On 24 mai 06, at 11:55, Rob Middleton wrote:
You need to look at the parameters: sysctl -a kern.maxfiles = 12288 kern.maxfilesperproc = 10240 and fix them by creating a file /etc/sysctl.conf
Ah, thanks, this is good to know.
OS X is configured by default with these numbers way too low. OS X
has some really dumb processes like AFP that will chew through all
of your open files and not cope cleanly with running out of
allowable/available filehandles.OS X has a DoS vulnerability in the way ssh processes are spawned
and the ssh interaction with their PAM modules (it exhibits with
the symptoms you have described). Have you really got port 22
blocked from the outside world?? Have you tested that? Consider
running ssh on an alternate port if running OS X server (as Apple's
GUI config tools for the firewall don't always allow you to block
port 22).
I do not have port 22 blocked, and I unfortunately need to use it.
Do consider running your mail services off a machine that is not a
Mac OS X server. OS X server is merely OS X client/workstation with
a pretty management utility for some 'nix services. It is not
stable under high load -- and it is not even stable under moderate
load without numerous performance tweaks (it doesn't cope at all
well if the disk queue goes up a touch or loadavg is at all
interesting - ie it degrades poorly under load).
I'll keep this in mind.
Thanks again,
Alan
-- Alan Schmitt http://alan.petitepomme.net/
The hacker: someone who figured things out and made something cool
happen.
.O.
..O
OOO