[Dovecot] Inotify max_user_instances
Maybe I have multiple problems - dunno.
I've started seeing the following log lines: Mar 7 07:46:22 bubba dovecot: imap(dmiller@amfes.com): Warning: Inotify instance limit for user 5000 (UID vmail) exceeded, disabling. Increase /proc/sys/fs/inotify/max_user_instances
max_user_instances is currently 128.
I've tried stopping and restarting dovecot - the message immediately returns. I could just increase max_user_instances - but I'd like to understand what the number SHOULD be and why simply restarting Dovecot doesn't fix it. If this issue is for user "vmail" this is used by mail services only - and I've only got a few users on my system.
I'm also fighting a netfilter issue - my connection tracking counters keep climbing. Don't know if this is in any way related.
-- Daniel
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 7 Mar 2013, Daniel L. Miller wrote:
Maybe I have multiple problems - dunno.
I've started seeing the following log lines: Mar 7 07:46:22 bubba dovecot: imap(dmiller@amfes.com): Warning: Inotify instance limit for user 5000 (UID vmail) exceeded, disabling. Increase /proc/sys/fs/inotify/max_user_instances
max_user_instances is currently 128.
I've tried stopping and restarting dovecot - the message immediately returns. I could just increase max_user_instances - but I'd like to understand what the number SHOULD be and why simply restarting Dovecot doesn't fix it. If this issue is for user "vmail" this is used by mail services only - and I've only got a few users on my system.
see http://stackoverflow.com/questions/11110245/inotify-fd-why-is-the-limit-per-...
Dovecot needs one inotify entity per IDLE, maybe more for internal purposes. So in theory, you will need: <max number of simultaneous users>
- <number of watched mailboxes per users> + <fixed amount>, because you use one _system_ user for all IMAP-users.
I'm also fighting a netfilter issue - my connection tracking counters keep climbing. Don't know if this is in any way related.
Do you use NAT on the same machine? Or some intrusion detection system? When you get many short connections, esp. UDP ones, the connection tracker fills up easily.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUTmh3l3r2wJMiz2NAQLrDAgAmeGRMX2i+ZTJcpK4elivCorxYwfuI9uu ZUf0dpGI+KBEGMbaYaBYNiW1PtrGlxLXgpNOAl4nYtMhwzULX46CkU6aefGrGLZy 44DrkyHqqgnKhr3AGnr1Hofq4BZkpuPVx+RAiU5bg1wyYyUh90GEEw+SlonJSg7r rxWB70rfVrWmoY6HbE3CcEg2ZZEFmgKlRHuNBinzfBj8VQbwQ8qL2/HErGY9MIvk etyR1cv1FRYjOq68/G2axPRZO5C+0tmjW4lUeAl1fDIEDR8U3xsRZhGlhdlgxC/c ojxpVvOTrzAw1H+bfqWzX/SmN59H0k+dOh/c1iK+Olc7gh6+PyJ4+w== =cnZt -----END PGP SIGNATURE-----
On 3/8/2013 12:31 AM, Steffen Kaiser wrote:
see http://stackoverflow.com/questions/11110245/inotify-fd-why-is-the-limit-per-...
Dovecot needs one inotify entity per IDLE, maybe more for internal purposes. So in theory, you will need: <max number of simultaneous users> * <number of watched mailboxes per users> + <fixed amount>, because you use one _system_ user for all IMAP-users.
Thanks. I actually had this increased previously - but for whatever reason my sysctl.d/60-inotify.conf didn't get applied last reboot.
I'm also fighting a netfilter issue - my connection tracking counters keep climbing. Don't know if this is in any way related.
Do you use NAT on the same machine? Or some intrusion detection system? When you get many short connections, esp. UDP ones, the connection tracker fills up easily.
Yes and Yes. Could fail2ban be hurting more than it's helping?
-- Daniel
participants (2)
-
Daniel L. Miller
-
Steffen Kaiser