On Wed, 2006-09-06 at 11:39 -0400, Jeff A. Earickson wrote:
Gang,
I may have stumbled on a solution to the "too many open files" issue, but I am wondering about the security consequences. I changed login_process_per_connection from "yes" to "no". This makes a HUGE reduction in the number of imap-login processes, from ~200 down to the login_processes_count (currently the default of 3). It also made my "too many open files" syslog complaints vanish. Yippee!
But is there any serious security risk of login_process_per_connection=no?
Theoretically it's more risky, but as long as there are no security holes found from Dovecot (or OpenSSL if you're using that) it doesn't really make a difference.
As for "too many open files" you probably could have increased the max. file count for dovecot process. Don't know how it's done in Solaris (ulimit -n 10000 before running dovecot?)