diff --git a/CHANGELOG.md b/CHANGELOG.md index 0915832..97bdb46 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ CHANGELOG in development -------------- +Mail: + +* Set better default syste limits to accommodate boxes handling mail for 20+ users. + Control panel: * Status checks would fail to load if openssh-sever was not pre-installed, but openssh-server is not required. diff --git a/setup/mail-dovecot.sh b/setup/mail-dovecot.sh index bad44b3..959ab39 100755 --- a/setup/mail-dovecot.sh +++ b/setup/mail-dovecot.sh @@ -26,6 +26,23 @@ apt_install \ # The `dovecot-imapd` and `dovecot-lmtpd` packages automatically enable IMAP and LMTP protocols. +# Set basic daemon options. + +# The `default_process_limit` is 100, which constrains the total number +# of active IMAP connections (at, say, 5 open connections per user that +# would be 20 users). Set it to 250 times the number of cores this +# machine has, so on a two-core machine that's 500 processes/100 users). +tools/editconf.py /etc/dovecot/conf.d/10-master.conf \ + default_process_limit=$(echo "`nproc` * 250" | bc) + +# The inotify `max_user_instances` default is 128, which constrains +# the total number of watched (IMAP IDLE push) folders by open connections. +# See http://www.dovecot.org/pipermail/dovecot/2013-March/088834.html. +# A reboot is required for this to take effect (which we don't do as +# as a part of setup). Test with `cat /proc/sys/fs/inotify/max_user_instances`. +tools/editconf.py /etc/sysctl.conf \ + fs.inotify.max_user_instances=1024 + # Set the location where we'll store user mailboxes. '%d' is the domain name and '%n' is the # username part of the user's email address. We'll ensure that no bad domains or email addresses # are created within the management daemon. diff --git a/setup/system.sh b/setup/system.sh index 984d1a5..d0c8061 100755 --- a/setup/system.sh +++ b/setup/system.sh @@ -20,9 +20,11 @@ hide_output apt-get -y upgrade # * ntp: keeps the system time correct # * fail2ban: scans log files for repeated failed login attempts and blocks the remote IP at the firewall # * sudo: allows privileged users to execute commands as root without being root +# * coreutils: includes `nproc` tool to report number of processors +# * bc: allows us to do math to compute sane defaults apt_install python3 python3-dev python3-pip \ - wget curl sudo \ + wget curl sudo coreutils bc \ haveged unattended-upgrades ntp fail2ban # Allow apt to install system updates automatically every day.