[Dovecot] Can`t get over 1024 processes
Hello,
I have configuration question. Running FreeBSD 9.0 / AMD64 / Dovecot 2.1.8 version and cannot get over 1024 processes. I`ve increased process_limit in imap and pop3 and still have messages in syslog like: maxproc limit exceeded by uid 89, please see tuning(7) and login.conf(5). Did I forget to increase some other value? System values are higher - kern.maxprocperuid: 8192 and kern.maxproc: 12288
I`d like to have more secure configuration > one process to one connection.
Thanks for help.
Tomas
My config:
# OS: FreeBSD 9.0-STABLE amd64 auth_mechanisms = plain login digest-md5 cram-md5 default_client_limit = 6200 default_process_limit = 4096 disable_plaintext_auth = no first_valid_gid = 89 first_valid_uid = 89 info_log_path = /var/log/dovecot-info.log last_valid_gid = 89 last_valid_uid = 89 listen = * log_timestamp = "%Y-%m-%d %H:%M:%S " login_greeting = Mail Toaster (Dovecot) ready. mail_location = maildir:~/Maildir mail_privileged_group = mail maildir_broken_filename_sizes = yes passdb { driver = vpopmail } plugin { quota = maildir quota_rule = Trash:ignore } protocols = imap pop3 service auth { unix_listener auth-client { mode = 0660 } unix_listener auth-master { mode = 0600 } } service imap-login { process_limit = 1536 service_count = 1 } service imap { process_limit = 2048 } service pop3-login { service_count = 1 } service pop3 { process_limit = 2048 } shutdown_clients = no ssl_cert =
-- Tomáš Randa, Blueboard.cz s.r.o.
http://hosting.blueboard.cz GSM: +420 775 086 575 Jabber: tomas@blueboard.cz Tel: +420 245 008 678
-- Tomáš Randa, Blueboard.cz s.r.o.
http://hosting.blueboard.cz GSM: +420 775 086 575 Jabber: tomas@blueboard.cz Tel: +420 245 008 678
On 17.9.2012, at 17.40, Tomáš Randa wrote:
Hello,
I have configuration question. Running FreeBSD 9.0 / AMD64 / Dovecot 2.1.8 version and cannot get over 1024 processes. I`ve increased process_limit in imap and pop3 and still have messages in syslog like: maxproc limit exceeded by uid 89, please see tuning(7) and login.conf(5). Did I forget to increase some other value? System values are higher - kern.maxprocperuid: 8192 and kern.maxproc: 12288
That message comes from the kernel. Dovecot doesn't use login.conf. You need to set ulimit -u manually (= in init.d script) before starting Dovecot.
Hello,
thanks for answer! I know that message come from kernel. But I have set ulimit -u to 8192 for uid 89, so I think I forgot to increase some value in dovecot.conf..
Tomas R.
Dne 17.09.12 16:46, Timo Sirainen napsal(a):
On 17.9.2012, at 17.40, Tomáš Randa wrote:
Hello,
I have configuration question. Running FreeBSD 9.0 / AMD64 / Dovecot 2.1.8 version and cannot get over 1024 processes. I`ve increased process_limit in imap and pop3 and still have messages in syslog like: maxproc limit exceeded by uid 89, please see tuning(7) and login.conf(5). Did I forget to increase some other value? System values are higher - kern.maxprocperuid: 8192 and kern.maxproc: 12288 That message comes from the kernel. Dovecot doesn't use login.conf. You need to set ulimit -u manually (= in init.d script) before starting Dovecot.
Where did you set the ulimit -u? It doesn't seem to be used by Dovecot processes. In any case there's nothing in dovecot.conf that can help you.
On 17.9.2012, at 18.10, Tomáš Randa wrote:
Hello,
thanks for answer! I know that message come from kernel. But I have set ulimit -u to 8192 for uid 89, so I think I forgot to increase some value in dovecot.conf..
Tomas R.
Dne 17.09.12 16:46, Timo Sirainen napsal(a):
On 17.9.2012, at 17.40, Tomáš Randa wrote:
Hello,
I have configuration question. Running FreeBSD 9.0 / AMD64 / Dovecot 2.1.8 version and cannot get over 1024 processes. I`ve increased process_limit in imap and pop3 and still have messages in syslog like: maxproc limit exceeded by uid 89, please see tuning(7) and login.conf(5). Did I forget to increase some other value? System values are higher - kern.maxprocperuid: 8192 and kern.maxproc: 12288 That message comes from the kernel. Dovecot doesn't use login.conf. You need to set ulimit -u manually (= in init.d script) before starting Dovecot.
