Patrick Westenberg
2017-Aug-23 12:21 UTC
socketpair failed: Too many open files on Debian 9
I haven't done this on the old, working machine. So there must be a difference between Debian 7 and 9 how open files are handled? Regards Patrick Aki Tuomi schrieb:> You probably need to increase ulimit -n > > Aki > > > On 23.08.2017 14:10, Patrick Westenberg wrote: >> Hi @all, >> >> after re-installing one of my two frontends/proxy-servers I get the >> following error messages after some time (sometimes after 1h, sometimes >> after 24h): >> >> >> 11:23:55 imap-login: Error: socketpair() failed: Too many open files >> 11:23:55 imap-login: Error: socketpair() failed: Too many open files >> 11:23:56 imap-login: Error: socketpair() failed: Too many open files >> 11:23:56 imap-login: Error: socketpair() failed: Too many open files >> 11:23:57 imap-login: Error: socketpair() failed: Too many open files >> >> 11:26:17 imap-login: Error: socket() failed: Too many open files >> 11:26:17 imap-login: Error: proxy(post at example.com): connect(172.17.1.1, >> 143) failed: Too many open files (after 0 secs): >> user=<post at example.com>, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x, TLS, >> session=<FgPWTWhXa8dQjLoi> >> 11:26:17 imap-login: Error: socketpair() failed: Too many open files >> 11:26:17 imap-login: Error: proxy: SSL handshake failed to >> 172.17.1.1:143: user=<post at example.com>, method=PLAIN, rip=x.x.x.x, >> lip=x.x.x.x, TLS, session=<HALWTWhXasdQjLoi> >> 11:26:17 imap-login: Error: socket() failed: Too many open files >> 11:26:17 imap-login: Error: proxy(post at example.com): connect(172.17.1.1, >> 143) failed: Too many open files (after 0 secs): >> user=<post at example.com>, method=LOGIN, rip=x.x.x.x, lip=x.x.x.x, TLS, >> session=<HALWTWhXasdQjLoi> >> 11:26:17 imap-login: Error: socketpair() failed: Too many open files >> 11:26:17 imap-login: Error: proxy: SSL handshake failed to >> 172.17.1.1:143: user=<post at example.com>, method=LOGIN, rip=x.x.x.x, >> lip=x.x.x.x, TLS, session=<FgPWTWhXa8dQjLoi> >> 11:26:17 imap-login: Error: socket() failed: Too many open files >> >> >> As I switched from KVM to LXC my first idea was that this could be >> caused by LXC but this even happens with KVM. >> I tried dovecot 2.2.31 and 2.2.32.rc2. OS is Debian 9. >> >> These problems don't occur on my old machine (Debian 7). >> >> Any ideas? >> >> Regards >> Patrick >> >> >> >> >> # 2.2.32.rc2 (a350120ca): /usr/local/etc/dovecot/dovecot.conf >> # Pigeonhole version 0.4.19 (e5c7051) >> # OS: Linux 4.4.67-1-pve x86_64 Debian 9.1 >> auth_mechanisms = plain login >> director_mail_servers = 172.17.1.1 172.17.1.2 >> director_servers = 172.17.1.32 172.17.1.3 >> director_user_expire = 5 mins >> lmtp_proxy = yes >> log_path = /var/log/dovecot.log >> managesieve_notify_capability = mailto >> managesieve_sieve_capability = fileinto reject envelope >> encoded-character vacation subaddress comparator-i;ascii-numeric >> relational regex imap4flags copy include variables body enotify >> environment mailbox date index ihave duplicate mime foreverypart extracttext >> protocols = imap pop3 lmtp sieve >> service auth { >> unix_listener /var/spool/postfix/private/auth { >> group = postfix >> mode = 0666 >> user = postfix >> } >> unix_listener auth-userdb { >> user = dovecot >> } >> } >> service director { >> fifo_listener login/proxy-notify { >> mode = 0666 >> } >> inet_listener { >> address = 172.17.1.32 >> port = 9090 >> } >> unix_listener director-userdb { >> mode = 0600 >> } >> unix_listener login/director { >> mode = 0666 >> } >> } >> service imap-login { >> executable = imap-login director >> process_min_avail = 1 >> service_count = 0 >> } >> service lmtp { >> inet_listener lmtp { >> address = 172.17.1.32 >> port = 24 >> ssl = yes >> } >> process_min_avail = 20 >> } >> service managesieve-login { >> executable = managesieve-login director >> inet_listener sieve { >> port = 4190 >> } >> } >> service pop3-login { >> executable = pop3-login director >> } >> ssl_cert = </etc/ssl/certs/certum_wildcard.pem >> ssl_cipher_list >> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA >> ssl_dh_parameters_length = 2048 >> ssl_key = # hidden, use -P to show it >> ssl_prefer_server_ciphers = yes >> verbose_proctitle = yes >> protocol !smtp { >> passdb { >> args = proxy=y nopassword=y starttls=any-cert >> driver = static >> name >> } >> } >> protocol smtp { >> passdb { >> args = /usr/local/etc/dovecot/dovecot-sql.conf.ext >> driver = sql >> name >> } >> userdb { >> args = /usr/local/etc/dovecot/dovecot-sql.conf.ext >> driver = sql >> name >> } >> } >> protocol lmtp { >> auth_socket_path = director-userdb >> } >> >> ulimit -a >> core file size (blocks, -c) 0 >> data seg size (kbytes, -d) unlimited >> scheduling priority (-e) 0 >> file size (blocks, -f) unlimited >> pending signals (-i) 7978 >> max locked memory (kbytes, -l) 64 >> max memory size (kbytes, -m) unlimited >> open files (-n) 1024 >> pipe size (512 bytes, -p) 8 >> POSIX message queues (bytes, -q) 819200 >> real-time priority (-r) 0 >> stack size (kbytes, -s) 8192 >> cpu time (seconds, -t) unlimited >> max user processes (-u) 7978 >> virtual memory (kbytes, -v) unlimited >> file locks (-x) unlimited >> >> >> ########################### >> >> >> This machine has no problems: >> >> # 2.2.18: /usr/local/etc/dovecot/dovecot.conf >> # Pigeonhole version 0.4.8 (0c4ae064f307+) >> # OS: Linux 3.16.0-0.bpo.4-amd64 x86_64 Debian 7.11 >> auth_mechanisms = plain login >> director_mail_servers = 172.17.1.1 172.17.1.2 >> director_servers = 172.17.1.3 172.17.1.32 >> director_user_expire = 5 mins >> lmtp_proxy = yes >> log_path = /var/log/dovecot.log >> managesieve_notify_capability = mailto >> managesieve_sieve_capability = fileinto reject envelope >> encoded-character vacation subaddress comparator-i;ascii-numeric >> relational regex imap4flags copy include variables body enotify >> environment mailbox date index ihave duplicate >> protocols = imap pop3 lmtp sieve >> service auth { >> unix_listener /var/spool/postfix/private/auth { >> group = postfix >> mode = 0666 >> user = postfix >> } >> unix_listener auth-userdb { >> user = dovecot >> } >> } >> service director { >> fifo_listener login/proxy-notify { >> mode = 0666 >> } >> inet_listener { >> address = 172.17.1.3 >> port = 9090 >> } >> unix_listener director-userdb { >> mode = 0600 >> } >> unix_listener login/director { >> mode = 0666 >> } >> } >> service imap-login { >> executable = imap-login director >> process_min_avail = 1 >> service_count = 0 >> } >> service lmtp { >> inet_listener lmtp { >> address = 172.17.1.3 >> port = 24 >> ssl = yes >> } >> process_min_avail = 20 >> } >> service managesieve-login { >> executable = managesieve-login director >> inet_listener sieve { >> port = 4190 >> } >> } >> service pop3-login { >> executable = pop3-login director >> } >> ssl_cert = </etc/ssl/certs/certum_wildcard.pem >> ssl_cipher_list >> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA >> ssl_dh_parameters_length = 2048 >> ssl_key = </etc/ssl/private/certum_wildcard.key >> ssl_prefer_server_ciphers = yes >> ssl_protocols = !SSLv3 !SSLv2 >> verbose_proctitle = yes >> protocol !smtp { >> passdb { >> args = proxy=y nopassword=y starttls=any-cert >> driver = static >> name >> } >> } >> protocol smtp { >> passdb { >> args = /usr/local/etc/dovecot/dovecot-sql.conf.ext >> driver = sql >> name >> } >> userdb { >> args = /usr/local/etc/dovecot/dovecot-sql.conf.ext >> driver = sql >> name >> } >> } >> protocol lmtp { >> auth_socket_path = director-userdb >> } >> >> >> ulimit -a >> core file size (blocks, -c) 0 >> data seg size (kbytes, -d) unlimited >> scheduling priority (-e) 0 >> file size (blocks, -f) unlimited >> pending signals (-i) 257548 >> max locked memory (kbytes, -l) 64 >> max memory size (kbytes, -m) unlimited >> open files (-n) 1024 >> pipe size (512 bytes, -p) 8 >> POSIX message queues (bytes, -q) 819200 >> real-time priority (-r) 0 >> stack size (kbytes, -s) 8192 >> cpu time (seconds, -t) unlimited >> max user processes (-u) 257548 >> virtual memory (kbytes, -v) unlimited >> file locks (-x) unlimited
Hello, are you using systemd? May be you have to edit unit-file for dovecotservice and increase filelimit LimitNOFILE=infinity Hajo Am 23.08.2017 um 14:21 schrieb Patrick Westenberg:> I haven't done this on the old, working machine. > > So there must be a difference between Debian 7 and 9 how open files are > handled? > > Regards > Patrick > > > > Aki Tuomi schrieb: >> You probably need to increase ulimit -n >> >> Aki >> >> >> On 23.08.2017 14:10, Patrick Westenberg wrote: >>> Hi @all, >>> >>> after re-installing one of my two frontends/proxy-servers I get the >>> following error messages after some time (sometimes after 1h, sometimes >>> after 24h): >>> >>> >>> 11:23:55 imap-login: Error: socketpair() failed: Too many open files >>> 11:23:55 imap-login: Error: socketpair() failed: Too many open files >>> 11:23:56 imap-login: Error: socketpair() failed: Too many open files >>> 11:23:56 imap-login: Error: socketpair() failed: Too many open files >>> 11:23:57 imap-login: Error: socketpair() failed: Too many open files >>> >>> 11:26:17 imap-login: Error: socket() failed: Too many open files >>> 11:26:17 imap-login: Error: proxy(post at example.com): connect(172.17.1.1, >>> 143) failed: Too many open files (after 0 secs): >>> user=<post at example.com>, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x, TLS, >>> session=<FgPWTWhXa8dQjLoi> >>> 11:26:17 imap-login: Error: socketpair() failed: Too many open files >>> 11:26:17 imap-login: Error: proxy: SSL handshake failed to >>> 172.17.1.1:143: