We are having problems with the latest Dovecot 1.0 (RC15) regarding
file descriptors > 255 being handed off to fdopen() via crypt() via PAM(?).
This is a problem on Solaris 10 due to the fact that the stdio library does
not support file descriptors > 255 (in order to remain binary-compatibile
with older binaries). Here are the messages we run into if we get too many
(~250?) concurrent IMAP/POP sessions:
Jan 3 13:03:14 hostname dovecot-auth[5799]: crypt: fdopen(265) failed: Too many
open files
Jan 3 13:03:14 hostname dovecot-auth[5799]: crypt: fdopen(265) failed: Too many
open files
Jan 3 13:03:15 hostname dovecot: auth(default): pam(username,10.1.1.1): Child
process died
Jan 3 13:03:15 hostname dovecot: auth(default): PAM: Child 5799 died with
signal 11
Questions:
1) Is there a file descriptor leak, or are there supposed to be this many
open pipes in dovecot-auth? (master dovecot has way more than 256 at
this point, but apparently does not use stdio.)
2) Has anyone tried compiling Dovecot in 64-bit mode (-xarch=v9)? I have
tested the fact that this removes the >255 fd limitation in Solaris 9/10.
3) Has anyone even run into this problem on Solaris? I imagine anyone with
more than 250 or so simultaneous IMAP/POP sessions would have had to run
into it by now.
4) Anyone have any suggested workarounds (besides compiling in 64-bit mode)?
We have upwards of 4500 simultaneous IMAP connections alone on some of our
servers (running UW IMAP still), so we obviously need to address this problem
before we can fully deploy dovecot in our environment.
--
Steven F. Siirila Office: Lind Hall, Room 130B
Internet Services E-mail: sfs at umn.edu
Office of Information Technology Voice: (612) 626-0244
University of Minnesota Fax: (612) 626-7593
On 3.1.2007, at 22.54, Steven F Siirila wrote:> Jan 3 13:03:14 hostname dovecot-auth[5799]: crypt: fdopen(265) > failed: Too many open files > Jan 3 13:03:14 hostname dovecot-auth[5799]: crypt: fdopen(265) > failed: Too many open files > Jan 3 13:03:15 hostname dovecot: auth(default): pam(username, > 10.1.1.1): Child process died > Jan 3 13:03:15 hostname dovecot: auth(default): PAM: Child 5799 > died with signal 11 > > Questions: > > 1) Is there a file descriptor leak, or are there supposed to be > this many > open pipes in dovecot-auth? (master dovecot has way more than > 256 at > this point, but apparently does not use stdio.)Each imap-login and pop3-login connects to dovecot-auth. So if you've about 250 SSL/TLS connections, or 250 users logging in at the same time, and login_process_per_connection=yes, I guess this could happen. So login_process_per_connection=no should work around this.> 2) Has anyone tried compiling Dovecot in 64-bit mode (-xarch=v9)? > I have > tested the fact that this removes the >255 fd limitation in > Solaris 9/10.A lot of people are using 64bit Dovecot at least with x86-64. I don't see why crypt() want to open any files though. -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20070103/9842e40b/attachment.bin>
Reasonably Related Threads
- [sfs: dovecot-auth file descriptor usage]
- dovecot-auth file descriptor usage
- [sfs@tc.umn.edu: Re: dovecot-auth file descriptor usage]
- Memory leak with tons of closed connections
- [PATCH nbdkit] server: Allow file descriptors to be passed to nbdkit_read_password.