On FreeBSD in standard behavior is basic user limit set by sysctl kern.maxprocperuid, which is standard to 5547 and I increased it to 8192. When I run under UID 89 limit command or ulimit -u I get answer:
cputime unlimited filesize unlimited datasize 33554432 kbytes stacksize 524288 kbytes coredumpsize unlimited memoryuse unlimited vmemoryuse unlimited descriptors 36864 memorylocked unlimited maxproc 8192 sbsize unlimited swapsize unlimited
Could It be some dovecot vs. freebsd related error? Or I "dont see" anything? :)
Thanks for your time
Tomas R.
Dne 17.09.12 17:16, Timo Sirainen napsal(a):
Where did you set the ulimit -u? It doesn't seem to be used by Dovecot processes. In any case there's nothing in dovecot.conf that can help you.
On 17.9.2012, at 18.10, Tomáš Randa wrote:
Hello,
thanks for answer! I know that message come from kernel. But I have set ulimit -u to 8192 for uid 89, so I think I forgot to increase some value in dovecot.conf..
Tomas R.
Dne 17.09.12 16:46, Timo Sirainen napsal(a):
On 17.9.2012, at 17.40, Tomáš Randa wrote:
Hello,
I have configuration question. Running FreeBSD 9.0 / AMD64 / Dovecot 2.1.8 version and cannot get over 1024 processes. I`ve increased process_limit in imap and pop3 and still have messages in syslog like: maxproc limit exceeded by uid 89, please see tuning(7) and login.conf(5). Did I forget to increase some other value? System values are higher - kern.maxprocperuid: 8192 and kern.maxproc: 12288 That message comes from the kernel. Dovecot doesn't use login.conf. You need to set ulimit -u manually (= in init.d script) before starting Dovecot.
It doesn't work like that with Dovecot. ulimit -u 8192 must be run just before dovecot binary is started. ulimits elsewhere are irrelevant.
On 17.9.2012, at 18.24, Tomáš Randa wrote:
On FreeBSD in standard behavior is basic user limit set by sysctl kern.maxprocperuid, which is standard to 5547 and I increased it to 8192. When I run under UID 89 limit command or ulimit -u I get answer:
cputime unlimited filesize unlimited datasize 33554432 kbytes stacksize 524288 kbytes coredumpsize unlimited memoryuse unlimited vmemoryuse unlimited descriptors 36864 memorylocked unlimited maxproc 8192 sbsize unlimited swapsize unlimited
Could It be some dovecot vs. freebsd related error? Or I "dont see" anything? :)
Thanks for your time
Tomas R.
Dne 17.09.12 17:16, Timo Sirainen napsal(a):
Where did you set the ulimit -u? It doesn't seem to be used by Dovecot processes. In any case there's nothing in dovecot.conf that can help you.
On 17.9.2012, at 18.10, Tomáš Randa wrote:
Hello,
thanks for answer! I know that message come from kernel. But I have set ulimit -u to 8192 for uid 89, so I think I forgot to increase some value in dovecot.conf..
Tomas R.
Dne 17.09.12 16:46, Timo Sirainen napsal(a):
On 17.9.2012, at 17.40, Tomáš Randa wrote:
Hello,
I have configuration question. Running FreeBSD 9.0 / AMD64 / Dovecot 2.1.8 version and cannot get over 1024 processes. I`ve increased process_limit in imap and pop3 and still have messages in syslog like: maxproc limit exceeded by uid 89, please see tuning(7) and login.conf(5). Did I forget to increase some other value? System values are higher - kern.maxprocperuid: 8192 and kern.maxproc: 12288 That message comes from the kernel. Dovecot doesn't use login.conf. You need to set ulimit -u manually (= in init.d script) before starting Dovecot.
On 17.9.2012, at 18.26, Timo Sirainen wrote:
It doesn't work like that with Dovecot. ulimit -u 8192 must be run just before dovecot binary is started. ulimits elsewhere are irrelevant.