user=<post at example.com>, method=PLAIN, rip=x.x.x.x, >>> lip=x.x.x.x, TLS, session=<HALWTWhXasdQjLoi> >>> 11:26:17 imap-login: Error: socket() failed: Too many open files >>> 11:26:17 imap-login: Error: proxy(post at example.com): connect(172.17.1.1, >>> 143) failed: Too many open files (after 0 secs): >>> user=<post at example.com>, method=LOGIN, rip=x.x.x.x, lip=x.x.x.x, TLS, >>> session=<HALWTWhXasdQjLoi> >>> 11:26:17 imap-login: Error: socketpair() failed: Too many open files >>> 11:26:17 imap-login: Error: proxy: SSL handshake failed to >>> 172.17.1.1:143: user=<post at example.com>, method=LOGIN, rip=x.x.x.x, >>> lip=x.x.x.x, TLS, session=<FgPWTWhXa8dQjLoi> >>> 11:26:17 imap-login: Error: socket() failed: Too many open files >>> >>> >>> As I switched from KVM to LXC my first idea was that this could be >>> caused by LXC but this even happens with KVM. >>> I tried dovecot 2.2.31 and 2.2.32.rc2. OS is Debian 9. >>> >>> These problems don't occur on my old machine (Debian 7). >>> >>> Any ideas? >>> >>> Regards >>> Patrick >>> >>> >>> >>> >>> # 2.2.32.rc2 (a350120ca): /usr/local/etc/dovecot/dovecot.conf >>> # Pigeonhole version 0.4.19 (e5c7051) >>> # OS: Linux 4.4.67-1-pve x86_64 Debian 9.1 >>> auth_mechanisms = plain login >>> director_mail_servers = 172.17.1.1 172.17.1.2 >>> director_servers = 172.17.1.32 172.17.1.3 >>> director_user_expire = 5 mins >>> lmtp_proxy = yes >>> log_path = /var/log/dovecot.log >>> managesieve_notify_capability = mailto >>> managesieve_sieve_capability = fileinto reject envelope >>> encoded-character vacation subaddress comparator-i;ascii-numeric >>> relational regex imap4flags copy include variables body enotify >>> environment mailbox date index ihave duplicate mime foreverypart extracttext >>> protocols = imap pop3 lmtp sieve >>> service auth { >>> unix_listener /var/spool/postfix/private/auth { >>> group = postfix >>> mode = 0666 >>> user = postfix >>> } >>> unix_listener auth-userdb { >>> user = dovecot >>> } >>> } >>> service director { >>> fifo_listener login/proxy-notify { >>> mode = 0666 >>> } >>> inet_listener { >>> address = 172.17.1.32 >>> port = 9090 >>> } >>> unix_listener director-userdb { >>> mode = 0600 >>> } >>> unix_listener login/director { >>> mode = 0666 >>> } >>> } >>> service imap-login { >>> executable = imap-login director >>> process_min_avail = 1 >>> service_count = 0 >>> } >>> service lmtp { >>> inet_listener lmtp { >>> address = 172.17.1.32 >>> port = 24 >>> ssl = yes >>> } >>> process_min_avail = 20 >>> } >>> service managesieve-login { >>> executable = managesieve-login director >>> inet_listener sieve { >>> port = 4190 >>> } >>> } >>> service pop3-login { >>> executable = pop3-login director >>> } >>> ssl_cert = </etc/ssl/certs/certum_wildcard.pem >>> ssl_cipher_list >>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA >>> ssl_dh_parameters_length = 2048 >>> ssl_key = # hidden, use -P to show it >>> ssl_prefer_server_ciphers = yes >>> verbose_proctitle = yes >>> protocol !smtp { >>> passdb { >>> args = proxy=y nopassword=y starttls=any-cert >>> driver = static >>> name >>> } >>> } >>> protocol smtp { >>> passdb { >>> args = /usr/local/etc/dovecot/dovecot-sql.conf.ext >>> driver = sql >>> name >>> } >>> userdb { >>> args = /usr/local/etc/dovecot/dovecot-sql.conf.ext >>> driver = sql >>> name >>> } >>> } >>> protocol lmtp { >>> auth_socket_path = director-userdb >>> } >>> >>> ulimit -a >>> core file size (blocks, -c) 0 >>> data seg size (kbytes, -d) unlimited >>> scheduling priority (-e) 0 >>> file size (blocks, -f) unlimited >>> pending signals (-i) 7978 >>> max locked memory (kbytes, -l) 64 >>> max memory size (kbytes, -m) unlimited >>> open files (-n) 1024 >>> pipe size (512 bytes, -p) 8 >>> POSIX message queues (bytes, -q) 819200 >>> real-time priority (-r) 0 >>> stack size (kbytes, -s) 8192 >>> cpu time (seconds, -t) unlimited >>> max user processes (-u) 7978 >>> virtual memory (kbytes, -v) unlimited >>> file locks (-x) unlimited >>> >>> >>> ########################### >>> >>> >>> This machine has no problems: >>> >>> # 2.2.18: /usr/local/etc/dovecot/dovecot.conf >>> # Pigeonhole version 0.4.8 (0c4ae064f307+) >>> # OS: Linux 3.16.0-0.bpo.4-amd64 x86_64 Debian 7.11 >>> auth_mechanisms = plain login >>> director_mail_servers = 172.17.1.1 172.17.1.2 >>> director_servers = 172.17.1.3 172.17.1.32 >>> director_user_expire = 5 mins >>> lmtp_proxy = yes >>> log_path = /var/log/dovecot.log >>> managesieve_notify_capability = mailto >>> managesieve_sieve_capability = fileinto reject envelope >>> encoded-character vacation subaddress comparator-i;ascii-numeric >>> relational regex imap4flags copy include variables body enotify >>> environment mailbox date index ihave duplicate >>> protocols = imap pop3 lmtp sieve >>> service auth { >>> unix_listener /var/spool/postfix/private/auth { >>> group = postfix >>> mode = 0666 >>> user = postfix >>> } >>> unix_listener auth-userdb { >>> user = dovecot >>> } >>> } >>> service director { >>> fifo_listener login/proxy-notify { >>> mode = 0666 >>> } >>> inet_listener { >>> address = 172.17.1.3 >>> port = 9090 >>> } >>> unix_listener director-userdb { >>> mode = 0600 >>> } >>> unix_listener login/director { >>> mode = 0666 >>> } >>> } >>> service imap-login { >>> executable = imap-login director >>> process_min_avail = 1 >>> service_count = 0 >>> } >>> service lmtp { >>> inet_listener lmtp { >>> address = 172.17.1.3 >>> port = 24 >>> ssl = yes >>> } >>> process_min_avail = 20 >>> } >>> service managesieve-login { >>> executable = managesieve-login director >>> inet_listener sieve { >>> port = 4190 >>> } >>> } >>> service pop3-login { >>> executable = pop3-login director >>> } >>> ssl_cert = </etc/ssl/certs/certum_wildcard.pem >>> ssl_cipher_list >>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA >>> ssl_dh_parameters_length = 2048 >>> ssl_key = </etc/ssl/private/certum_wildcard.key >>> ssl_prefer_server_ciphers = yes >>> ssl_protocols = !SSLv3 !SSLv2 >>> verbose_proctitle = yes >>> protocol !smtp { >>> passdb { >>> args = proxy=y nopassword=y starttls=any-cert >>> driver = static >>> name >>> } >>> } >>> protocol smtp { >>> passdb { >>> args = /usr/local/etc/dovecot/dovecot-sql.conf.ext >>> driver = sql >>> name >>> } >>> userdb { >>> args = /usr/local/etc/dovecot/dovecot-sql.conf.ext >>> driver = sql >>> name >>> } >>> } >>> protocol lmtp { >>> auth_socket_path = director-userdb >>> } >>> >>> >>> ulimit -a >>> core file size (blocks, -c) 0 >>> data seg size (kbytes, -d) unlimited >>> scheduling priority (-e) 0 >>> file size (blocks, -f) unlimited >>> pending signals (-i) 257548 >>> max locked memory (kbytes, -l) 64 >>> max memory size (kbytes, -m) unlimited >>> open files (-n) 1024 >>> pipe size (512 bytes, -p) 8 >>> POSIX message queues (bytes, -q) 819200 >>> real-time priority (-r) 0 >>> stack size (kbytes, -s) 8192 >>> cpu time (seconds, -t) unlimited >>> max user processes (-u) 257548 >>> virtual memory (kbytes, -v) unlimited >>> file locks (-x) unlimited
Patrick Westenberg
2017-Aug-25 07:58 UTC
socketpair failed: Too many open files on Debian 9
Hi, I think LimitNOFILE=infinity solved my problem. No errors since almost two days. Thanks! Patrick Hajo Locke schrieb:> Hello, > > are you using systemd? May be you have to edit unit-file for > dovecotservice and increase filelimit > > LimitNOFILE=infinity > > Hajo > > Am 23.08.2017 um 14:21 schrieb Patrick Westenberg: >> I haven't done this on the old, working machine. >> >> So there must be a difference between Debian 7 and 9 how open files are >> handled? >> >> Regards >> Patrick >> >> >> >> Aki Tuomi schrieb: >>> You probably need to increase ulimit -n >>> >>> Aki >>> >>> >>> On 23.08.2017 14:10, Patrick Westenberg wrote: >>>> Hi @all, >>>> >>>> after re-installing one of my two frontends/proxy-servers I get the >>>> following error messages after some time (sometimes after 1h, sometimes >>>> after 24h): >>>> >>>> >>>> 11:23:55 imap-login: Error: socketpair() failed: Too many open files >>>> 11:23:55 imap-login: Error: socketpair() failed: Too many open files >>>> 11:23:56 imap-login: Error: socketpair() failed: Too many open files >>>> 11:23:56 imap-login: Error: socketpair() failed: Too many open files >>>> 11:23:57 imap-login: Error: socketpair() failed: Too many open files >>>> >>>> 11:26:17 imap-login: Error: socket() failed: Too many open files >>>> 11:26:17 imap-login: Error: proxy(post at example.com): >>>> connect(172.17.1.1, >>>> 143) failed: Too many open files (after 0 secs): >>>> user=<post at example.com>, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x, TLS, >>>> session=<FgPWTWhXa8dQjLoi> >>>> 11:26:17 imap-login: Error: socketpair() failed: Too many open files >>>> 11:26:17 imap-login: Error: proxy: SSL handshake failed to >>>> 172.17.1.1:143: user=<post at example.com>, method=PLAIN, rip=x.x.x.x, >>>> lip=x.x.x.x, TLS, session=<HALWTWhXasdQjLoi> >>>> 11:26:17 imap-login: Error: socket() failed: Too many open files >>>> 11:26:17 imap-login: Error: proxy(post at example.com): >>>> connect(172.17.1.1, >>>> 143) failed: Too many open files (after 0 secs): >>>> user=<post at example.com>, method=LOGIN, rip=x.x.x.x, lip=x.x.x.x, TLS, >>>> session=<HALWTWhXasdQjLoi> >>>> 11:26:17 imap-login: Error: socketpair() failed: Too many open files >>>> 11:26:17 imap-login: Error: proxy: SSL handshake failed to >>>> 172.17.1.1:143: user=<post at example.com>, method=LOGIN, rip=x.x.x.x, >>>> lip=x.x.x.x, TLS, session=<FgPWTWhXa8dQjLoi> >>>> 11:26:17 imap-login: Error: socket() failed: Too many open files >>>> >>>> >>>> As I switched from KVM to LXC my first idea was that this could be >>>> caused by LXC but this even happens with KVM. >>>> I tried dovecot 2.2.31 and 2.2.32.rc2. OS is Debian 9. >>>> >>>> These problems don't occur on my old machine (Debian 7). >>>> >>>> Any ideas? >>>> >>>> Regards >>>> Patrick >>>> >>>> >>>> >>>> >>>> # 2.2.32.rc2 (a350120ca): /usr/local/etc/dovecot/dovecot.conf >>>> # Pigeonhole version 0.4.19 (e5c7051) >>>> # OS: Linux 4.4.67-1-pve x86_64 Debian 9.1 >>>> auth_mechanisms = plain login >>>> director_mail_servers = 172.17.1.1 172.17.1.2 >>>> director_servers = 172.17.1.32 172.17.1.3 >>>> director_user_expire = 5 mins >>>> lmtp_proxy = yes >>>> log_path = /var/log/dovecot.log >>>> managesieve_notify_capability = mailto >>>> managesieve_sieve_capability = fileinto reject envelope >>>> encoded-character vacation subaddress comparator-i;ascii-numeric >>>> relational regex imap4flags copy include variables body enotify >>>> environment mailbox date index ihave duplicate mime foreverypart >>>> extracttext >>>> protocols = imap pop3 lmtp sieve >>>> service auth { >>>> unix_listener /var/spool/postfix/private/auth { >>>> group = postfix >>>> mode = 0666 >>>> user = postfix >>>> } >>>> unix_listener auth-userdb { >>>> user = dovecot >>>> } >>>> } >>>> service director { >>>> fifo_listener login/proxy-notify { >>>> mode = 0666 >>>> } >>>> inet_listener { >>>> address = 172.17.1.32 >>>> port = 9090 >>>> } >>>> unix_listener director-userdb { >>>> mode = 0600 >>>> } >>>> unix_listener login/director { >>>> mode = 0666 >>>> } >>>> } >>>> service imap-login { >>>> executable = imap-login director >>>> process_min_avail = 1 >>>> service_count = 0 >>>> } >>>> service lmtp { >>>> inet_listener lmtp { >>>> address = 172.17.1.32 >>>> port = 24 >>>> ssl = yes >>>> } >>>> process_min_avail = 20 >>>> } >>>> service managesieve-login { >>>> executable = managesieve-login director >>>> inet_listener sieve { >>>> port = 4190 >>>> } >>>> } >>>> service pop3-login { >>>> executable = pop3-login director >>>> } >>>> ssl_cert = </etc/ssl/certs/certum_wildcard.pem >>>> ssl_cipher_list >>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA >>>> >>>> ssl_dh_parameters_length = 2048 >>>> ssl_key = # hidden, use -P to show it >>>> ssl_prefer_server_ciphers = yes >>>> verbose_proctitle = yes >>>> protocol !smtp { >>>> passdb { >>>> args = proxy=y nopassword=y starttls=any-cert >>>> driver = static >>>> name >>>> } >>>> } >>>> protocol smtp { >>>> passdb { >>>> args = /usr/local/etc/dovecot/dovecot-sql.conf.ext >>>> driver = sql >>>> name >>>> } >>>> userdb { >>>> args = /usr/local/etc/dovecot/dovecot-sql.conf.ext >>>> driver = sql >>>> name >>>> } >>>> } >>>> protocol lmtp { >>>> auth_socket_path = director-userdb >>>> } >>>> >>>> ulimit -a >>>> core file size (blocks, -c) 0 >>>> data seg size (kbytes, -d) unlimited >>>> scheduling priority (-e) 0 >>>> file size (blocks, -f) unlimited >>>> pending signals (-i) 7978 >>>> max locked memory (kbytes, -l) 64 >>>> max memory size (kbytes, -m) unlimited >>>> open files (-n) 1024 >>>> pipe size (512 bytes, -p) 8 >>>> POSIX message queues (bytes, -q) 819200 >>>> real-time priority (-r) 0 >>>> stack size (kbytes, -s) 8192 >>>> cpu time (seconds, -t) unlimited >>>> max user processes (-u) 7978 >>>> virtual memory (kbytes, -v) unlimited >>>> file locks (-x) unlimited >>>> >>>> >>>> ########################### >>>> >>>> >>>> This machine has no problems: >>>> >>>> # 2.2.18: /usr/local/etc/dovecot/dovecot.conf >>>> # Pigeonhole version 0.4.8 (0c4ae064f307+) >>>> # OS: Linux 3.16.0-0.bpo.4-amd64 x86_64 Debian 7.11 >>>> auth_mechanisms = plain login >>>> director_mail_servers = 172.17.1.1 172.17.1.2 >>>> director_servers = 172.17.1.3 172.17.1.32 >>>> director_user_expire = 5 mins >>>> lmtp_proxy = yes >>>> log_path = /var/log/dovecot.log >>>> managesieve_notify_capability = mailto >>>> managesieve_sieve_capability = fileinto reject envelope >>>> encoded-character vacation subaddress comparator-i;ascii-numeric >>>> relational regex imap4flags copy include variables body enotify >>>> environment mailbox date index ihave duplicate >>>> protocols = imap pop3 lmtp sieve >>>> service auth { >>>> unix_listener /var/spool/postfix/private/auth { >>>> group = postfix >>>> mode = 0666 >>>> user = postfix >>>> } >>>> unix_listener auth-userdb { >>>> user = dovecot >>>> } >>>> } >>>> service director { >>>> fifo_listener login/proxy-notify { >>>> mode = 0666 >>>> } >>>> inet_listener { >>>> address = 172.17.1.3 >>>> port = 9090 >>>> } >>>> unix_listener director-userdb { >>>> mode = 0600 >>>> } >>>> unix_listener login/director { >>>> mode = 0666 >>>> } >>>> } >>>> service imap-login { >>>> executable = imap-login director >>>> process_min_avail = 1 >>>> service_count = 0 >>>> } >>>> service lmtp { >>>> inet_listener lmtp { >>>> address = 172.17.1.3 >>>> port = 24 >>>> ssl = yes >>>> } >>>> process_min_avail = 20 >>>> } >>>> service managesieve-login { >>>> executable = managesieve-login director >>>> inet_listener sieve { >>>> port = 4190 >>>> } >>>> } >>>> service pop3-login { >>>> executable = pop3-login director >>>> } >>>> ssl_cert = </etc/ssl/certs/certum_wildcard.pem >>>> ssl_cipher_list >>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA >>>> >>>> ssl_dh_parameters_length = 2048 >>>> ssl_key = </etc/ssl/private/certum_wildcard.key >>>> ssl_prefer_server_ciphers = yes >>>> ssl_protocols = !SSLv3 !SSLv2 >>>> verbose_proctitle = yes >>>> protocol !smtp { >>>> passdb { >>>> args = proxy=y nopassword=y starttls=any-cert >>>> driver = static >>>> name >>>> } >>>> } >>>> protocol smtp { >>>> passdb { >>>> args = /usr/local/etc/dovecot/dovecot-sql.conf.ext >>>> driver = sql >>>> name >>>> } >>>> userdb { >>>> args = /usr/local/etc/dovecot/dovecot-sql.conf.ext >>>> driver = sql >>>> name >>>> } >>>> } >>>> protocol lmtp { >>>> auth_socket_path = director-userdb >>>> } >>>> >>>> >>>> ulimit -a >>>> core file size (blocks, -c) 0 >>>> data seg size (kbytes, -d) unlimited >>>> scheduling priority (-e) 0 >>>> file size (blocks, -f) unlimited >>>> pending signals (-i) 257548 >>>> max locked memory (kbytes, -l) 64 >>>> max memory size (kbytes, -m) unlimited >>>> open files (-n) 1024 >>>> pipe size (512 bytes, -p) 8 >>>> POSIX message queues (bytes, -q) 819200 >>>> real-time priority (-r) 0 >>>> stack size (kbytes, -s) 8192 >>>> cpu time (seconds, -t) unlimited >>>> max user processes (-u) 257548 >>>> virtual memory (kbytes, -v) unlimited >>>> file locks (-x) unlimited