[Dovecot] "Maximum number of connections from user+IP exceeded" solution [Error countermeasures]

2024.10.03

4 votes, average: 1.00 / 14
1,262
X Facebook Hatena Bookmark pocket
Error Dovecot Mail

Hello everyone.
I'm Naka, a member of the System Solutions Department who tends to skip lunch so I can enjoy eating out at night.

When connecting to the mail server using an email client tool (Thunderbird), an error occurs and the connection is disconnected (i.e. the connection becomes unstable).

When looking at the server-side logs, you may see the error log for Dovecot outputting Maximum number of connections from user+IP exceeded "

we will describe how to solve and address the Dovecot error " Maximum number of connections from user+IP exceeded

Assumed error environment

■Mail server: OS
AlmaLinux 9.x

■Mail server: Middleware
postfix.x86_64 2:3.5.9-24.el9 @appstream
dovecot.x86_64 1:2.3.16-10.el9 @appstream

■Connection method from client:
IMAP

■ Email client tool
Thunderbird (Windows environment)

Possible error situations

The connection of the email client tool (Thunderbird) to the mail server (Postfix/Dovecot) is terminated due to a connection error

This situation is having a direct impact, with email server users losing their connections, so we need to take action quickly

■Thunderbard errors confirmed by the author

Connection error:
Connection timed out: no further information

How to check the mail server log

$ less /var/log/maillog Oct 01 19:00:00 example-host dovecot[xxxx]: imap-login: Disconnected: Maximum number of connections from user+IP exceeded (mail_max_userip_connections=10): user=<email address>, method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, TLS, session=<xxxxx>

Cause of the error

I have divided the log content and added explanations to it

Log text Commentary
Oct 01 19:00:00 example-host dovecot[xxxx]: Date and time of occurrence, host name, error source (dovecot)
imap-login: Disconnected: Symptom: IMAP login was terminated.
Maximum number of connections from user+IP exceeded Error translation: Maximum number of connections from user IP exceeded
(mail_max_userip_connections=10):  (The current configuration parameter and its value related to the error)
The maximum number of simultaneous connections allowed for the same user from the same IP address
user=<email address>,method=PLAIN,rip=xxx.xxx.xxx.xxx,lip=xxx.xxx.xxx.xxx, TLS, session=<xxxxx> Information about the user who was disconnected (email address) and connection information (IP address, etc.)

Regarding this error, the log text on the server side (Dovecot) provides detailed information about the situation, including parameters

The log content is " The login was terminated because the maximum number of connections from the user IP address to the target email address was exceeded ."

Next, the related parameter " (mail_max_userip_connections=10): " is listed.
This is the setting for "Maximum number of simultaneous connections allowed for the same user from the same IP address," and indicates that the current maximum value is 10

that the number of connections made to the same user from the same IP address exceeded this value (10) , resulting in an error and disconnecting the existing connection.

Solution

In this case, we are using an IMAP connection, so we will edit 20-imap.conf, which is Dovecot's IMAP conf

Correct or add the value of the parameter "mail_max_userip_connections" to a value that exceeds the expected number of connections

After that, I reloaded the Dovecot configuration and the updated parameters were reflected, which solved the problem in my case

■1. Back up 20-imap.conf

Before making any changes, make a dated backup

It is possible that you may accidentally delete all of the contents and save it, so keep it just in case.
(If you only need it for work, you can place it in /tmp.)

$ sudo cp -p /etc/dovecot/conf.d/20-imap.conf /etc/dovecot/conf.d/20-imap.conf.`date +%Y%m%d` $ ls -l /etc/dovecot/conf.d/20-imap.conf* *Check the output

TIps: CentOS-Base.repo.`date +%Y%m%d`

The command result is treated as a string using
backquotes (`) Within this, the data command, which can display the date and time, is used with the specified format (year, month, day).

This is convenient because you can take a backup without having to look at a calendar, with the file name ending in the date and year at the time the command was executed

Aside: "Will the backup be loaded?" → "No, it won't load."

In the default Dovecot configuration, the setting "!include conf.d/*.conf" is written to "/etc/dovecot/dovecot.conf"

$ less /etc/dovecot/dovecot.conf ~near the end~ !include conf.d/*.conf

This setting loads the conf files for each divided item under conf.d

The files that are read will only be those that match the condition "*.conf", so this backup, which ends with the date, will not be read

■2. Procedure for modifying parameters in dovecot.conf

In my environment, the default value (10) was entered and applied in a commented state.
Therefore, I set a new value by modifying or adding it.

This time, we have added a setting of "50" so that the difference from the default value can be seen

$ sudo vi /etc/dovecot/conf.d/20-imap.conf ~Omitted~ protocol imap { ~Omitted~ #mail_max_userip_connections = 10 mail_max_userip_connections = 50 *Additional note}

■3. Check the differences

Check the differences between the edited 20-imap.conf and the backup to make sure the additions and modifications are as intended .

$ diff /etc/dovecot/conf.d/20-imap.conf //etc/dovecot/conf.d/20-imap.conf.`date +%Y%m%d`

■4. Procedure for reflecting to Dovecot (reloading settings)

Run systemctl reload to reflect the changes.
Use status before and after execution to check if there are any problems.

systemctl status dovecot systemctl reload dovecot systemctl status dovecot

■5. Check the connection

Please connect using your email client tool (Thunderbard).
If you can connect stably without any errors after a certain amount of time has passed, the problem has likely been resolved.

■Complete

This completes the solution to Dovecot's "Maximum number of connections from user+IP exceeded" error

When taking precautions in advance

Also, even if no errors are currently occurring, if you anticipate that
the "number of simultaneous connections per user per IP address" take measures to prevent errors from occurring by setting a larger value in advance .

There is no need to adjust any other parameters when taking preventative measures; the same settings as in the solution method will suffice

If you are also using another email address for system notifications, the number of simultaneous connections will likely increase.
When building your server, it is best to set this to a slightly larger value from the start.

lastly

It's a basic point - "look at the log, check the parameters, and take action" - but writing this article made me realize once again how important it is

The error itself may be simple, but it is a situation that can easily lead to panic as it is affecting users of the mail server.
If you check and investigate the information about the situation, you can deal with the issue in a short time, so it is important to remain calm when something abnormal happens.

I hope this article will provide some useful knowledge and information to those who read it.
Thank you for reading this far.

Reference information

Authentication | Dovecot Official Documentation
https://doc.dovecot.org/2.3/configuration_manual/authentication/

If you found this article useful, please click [Like]!
4
Loading...
4 votes, average: 1.00 / 14
1,262
X Facebook Hatena Bookmark pocket

The person who wrote this article

About the author

inside

I joined Beyond mid-career and
in the System Solutions Department
. I have LPIC-3 304 and AWS SAA certifications.

[Training Review] This is what happens when you use Google Cloud with the same feeling as AWS [Beginners Must-See] Just look at this! Explains the basics of servers in an easy-to-understand way with illustrations