On 9/5/22 08:18, Silvio Siefke wrote:> On Mon, 5 Sep 2022 14:59:01 +0200
> Narcis Garcia <debianlists at actiu.net> wrote:
>
>> I SEE THIS IN LOG COPY:
>>
>> Sep 5 18:02:18 asia dovecot: replicator: Panic: data stack: Out of
>> memory when allocating 268435496 bytes
> Yes but Memory is enough free. I had follow the link
It is very likely virtual memory (just address space, not actual memory)
that cannot be allocated.? Dovecot restricts the amount of virtual
memory it can allocate ... something that most programs do not do.? This
makes it possible to prevent a certain class of bug from using all the
memory.? I think it defaults to 256M which would be 268435456 bytes.?
Just a tiny bit less than the amount in the error message.
I think the setting in the link would only affect the replicator, not
all of dovecot.? Your error does indicate it is the replicator that had
the problem, but I think setting the limit more globally would be
desirable.? If I have the wrong idea here, can someone please let me know?
In my config, I set default_vsz_limit and one instance of vsz_limit to
1024M because I was running into a very similar error message.? I could
probably remove the explicit vsz_limit setting because I set the
default, but I haven't tried it, and this config works:
-----------------------------------------
elyograg at bilbo:/etc/dovecot$ cat conf.d/10-master.conf
#default_process_limit = 100
#default_client_limit = 1000
# Default VSZ (virtual memory size) limit for service processes. This is
mainly
# intended to catch and kill processes that leak memory before they eat up
# everything.
default_vsz_limit = 1024M
# Login user is internally used by login processes. This is the most
untrusted
# user in Dovecot system. It shouldn't have access to anything at all.
#default_login_user = dovenull
# Internal user is used by unprivileged processes. It should be separate
from
# login user, so that login processes can't disturb other processes.
#default_internal_user = dovecot
service imap-login {
? inet_listener imap {
??? #port = 143
? }
? inet_listener imaps {
??? #port = 993
??? #ssl = yes
? }
? # Number of connections to handle before starting a new process.
Typically
? # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
? # is faster. <doc/wiki/LoginProcess.txt>
? #service_count = 1
? # Number of processes to always keep waiting for more connections.
? #process_min_avail = 0
? # If you set service_count=0, you probably need to grow this.
? #vsz_limit = $default_vsz_limit
}
#service pop3-login {
#? inet_listener pop3 {
#??? #port = 110
#? }
#? inet_listener pop3s {
#??? #port = 995
#??? #ssl = yes
#? }
#}
service lmtp {
? unix_listener lmtp {
??? #mode = 0666
? }
? # Create inet listener only if you can't use the above UNIX socket
? #inet_listener lmtp {
??? # Avoid making LMTP visible for the entire internet
??? #address ??? #port ? #}
}
service imap {
? # Most of the memory goes to mmap()ing files. You may need to
increase this
? # limit if you have huge mailboxes.
? vsz_limit = 1024M
? # Max. number of IMAP processes (connections)
? #process_limit = 1024
}
service pop3 {
? # Max. number of POP3 processes (connections)
? #process_limit = 1024
}
service auth {
? # auth_socket_path points to this userdb socket by default. It's
typically
? # used by dovecot-lda, doveadm, possibly imap process, etc. Users
that have
? # full permissions to this socket are able to get a list of all
usernames and
? # get the results of everyone's userdb lookups.
? #
? # The default 0666 mode allows anyone to connect to the socket, but the
? # userdb lookups will succeed only if the userdb returns an "uid"
field that
? # matches the caller process's UID. Also if caller's uid or gid
matches the
? # socket's uid or gid the lookup succeeds. Anything else causes a
failure.
? #
? # To give the caller full permissions to lookup all users, set the
mode to
? # something else than 0666 and Dovecot lets the kernel enforce the
? # permissions (e.g. 0777 allows everyone full permissions).
? unix_listener auth-userdb {
??? mode = 0666
??? user = vmail
??? group = mail
? }
? # Postfix smtp-auth
? unix_listener /var/spool/postfix/private/auth {
??? mode = 0666
??? user = postfix
??? group = postfix
? }
? # Auth process is run as this user.
? #user = $default_internal_user
}
service auth-worker {
? # Auth worker process is run as root by default, so that it can access
? # /etc/shadow. If this isn't necessary, the user should be changed to
? # $default_internal_user.
? #user = root
}
service dict {
? # If dict proxy is used, mail processes should have access to its socket.
? # For example: mode=0660, group=vmail and global mail_access_groups=vmail
? unix_listener dict {
??? mode = 0660
??? user = vmail
??? group = postfix
? }
}
elyograg at bilbo:/etc/dovecot$
-----------------------------------------
Thanks,
Shawn