socketpair failed: Too many open files on Debian 9

Wed Aug 23 15:41:12 EEST 2017

Hello,

are you using systemd? May be you have to edit unit-file for 
dovecotservice and increase filelimit

LimitNOFILE=infinity

Hajo

Am 23.08.2017 um 14:21 schrieb Patrick Westenberg:
> I haven't done this on the old, working machine.
>
> So there must be a difference between Debian 7 and 9 how open files are
> handled?
>
> Regards
> Patrick
>
>
>
> Aki Tuomi schrieb:
>> You probably need to increase ulimit -n
>>
>> Aki
>>
>>
>> On 23.08.2017 14:10, Patrick Westenberg wrote:
>>> Hi @all,
>>>
>>> after re-installing one of my two frontends/proxy-servers I get the
>>> following error messages after some time (sometimes after 1h, sometimes
>>> after 24h):
>>>
>>>
>>> 11:23:55 imap-login: Error: socketpair() failed: Too many open files
>>> 11:23:55 imap-login: Error: socketpair() failed: Too many open files
>>> 11:23:56 imap-login: Error: socketpair() failed: Too many open files
>>> 11:23:56 imap-login: Error: socketpair() failed: Too many open files
>>> 11:23:57 imap-login: Error: socketpair() failed: Too many open files
>>>
>>> 11:26:17 imap-login: Error: socket() failed: Too many open files
>>> 11:26:17 imap-login: Error: proxy(post at example.com): connect(172.17.1.1,
>>> 143) failed: Too many open files (after 0 secs):
>>> user=<post at example.com>, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x, TLS,
>>> session=<FgPWTWhXa8dQjLoi>
>>> 11:26:17 imap-login: Error: socketpair() failed: Too many open files
>>> 11:26:17 imap-login: Error: proxy: SSL handshake failed to
>>> 172.17.1.1:143: user=<post at example.com>, method=PLAIN, rip=x.x.x.x,
>>> lip=x.x.x.x, TLS, session=<HALWTWhXasdQjLoi>
>>> 11:26:17 imap-login: Error: socket() failed: Too many open files
>>> 11:26:17 imap-login: Error: proxy(post at example.com): connect(172.17.1.1,
>>> 143) failed: Too many open files (after 0 secs):
>>> user=<post at example.com>, method=LOGIN, rip=x.x.x.x, lip=x.x.x.x, TLS,
>>> session=<HALWTWhXasdQjLoi>
>>> 11:26:17 imap-login: Error: socketpair() failed: Too many open files
>>> 11:26:17 imap-login: Error: proxy: SSL handshake failed to
>>> 172.17.1.1:143: user=<post at example.com>, method=LOGIN, rip=x.x.x.x,
>>> lip=x.x.x.x, TLS, session=<FgPWTWhXa8dQjLoi>
>>> 11:26:17 imap-login: Error: socket() failed: Too many open files
>>>
>>>
>>> As I switched from KVM to LXC my first idea was that this could be
>>> caused by LXC but this even happens with KVM.
>>> I tried dovecot 2.2.31 and 2.2.32.rc2. OS is Debian 9.
>>>
>>> These problems don't occur on my old machine (Debian 7).
>>>
>>> Any ideas?
>>>
>>> Regards
>>> Patrick
>>>
>>>
>>>
>>>
>>> # 2.2.32.rc2 (a350120ca): /usr/local/etc/dovecot/dovecot.conf
>>> # Pigeonhole version 0.4.19 (e5c7051)
>>> # OS: Linux 4.4.67-1-pve x86_64 Debian 9.1
>>> auth_mechanisms = plain login
>>> director_mail_servers = 172.17.1.1 172.17.1.2
>>> director_servers = 172.17.1.32 172.17.1.3
>>> director_user_expire = 5 mins
>>> lmtp_proxy = yes
>>> log_path = /var/log/dovecot.log
>>> managesieve_notify_capability = mailto
>>> managesieve_sieve_capability = fileinto reject envelope
>>> encoded-character vacation subaddress comparator-i;ascii-numeric
>>> relational regex imap4flags copy include variables body enotify
>>> environment mailbox date index ihave duplicate mime foreverypart extracttext
>>> protocols = imap pop3 lmtp sieve
>>> service auth {
>>>    unix_listener /var/spool/postfix/private/auth {
>>>      group = postfix
>>>      mode = 0666
>>>      user = postfix
>>>    }
>>>    unix_listener auth-userdb {
>>>      user = dovecot
>>>    }
>>> }
>>> service director {
>>>    fifo_listener login/proxy-notify {
>>>      mode = 0666
>>>    }
>>>    inet_listener {
>>>      address = 172.17.1.32
>>>      port = 9090
>>>    }
>>>    unix_listener director-userdb {
>>>      mode = 0600
>>>    }
>>>    unix_listener login/director {
>>>      mode = 0666
>>>    }
>>> }
>>> service imap-login {
>>>    executable = imap-login director
>>>    process_min_avail = 1
>>>    service_count = 0
>>> }
>>> service lmtp {
>>>    inet_listener lmtp {
>>>      address = 172.17.1.32
>>>      port = 24
>>>      ssl = yes
>>>    }
>>>    process_min_avail = 20
>>> }
>>> service managesieve-login {
>>>    executable = managesieve-login director
>>>    inet_listener sieve {
>>>      port = 4190
>>>    }
>>> }
>>> service pop3-login {
>>>    executable = pop3-login director
>>> }
>>> ssl_cert = </etc/ssl/certs/certum_wildcard.pem
>>> ssl_cipher_list =
>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
>>> ssl_dh_parameters_length = 2048
>>> ssl_key =  # hidden, use -P to show it
>>> ssl_prefer_server_ciphers = yes
>>> verbose_proctitle = yes
