We are having problems with the latest Dovecot 1.0 (RC15) regarding file descriptors > 255 being handed off to fdopen() via crypt() via PAM(?). This is a problem on Solaris 10 due to the fact that the stdio library does not support file descriptors > 255 (in order to remain binary-compatibile with older binaries). Here are the messages we run into if we get too many (~250?) concurrent IMAP/POP sessions: Jan 3 13:03:14 hostname dovecot-auth[5799]: crypt: fdopen(265) failed: Too many open files Jan 3 13:03:14 hostname dovecot-auth[5799]: crypt: fdopen(265) failed: Too many open files Jan 3 13:03:15 hostname dovecot: auth(default): pam(username,10.1.1.1): Child process died Jan 3 13:03:15 hostname dovecot: auth(default): PAM: Child 5799 died with signal 11 Questions: 1) Is there a file descriptor leak, or are there supposed to be this many open pipes in dovecot-auth? (master dovecot has way more than 256 at this point, but apparently does not use stdio.) 2) Has anyone tried compiling Dovecot in 64-bit mode (-xarch=v9)? I have tested the fact that this removes the >255 fd limitation in Solaris 9/10. 3) Has anyone even run into this problem on Solaris? I imagine anyone with more than 250 or so simultaneous IMAP/POP sessions would have had to run into it by now. 4) Anyone have any suggested workarounds (besides compiling in 64-bit mode)? We have upwards of 4500 simultaneous IMAP connections alone on some of our servers (running UW IMAP still), so we obviously need to address this problem before we can fully deploy dovecot in our environment. -- Steven F. Siirila Office: Lind Hall, Room 130B Internet Services E-mail: sfs at umn.edu Office of Information Technology Voice: (612) 626-0244 University of Minnesota Fax: (612) 626-7593
On 3.1.2007, at 22.54, Steven F Siirila wrote:> Jan 3 13:03:14 hostname dovecot-auth[5799]: crypt: fdopen(265) > failed: Too many open files > Jan 3 13:03:14 hostname dovecot-auth[5799]: crypt: fdopen(265) > failed: Too many open files > Jan 3 13:03:15 hostname dovecot: auth(default): pam(username, > 10.1.1.1): Child process died > Jan 3 13:03:15 hostname dovecot: auth(default): PAM: Child 5799 > died with signal 11 > > Questions: > > 1) Is there a file descriptor leak, or are there supposed to be > this many > open pipes in dovecot-auth? (master dovecot has way more than > 256 at > this point, but apparently does not use stdio.)Each imap-login and pop3-login connects to dovecot-auth. So if you've about 250 SSL/TLS connections, or 250 users logging in at the same time, and login_process_per_connection=yes, I guess this could happen. So login_process_per_connection=no should work around this.> 2) Has anyone tried compiling Dovecot in 64-bit mode (-xarch=v9)? > I have > tested the fact that this removes the >255 fd limitation in > Solaris 9/10.A lot of people are using 64bit Dovecot at least with x86-64. I don't see why crypt() want to open any files though. -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20070103/9842e40b/attachment.bin>
Seemingly Similar Threads
- [sfs: dovecot-auth file descriptor usage]
- dovecot-auth file descriptor usage
- [sfs@tc.umn.edu: Re: dovecot-auth file descriptor usage]
- Memory leak with tons of closed connections
- [PATCH nbdkit] server: Allow file descriptors to be passed to nbdkit_read_password.