that's 500 processes/100 users).
tools/editconf.py /etc/dovecot/conf.d/10-master.conf \
default_process_limit=$(echo "`nproc` * 250" | bc)
# The inotify `max_user_instances` default is 128, which constrains
# the total number of watched (IMAP IDLE push) folders by open connections.
# See http://www.dovecot.org/pipermail/dovecot/2013-March/088834.html.
# A reboot is required for this to take effect (which we don't do as
# as a part of setup). Test with `cat /proc/sys/fs/inotify/max_user_instances`.
tools/editconf.py /etc/sysctl.conf \
fs.inotify.max_user_instances=1024
# Set the location where we'll store user mailboxes. '%d' is the domain name and '%n' is the # Set the location where we'll store user mailboxes. '%d' is the domain name and '%n' is the
# username part of the user's email address. We'll ensure that no bad domains or email addresses # username part of the user's email address. We'll ensure that no bad domains or email addresses
# are created within the management daemon. # are created within the management daemon.
......
...@@ -20,9 +20,11 @@ hide_output apt-get -y upgrade ...@@ -20,9 +20,11 @@ hide_output apt-get -y upgrade
# * ntp: keeps the system time correct # * ntp: keeps the system time correct
# * fail2ban: scans log files for repeated failed login attempts and blocks the remote IP at the firewall # * fail2ban: scans log files for repeated failed login attempts and blocks the remote IP at the firewall
# * sudo: allows privileged users to execute commands as root without being root # * sudo: allows privileged users to execute commands as root without being root
# * coreutils: includes `nproc` tool to report number of processors
# * bc: allows us to do math to compute sane defaults
apt_install python3 python3-dev python3-pip \ apt_install python3 python3-dev python3-pip \
wget curl sudo \ wget curl sudo coreutils bc \
haveged unattended-upgrades ntp fail2ban haveged unattended-upgrades ntp fail2ban
# Allow apt to install system updates automatically every day. # Allow apt to install system updates automatically every day.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment