On 4.1.2007, at 0.34, Steven F Siirila wrote:
Each imap-login and pop3-login connects to dovecot-auth. So if you've about 250 SSL/TLS connections, or 250 users logging in at the same time, and login_process_per_connection=yes, I guess this could happen. So login_process_per_connection=no should work around this.
First off, we don't allow non-SSL/TLS connections. When you say "I guess this could happen" are you saying that there
might be a file descriptor leak? Is it normal to have hundreds of file
descriptors in used by the master dovecot and the dovecot-auth process? What
is the formula for how many file descriptors I SHOULD be seeing in use
concurrently for master dovecot, dovecot-auth, etc.?
Each child process has a log output pipe open to master process.
Each imap-login and pop3-login process has an UNIX socket opened to
dovecot-auth process. After user has logged in, the process is only
proxying the SSL/TLS connections. After that it doesn't really need
to have the socket open for dovecot-auth, but currently it does.. I
hadn't thought about this before. This patch should fix it:
http://dovecot.org/list/dovecot-cvs/2007-January/007326.html
I will try switching to login_process_per_connection=no, hoping
that the problem with file descriptors doesn't move from dovecot-auth to
imap-login !
If you do that, you should also increase login_processes_count.
I don't see why crypt() want to open any files though.
Me either. Doesn't the error message imply that crypt is calling
fdopen?
Yep. Maybe it's connecting to some daemon that handles the crypting.
Or something..