Although the strange thing is that Dovecot v2.1 is supposed to automatically increase this limit at startup. Maybe FreeBSD does work in a different way than Linux? The way Linux works (and Dovecot assumes things work) is:
- dovecot master process starts, inheriting the ulimits from the shell that starts it
- Dovecot checks the current limit and increases it if necessary
- Forked child processes inherit the parent's ulimits
- setuid(X) fails if UID X has reached the ulimit value (according the current process's ulimit - not some other value read from somewhere)
There is no reading of X's ulimit value anywhere, it's the same for all Dovecot child processes. limits.conf and such are read and applied by PAM, which is done before 1 step.
kern.maxprocperuid I guess means the upper allowed limit for the ulimit.
kern.maxprocperuid is maximum allowed user limit, But in standard it is set to maximum imho. And if dovecot checks limit why it did not increases it on FreeBSD? :( ? Hard limit 8192 on my box is much more.
Dne 17.09.12 17:45, Timo Sirainen napsal(a):
On 17.9.2012, at 18.26, Timo Sirainen wrote:
It doesn't work like that with Dovecot. ulimit -u 8192 must be run just before dovecot binary is started. ulimits elsewhere are irrelevant.
Although the strange thing is that Dovecot v2.1 is supposed to automatically increase this limit at startup. Maybe FreeBSD does work in a different way than Linux? The way Linux works (and Dovecot assumes things work) is:
- dovecot master process starts, inheriting the ulimits from the shell that starts it
- Dovecot checks the current limit and increases it if necessary
- Forked child processes inherit the parent's ulimits
- setuid(X) fails if UID X has reached the ulimit value (according the current process's ulimit - not some other value read from somewhere)
There is no reading of X's ulimit value anywhere, it's the same for all Dovecot child processes. limits.conf and such are read and applied by PAM, which is done before 1 step.
kern.maxprocperuid I guess means the upper allowed limit for the ulimit.
hello
what is the result of the following command ?
sysctl -a | grep kern.maxproc
On 09/17/2012 05:10 PM, Tomáš Randa wrote:
Hello,
thanks for answer! I know that message come from kernel. But I have set ulimit -u to 8192 for uid 89, so I think I forgot to increase some value in dovecot.conf..
Tomas R.
Dne 17.09.12 16:46, Timo Sirainen napsal(a):
On 17.9.2012, at 17.40, Tomáš Randa wrote:
Hello,
I have configuration question. Running FreeBSD 9.0 / AMD64 / Dovecot 2.1.8 version and cannot get over 1024 processes. I`ve increased process_limit in imap and pop3 and still have messages in syslog like: maxproc limit exceeded by uid 89, please see tuning(7) and login.conf(5). Did I forget to increase some other value? System values are higher
- kern.maxprocperuid: 8192 and kern.maxproc: 12288 That message comes from the kernel. Dovecot doesn't use login.conf. You need to set ulimit -u manually (= in init.d script) before starting Dovecot.
-- CYBERDROID Inc.
Frank BONNET
01.45.92.66.17
Service des Moyens Informatiques Generaux
ESIEE PARIS Cité Descartes / BP 99 93162 NOISY-LE-GRAND Cedex http://www.esiee.fr http://www.esiee.fr/
and this one
sysctl -a | grep kern.maxprocperuid
On 09/17/2012 05:10 PM, Tomáš Randa wrote:
Hello,
thanks for answer! I know that message come from kernel. But I have set ulimit -u to 8192 for uid 89, so I think I forgot to increase some value in dovecot.conf..
Tomas R.
Dne 17.09.12 16:46, Timo Sirainen napsal(a):
On 17.9.2012, at 17.40, Tomáš Randa wrote:
Hello,
I have configuration question. Running FreeBSD 9.0 / AMD64 / Dovecot 2.1.8 version and cannot get over 1024 processes. I`ve increased process_limit in imap and pop3 and still have messages in syslog like: maxproc limit exceeded by uid 89, please see tuning(7) and login.conf(5). Did I forget to increase some other value? System values are higher
- kern.maxprocperuid: 8192 and kern.maxproc: 12288 That message comes from the kernel. Dovecot doesn't use login.conf. You need to set ulimit -u manually (= in init.d script) before starting Dovecot.
-- CYBERDROID Inc.
Frank BONNET
01.45.92.66.17
Service des Moyens Informatiques Generaux
ESIEE PARIS Cité Descartes / BP 99 93162 NOISY-LE-GRAND Cedex http://www.esiee.fr http://www.esiee.fr/
participants (3)
-
Frank Bonnet
-
Timo Sirainen
-
Tomáš Randa