[Dovecot] "Maximum number of connections from user+IP exceeded" solution [Error countermeasures]
table of contents
Hello everyone.
I'm Naka from the Systems Solutions Department, and I tend to skip lunch so I can enjoy eating out in the evening.
When connecting to the mail server using an email client tool (Thunderbird),an error occurred and the connection was disconnected (i.e., the connection became unstable).
If you look at the server-side logs, Maximum number of connections from user+IP exceeded "you may see an error log related to Dovecot that says
the Dovecot error " Maximum number of connections from user+IP exceeded describes how to resolve and address
Assumed error environment
■Mail server: OS
AlmaLinux 9.x■Mail Servers: Middleware
postfix.x86_64 2:3.5.9-24.el9 @appstream
dovecot.x86_64 1:2.3.16-10.el9 @appstream■Client connection method:
IMAP■ Email client tool
Thunderbird (Windows environment)
Possible error situations
The connection of the email client tool (Thunderbird) to the mail server (Postfix/Dovecot) is terminated due to a connection error
This situation is having a direct impact, with email server users losing their connections, so we need to take action quickly
■Thunderbard errors confirmed by the author
Connection error:
Connection timed out: no further information
How to check the mail server log
$ less /var/log/maillog Oct 01 19:00:00 example-host dovecot[xxxx]: imap-login: Disconnected: Maximum number of connections from user+IP exceeded (mail_max_userip_connections=10): user=<email address>, method=PLAIN, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, TLS, session=<xxxxx>
Cause of the error
I have divided the log content and added explanations to it
| Log text | Commentary |
| Oct 01 19:00:00 example-host dovecot[xxxx]: | Date and time of occurrence, host name, error source (dovecot) |
| imap-login: Disconnected: | Description of the issue: The IMAPlogin was disconnected. |
| Maximum number of connections from user+IP exceeded | Error message translation:The maximum number of connections from this user's IP address has been exceeded. |
| (mail_max_userip_connections=10): | (Current configuration parameters and their values related to the error) Maximum number of simultaneous connections allowed for the same user from the same IP address |
| user=<email address>,method=PLAIN,rip=xxx.xxx.xxx.xxx,lip=xxx.xxx.xxx.xxx, TLS, session=<xxxxx> | Information about the user who was disconnected (email address) and connection information (IP address, etc.) |
Regarding this error, the log text on the server side (Dovecot) provides detailed information about the situation, including parameters
The log message states, "The maximum number of connections from user IP addresses to the target email address has been exceeded, so the login has been disconnected."
The related parameter " (mail_max_userip_connections=10): " is listed next.
Thisthe maximum number of simultaneous connections allowed for the same user from the same IP addresssetting specifies10(the current setting and the default value for IMAP)" is set as the maximum value.
because more than this value (10) of "connections to the same user from the same IP address" were madeIt appears that an error occurred and existing connections were disconnected
Solution
In this case, we are using an IMAP connection, so we will edit 20-imap.conf, which is Dovecot's IMAP conf
Correct or add the value of the parameter "mail_max_userip_connections" to a value that exceeds the expected number of connections
After that, I reloaded the Dovecot configuration and the updated parameters were reflected, which solved the problem in my case
■1. Back up 20-imap.conf
Before making any changes, make a dated backup
There's a possibility that you might accidentally save it with all its contents deleted, so it's best to keep a copy just in case.
(If it's only for temporary use, placing it in /tmp would be fine.)
$ sudo cp -p /etc/dovecot/conf.d/20-imap.conf /etc/dovecot/conf.d/20-imap.conf.`date +%Y%m%d` $ ls -l /etc/dovecot/conf.d/20-imap.conf* *Check the output
TIps: CentOS-Base.repo.`date +%Y%m%d`
Backticks (`)are used to treat the command result as a string.
Within that string, the `data` command is used to display the date and time, specifying the format (year, month, day).
This is convenient because you can take a backup without having to look at a calendar, with the file name ending in the date and year at the time the command was executed
Aside: "Will the backup be loaded?" → "No, it won't load."
In the default Dovecot configuration, the setting "!include conf.d/*.conf" is written to "/etc/dovecot/dovecot.conf"
$ less /etc/dovecot/dovecot.conf ~near the end~ !include conf.d/*.conf
This setting loads the conf files for each divided item under conf.d
The files that are read will only be those that match the condition "*.conf", so this backup, which ends with the date, will not be read
■2. Procedure for modifying parameters in dovecot.conf
In my environment, the default value (10) was commented out and applied.
Therefore, I set the new value by modifying or adding to the code.
This time, we have added a setting of "50" so that the difference from the default value can be seen
$ sudo vi /etc/dovecot/conf.d/20-imap.conf ~Omitted~ protocol imap { ~Omitted~ #mail_max_userip_connections = 10 mail_max_userip_connections = 50 *Additional note}
■3. Check the differences
Check the differences between the edited 20-imap.conf and the backupconfirm that the additions and modifications were as intended.
$ diff /etc/dovecot/conf.d/20-imap.conf //etc/dovecot/conf.d/20-imap.conf.`date +%Y%m%d`
■4. Procedure for reflecting to Dovecot (reloading settings)
I'll use `systemctl reload` to apply the changes.
I'm checking the status before and after execution to make sure there are no problems with the system's state.
systemctl status dovecot systemctl reload dovecot systemctl status dovecot
■5. Check the connection
Please connect using your email client tool (Thunderbard).
If you can establish a stable connection without errors after a certain period of time, the issue should be resolved.
■Complete
This completes the solution to Dovecot's "Maximum number of connections from user+IP exceeded" error
When taking precautions in advance
Furthermore, even if no errors are currently occurring,the "number of simultaneous connections per user per IP address" thatis expected to exceed the set value
, it is advisable to set a larger value in advance to prevent errors from occurring.
There is no need to adjust any other parameters when taking preventative measures; the same settings as in the solution method will suffice
If you're using a single email address for system notifications and other purposes, the number of simultaneous connections will likely increase.
When building the server, it's best to set a slightly larger value from the start.
lastly
It's a basic point - "look at the log, check the parameters, and take action" - but writing this article made me realize once again how important it is
The error itself is probably simple, but it's easy to panic because it's affecting mail server users. However,
if you check and investigate the information regarding the situation, it's a case that can be resolved quickly, so it's important to remain calm, especially in times of emergency.
I hope this article provides some useful knowledge and information to those who read it.
Thank you for reading this far.
Reference information
Authentication | Dovecot Official Documentation
https://doc.dovecot.org/2.3/configuration_manual/authentication/
4
Loading...4 
The person who wrote this article
About the author
