On Mon, Mar 31, 2003 at 02:19:27PM -0500, Charlie Brady wrote:
On Mon, 31 Mar 2003, Mark E. Mallett wrote:
The only way to make the services start responding again is to stop and restart the dovecot suite of control processes. dovecot suite of control processes.
Or you can run things my way (under tcpserver/stunnel/imapfront-auth) and there's one dovecot process for each connection, each unrelated. This illustrates my point about re-using already well trusted simple programs to do as much of the task as possible.
yep- this kind of brings us full circle back to my original message :-) (I had mentioned that this kind of problem may be less likely with a tcpserver approach).
Although the distinction is not between using well-trusted simple programs vs large monolitic ones, but how you access those simple programs. Do you use a long-running auth process and talk to it via a UNIX socket (or other inteface), or fire up a new auth process for each need? Personally I'm with you: unless there's an awful lot of state or caching or other long-term need that you lose by creating a new auth process each time (e.g. like innd's "actived" process), I'd vote for a one-time short-running auth process.
Raising the openfiles limit certainly pushes off the problem, and maybe that's a good enough workaround (as long as there's always a higher limit availble...)
... which is something that you can *never* assume.
Amen
mm