-
Notifications
You must be signed in to change notification settings - Fork 146
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Lmtp ratelimit #5032
base: master
Are you sure you want to change the base?
Lmtp ratelimit #5032
Conversation
3883ac5
to
f4ecbc9
Compare
Sadly there's no test cases for maxlogins in general, and it's particularly hard to test for this case, because it only limits while the lmtp delivery itself is happening, so you'd need to hold a lock on the user's conversationsdb! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approved under the condition that we won't merge until further testing shows this is sane. Tagged as Do-Not-Merge.
f4ecbc9
to
7e28426
Compare
7e28426
to
1fc4495
Compare
I rebased and merged in some patch code for the return code - I had originally had it coming from lib/proc.c but we don't have IMAP errors there, and when I removed that bit I forgot to add it to the caller. That's now fixed :) |
1fc4495
to
d94a10c
Compare
d94a10c
to
511585c
Compare
This means that somebody with 5 imap connections won't be locked out from pop, but more importantly won't block lmtp delivery once we add that as a limitable service.
The sends a sensible 4xx response back to the user, with an error message saying which limit was hit
f2c2f2f
to
71cf8ef
Compare
We're running into issues in Fastmail production where a single mailbox locked up for a crazy amount of time can cause starvation by having hundreds of lmtp processes waiting on locks.
We could test for locks, but it's OK to have a few waiting - we should just tell the rest to try again later. This re-uses the
proc_checklimit in lmtpd to check the limits for each userid before trying to lock their conversations.db, and returns a useful 451 code to the sender saying that there are too many connections for this user.
We'll probably set something like a 10 process limit for our servers, which allows for all the MXes to send one and a few spares still open.