[Dovecot] Re: Apple Mail and too many open files?

Roger Weeks rjw at mcn.org
Wed May 24 19:51:11 EEST 2006 

> Date: Wed, 24 May 2006 19:55:41 +1000
> From: Rob Middleton <robm-dovecot at centenary.org.au>
> Subject: Re: [Dovecot] Apple Mail and too many open files?
> To: Alan Schmitt <alan.schmitt at polytechnique.org>
> Cc: Dovecot List Mailing <dovecot at dovecot.org>
>
> OS X is configured by default with these numbers way too low. OS X has
> some really dumb processes like AFP that will chew through all of your
> open files and not cope cleanly with running out of allowable/ 
> available
> filehandles.

If you're running filesharing of ANY kind on your mail server, you  
should stop it.  Mail servers should run mail, not run AFP and Samba  
and other things.

> OS X has a DoS vulnerability in the way ssh processes are spawned and
> the ssh interaction with their PAM modules (it exhibits with the
> symptoms you have described). Have you really got port 22 blocked from
> the outside world?? Have you tested that? Consider running ssh on an
> alternate port if running OS X server (as Apple's GUI config tools for
> the firewall don't always allow you to block port 22).

This is a very simple problem to fix, and doesn't require blocking  
port 22.
Set up /etc/hosts.allow:

sshd               		: 192.169.1.0/255.255.255.0
sshd-keygen-wrapper : 192.168.1.0/255.255.255.0

Set up /etc/hosts.deny:

ALL: ALL:deny

Tcpwrappers will now take care of you, and any DOS attacks you get  
will simply be dropped.

> Do consider running your mail services off a machine that is not a Mac
> OS X server. OS X server is merely OS X client/workstation with a  
> pretty
> management utility for some 'nix services. It is not stable under high
> load -- and it is not even stable under moderate load without numerous
> performance tweaks (it doesn't cope at all well if the disk queue goes
> up a touch or loadavg is at all interesting - ie it degrades poorly
> under load).

While some of this statement may be accurate, there's a lot of FUD  
here too.  Both OS X and OS X server use the same kernel, it is  
true.  However, these operating systems are fast and reliable.  We  
ran our mail server for a couple of years on OS X with exim and  
courier-imap, and the only reason we did stop and move to Linux is  
because we needed a bigger solution and intel-based hardware was  
cheaper than a bunch of XServes.

And I will challenge your statement about high load.  We have two web  
servers that average betwen 5 and 10 mbits of constant web load,  
running on OS X Server and XServes.  The average load on these boxes  
is something like 0.20.

Roger Weeks

More information about the dovecot mailing list