Replication

[Shawn Heisey]

On 9/5/22 08:18, Silvio Siefke wrote:
> On Mon, 5 Sep 2022 14:59:01 +0200
> Narcis Garcia <debianlists at actiu.net> wrote:
>
>> I SEE THIS IN LOG COPY:
>>
>> Sep  5 18:02:18 asia dovecot: replicator: Panic: data stack: Out of
>> memory when allocating 268435496 bytes
> Yes but Memory is enough free. I had follow the link

It is very likely virtual memory (just address space, not actual memory) 
that cannot be allocated.  Dovecot restricts the amount of virtual 
memory it can allocate ... something that most programs do not do.  This 
makes it possible to prevent a certain class of bug from using all the 
memory.  I think it defaults to 256M which would be 268435456 bytes.  
Just a tiny bit less than the amount in the error message.

I think the setting in the link would only affect the replicator, not 
all of dovecot.  Your error does indicate it is the replicator that had 
the problem, but I think setting the limit more globally would be 
desirable.  If I have the wrong idea here, can someone please let me know?

In my config, I set default_vsz_limit and one instance of vsz_limit to 
1024M because I was running into a very similar error message.  I could 
probably remove the explicit vsz_limit setting because I set the 
default, but I haven't tried it, and this config works:

-----------------------------------------
elyograg at bilbo:/etc/dovecot$ cat conf.d/10-master.conf
#default_process_limit = 100
#default_client_limit = 1000

# Default VSZ (virtual memory size) limit for service processes. This is 
mainly
# intended to catch and kill processes that leak memory before they eat up
# everything.
default_vsz_limit = 1024M

# Login user is internally used by login processes. This is the most 
untrusted
# user in Dovecot system. It shouldn't have access to anything at all.
#default_login_user = dovenull

# Internal user is used by unprivileged processes. It should be separate 
from
# login user, so that login processes can't disturb other processes.
#default_internal_user = dovecot

service imap-login {
   inet_listener imap {
     #port = 143
   }
   inet_listener imaps {
     #port = 993
     #ssl = yes
   }

   # Number of connections to handle before starting a new process. 
Typically
   # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
   # is faster. <doc/wiki/LoginProcess.txt>
   #service_count = 1

   # Number of processes to always keep waiting for more connections.
   #process_min_avail = 0

   # If you set service_count=0, you probably need to grow this.
   #vsz_limit = $default_vsz_limit
}

#service pop3-login {
#  inet_listener pop3 {
#    #port = 110
#  }
#  inet_listener pop3s {
#    #port = 995
#    #ssl = yes
#  }
#}

service lmtp {
   unix_listener lmtp {
     #mode = 0666
   }

   # Create inet listener only if you can't use the above UNIX socket
   #inet_listener lmtp {
     # Avoid making LMTP visible for the entire internet
     #address =
     #port =
   #}
}

service imap {
   # Most of the memory goes to mmap()ing files. You may need to 
increase this
   # limit if you have huge mailboxes.
   vsz_limit = 1024M

   # Max. number of IMAP processes (connections)
   #process_limit = 1024
}

service pop3 {
   # Max. number of POP3 processes (connections)
   #process_limit = 1024
}

service auth {
   # auth_socket_path points to this userdb socket by default. It's 
typically
   # used by dovecot-lda, doveadm, possibly imap process, etc. Users 
that have
   # full permissions to this socket are able to get a list of all 
usernames and
   # get the results of everyone's userdb lookups.
   #
   # The default 0666 mode allows anyone to connect to the socket, but the
   # userdb lookups will succeed only if the userdb returns an "uid" 
field that
   # matches the caller process's UID. Also if caller's uid or gid 
matches the
   # socket's uid or gid the lookup succeeds. Anything else causes a 
failure.
   #
   # To give the caller full permissions to lookup all users, set the 
mode to
   # something else than 0666 and Dovecot lets the kernel enforce the
   # permissions (e.g. 0777 allows everyone full permissions).
   unix_listener auth-userdb {
     mode = 0666
     user = vmail
     group = mail
   }

   # Postfix smtp-auth
   unix_listener /var/spool/postfix/private/auth {
     mode = 0666
     user = postfix
     group = postfix
   }

   # Auth process is run as this user.
   #user = $default_internal_user
}

service auth-worker {
   # Auth worker process is run as root by default, so that it can access
   # /etc/shadow. If this isn't necessary, the user should be changed to
   # $default_internal_user.
   #user = root
}

service dict {
   # If dict proxy is used, mail processes should have access to its socket.
   # For example: mode=0660, group=vmail and global mail_access_groups=vmail
   unix_listener dict {
     mode = 0660
     user = vmail
     group = postfix
   }
}
elyograg at bilbo:/etc/dovecot$
-----------------------------------------

Thanks,
Shawn