set dovecot default_process_limit and fs.inotify.max_user_instances to better defaults
See https://discourse.mailinabox.email/t/mailserver-limits/228.
This commit is contained in:
parent
f141af4b61
commit
c75950125d
3 changed files with 24 additions and 1 deletions
|
@ -4,6 +4,10 @@ CHANGELOG
|
||||||
in development
|
in development
|
||||||
--------------
|
--------------
|
||||||
|
|
||||||
|
Mail:
|
||||||
|
|
||||||
|
* Set better default syste limits to accommodate boxes handling mail for 20+ users.
|
||||||
|
|
||||||
Control panel:
|
Control panel:
|
||||||
|
|
||||||
* Status checks would fail to load if openssh-sever was not pre-installed, but openssh-server is not required.
|
* Status checks would fail to load if openssh-sever was not pre-installed, but openssh-server is not required.
|
||||||
|
|
|
@ -26,6 +26,23 @@ apt_install \
|
||||||
|
|
||||||
# The `dovecot-imapd` and `dovecot-lmtpd` packages automatically enable IMAP and LMTP protocols.
|
# The `dovecot-imapd` and `dovecot-lmtpd` packages automatically enable IMAP and LMTP protocols.
|
||||||
|
|
||||||
|
# Set basic daemon options.
|
||||||
|
|
||||||
|
# The `default_process_limit` is 100, which constrains the total number
|
||||||
|
# of active IMAP connections (at, say, 5 open connections per user that
|
||||||
|
# would be 20 users). Set it to 250 times the number of cores this
|
||||||
|
# machine has, so on a two-core machine that's 500 processes/100 users).
|
||||||
|
tools/editconf.py /etc/dovecot/conf.d/10-master.conf \
|
||||||
|
default_process_limit=$(echo "`nproc` * 250" | bc)
|
||||||
|
|
||||||
|
# The inotify `max_user_instances` default is 128, which constrains
|
||||||
|
# the total number of watched (IMAP IDLE push) folders by open connections.
|
||||||
|
# See http://www.dovecot.org/pipermail/dovecot/2013-March/088834.html.
|
||||||
|
# A reboot is required for this to take effect (which we don't do as
|
||||||
|
# as a part of setup). Test with `cat /proc/sys/fs/inotify/max_user_instances`.
|
||||||
|
tools/editconf.py /etc/sysctl.conf \
|
||||||
|
fs.inotify.max_user_instances=1024
|
||||||
|
|
||||||
# Set the location where we'll store user mailboxes. '%d' is the domain name and '%n' is the
|
# Set the location where we'll store user mailboxes. '%d' is the domain name and '%n' is the
|
||||||
# username part of the user's email address. We'll ensure that no bad domains or email addresses
|
# username part of the user's email address. We'll ensure that no bad domains or email addresses
|
||||||
# are created within the management daemon.
|
# are created within the management daemon.
|
||||||
|
|
|
@ -20,9 +20,11 @@ hide_output apt-get -y upgrade
|
||||||
# * ntp: keeps the system time correct
|
# * ntp: keeps the system time correct
|
||||||
# * fail2ban: scans log files for repeated failed login attempts and blocks the remote IP at the firewall
|
# * fail2ban: scans log files for repeated failed login attempts and blocks the remote IP at the firewall
|
||||||
# * sudo: allows privileged users to execute commands as root without being root
|
# * sudo: allows privileged users to execute commands as root without being root
|
||||||
|
# * coreutils: includes `nproc` tool to report number of processors
|
||||||
|
# * bc: allows us to do math to compute sane defaults
|
||||||
|
|
||||||
apt_install python3 python3-dev python3-pip \
|
apt_install python3 python3-dev python3-pip \
|
||||||
wget curl sudo \
|
wget curl sudo coreutils bc \
|
||||||
haveged unattended-upgrades ntp fail2ban
|
haveged unattended-upgrades ntp fail2ban
|
||||||
|
|
||||||
# Allow apt to install system updates automatically every day.
|
# Allow apt to install system updates automatically every day.
|
||||||
|
|
Loading…
Reference in a new issue