>>> protocol !smtp {
>>>    passdb {
>>>      args = proxy=y nopassword=y starttls=any-cert
>>>      driver = static
>>>      name =
>>>    }
>>> }
>>> protocol smtp {
>>>    passdb {
>>>      args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
>>>      driver = sql
>>>      name =
>>>    }
>>>    userdb {
>>>      args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
>>>      driver = sql
>>>      name =
>>>    }
>>> }
>>> protocol lmtp {
>>>    auth_socket_path = director-userdb
>>> }
>>>
>>> ulimit -a
>>> core file size          (blocks, -c) 0
>>> data seg size           (kbytes, -d) unlimited
>>> scheduling priority             (-e) 0
>>> file size               (blocks, -f) unlimited
>>> pending signals                 (-i) 7978
>>> max locked memory       (kbytes, -l) 64
>>> max memory size         (kbytes, -m) unlimited
>>> open files                      (-n) 1024
>>> pipe size            (512 bytes, -p) 8
>>> POSIX message queues     (bytes, -q) 819200
>>> real-time priority              (-r) 0
>>> stack size              (kbytes, -s) 8192
>>> cpu time               (seconds, -t) unlimited
>>> max user processes              (-u) 7978
>>> virtual memory          (kbytes, -v) unlimited
>>> file locks                      (-x) unlimited
>>>
>>>
>>> ###########################
>>>
>>>
>>> This machine has no problems:
>>>
>>> # 2.2.18: /usr/local/etc/dovecot/dovecot.conf
>>> # Pigeonhole version 0.4.8 (0c4ae064f307+)
>>> # OS: Linux 3.16.0-0.bpo.4-amd64 x86_64 Debian 7.11
>>> auth_mechanisms = plain login
>>> director_mail_servers = 172.17.1.1 172.17.1.2
>>> director_servers = 172.17.1.3 172.17.1.32
>>> director_user_expire = 5 mins
>>> lmtp_proxy = yes
>>> log_path = /var/log/dovecot.log
>>> managesieve_notify_capability = mailto
>>> managesieve_sieve_capability = fileinto reject envelope
>>> encoded-character vacation subaddress comparator-i;ascii-numeric
>>> relational regex imap4flags copy include variables body enotify
>>> environment mailbox date index ihave duplicate
>>> protocols = imap pop3 lmtp sieve
>>> service auth {
>>>    unix_listener /var/spool/postfix/private/auth {
>>>      group = postfix
>>>      mode = 0666
>>>      user = postfix
>>>    }
>>>    unix_listener auth-userdb {
>>>      user = dovecot
>>>    }
>>> }
>>> service director {
>>>    fifo_listener login/proxy-notify {
>>>      mode = 0666
>>>    }
>>>    inet_listener {
>>>      address = 172.17.1.3
>>>      port = 9090
>>>    }
>>>    unix_listener director-userdb {
>>>      mode = 0600
>>>    }
>>>    unix_listener login/director {
>>>      mode = 0666
>>>    }
>>> }
>>> service imap-login {
>>>    executable = imap-login director
>>>    process_min_avail = 1
>>>    service_count = 0
>>> }
>>> service lmtp {
>>>    inet_listener lmtp {
>>>      address = 172.17.1.3
>>>      port = 24
>>>      ssl = yes
>>>    }
>>>    process_min_avail = 20
>>> }
>>> service managesieve-login {
>>>    executable = managesieve-login director
>>>    inet_listener sieve {
>>>      port = 4190
>>>    }
>>> }
>>> service pop3-login {
>>>    executable = pop3-login director
>>> }
>>> ssl_cert = </etc/ssl/certs/certum_wildcard.pem
>>> ssl_cipher_list =
>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
>>> ssl_dh_parameters_length = 2048
>>> ssl_key = </etc/ssl/private/certum_wildcard.key
>>> ssl_prefer_server_ciphers = yes
>>> ssl_protocols = !SSLv3 !SSLv2
>>> verbose_proctitle = yes
>>> protocol !smtp {
>>>    passdb {
>>>      args = proxy=y nopassword=y starttls=any-cert
>>>      driver = static
>>>      name =
>>>    }
>>> }
>>> protocol smtp {
>>>    passdb {
>>>      args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
>>>      driver = sql
>>>      name =
>>>    }
>>>    userdb {
>>>      args = /usr/local/etc/dovecot/dovecot-sql.conf.ext
>>>      driver = sql
>>>      name =
>>>    }
>>> }
>>> protocol lmtp {
>>>    auth_socket_path = director-userdb
>>> }
>>>
>>>
>>> ulimit -a
>>> core file size          (blocks, -c) 0
>>> data seg size           (kbytes, -d) unlimited
>>> scheduling priority             (-e) 0
>>> file size               (blocks, -f) unlimited
>>> pending signals                 (-i) 257548
>>> max locked memory       (kbytes, -l) 64
>>> max memory size         (kbytes, -m) unlimited
>>> open files                      (-n) 1024
>>> pipe size            (512 bytes, -p) 8
>>> POSIX message queues     (bytes, -q) 819200
>>> real-time priority              (-r) 0
>>> stack size              (kbytes, -s) 8192
>>> cpu time               (seconds, -t) unlimited
>>> max user processes              (-u) 257548
>>> virtual memory          (kbytes, -v) unlimited
>>> file locks                      (-x) unlimited