On 9/5/22 08:18, Silvio Siefke wrote:
On Mon, 5 Sep 2022 14:59:01 +0200 Narcis Garcia <debianlists@actiu.net> wrote:
I SEE THIS IN LOG COPY:
Sep 5 18:02:18 asia dovecot: replicator: Panic: data stack: Out of memory when allocating 268435496 bytes Yes but Memory is enough free. I had follow the link
It is very likely virtual memory (just address space, not actual memory) that cannot be allocated. Dovecot restricts the amount of virtual memory it can allocate ... something that most programs do not do. This makes it possible to prevent a certain class of bug from using all the memory. I think it defaults to 256M which would be 268435456 bytes. Just a tiny bit less than the amount in the error message.
I think the setting in the link would only affect the replicator, not all of dovecot. Your error does indicate it is the replicator that had the problem, but I think setting the limit more globally would be desirable. If I have the wrong idea here, can someone please let me know?
In my config, I set default_vsz_limit and one instance of vsz_limit to 1024M because I was running into a very similar error message. I could probably remove the explicit vsz_limit setting because I set the default, but I haven't tried it, and this config works:
elyograg@bilbo:/etc/dovecot$ cat conf.d/10-master.conf #default_process_limit = 100 #default_client_limit = 1000
# Default VSZ (virtual memory size) limit for service processes. This is mainly # intended to catch and kill processes that leak memory before they eat up # everything. default_vsz_limit = 1024M
# Login user is internally used by login processes. This is the most untrusted # user in Dovecot system. It shouldn't have access to anything at all. #default_login_user = dovenull
# Internal user is used by unprivileged processes. It should be separate from # login user, so that login processes can't disturb other processes. #default_internal_user = dovecot
service imap-login { inet_listener imap { #port = 143 } inet_listener imaps { #port = 993 #ssl = yes }
# Number of connections to handle before starting a new process. Typically # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0 # is faster. <doc/wiki/LoginProcess.txt> #service_count = 1
# Number of processes to always keep waiting for more connections. #process_min_avail = 0
# If you set service_count=0, you probably need to grow this. #vsz_limit = $default_vsz_limit }
#service pop3-login { # inet_listener pop3 { # #port = 110 # } # inet_listener pop3s { # #port = 995 # #ssl = yes # } #}
service lmtp { unix_listener lmtp { #mode = 0666 }
# Create inet listener only if you can't use the above UNIX socket #inet_listener lmtp { # Avoid making LMTP visible for the entire internet #address = #port = #} }
service imap { # Most of the memory goes to mmap()ing files. You may need to increase this # limit if you have huge mailboxes. vsz_limit = 1024M
# Max. number of IMAP processes (connections) #process_limit = 1024 }
service pop3 { # Max. number of POP3 processes (connections) #process_limit = 1024 }
service auth { # auth_socket_path points to this userdb socket by default. It's typically # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have # full permissions to this socket are able to get a list of all usernames and # get the results of everyone's userdb lookups. # # The default 0666 mode allows anyone to connect to the socket, but the # userdb lookups will succeed only if the userdb returns an "uid" field that # matches the caller process's UID. Also if caller's uid or gid matches the # socket's uid or gid the lookup succeeds. Anything else causes a failure. # # To give the caller full permissions to lookup all users, set the mode to # something else than 0666 and Dovecot lets the kernel enforce the # permissions (e.g. 0777 allows everyone full permissions). unix_listener auth-userdb { mode = 0666 user = vmail group = mail }
# Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix group = postfix }
# Auth process is run as this user. #user = $default_internal_user }
service auth-worker { # Auth worker process is run as root by default, so that it can access # /etc/shadow. If this isn't necessary, the user should be changed to # $default_internal_user. #user = root }
service dict { # If dict proxy is used, mail processes should have access to its socket. # For example: mode=0660, group=vmail and global mail_access_groups=vmail unix_listener dict { mode = 0660 user = vmail group = postfix } } elyograg@bilbo:/etc/dovecot$
Thanks, Shawn