[Dovecot] file descriptor leak?

[Timo Sirainen]

On 4.1.2007, at 0.34, Steven F Siirila wrote:

>> Each imap-login and pop3-login connects to dovecot-auth. So if you've
>> about 250 SSL/TLS connections, or 250 users logging in at the same
>> time, and login_process_per_connection=yes, I guess this could
>> happen. So login_process_per_connection=no should work around this.
>
> First off, we don't allow non-SSL/TLS connections.
> When you say "I guess this could happen" are you saying that there  
> might
> be a file descriptor leak?  Is it normal to have hundreds of file  
> descriptors
> in used by the master dovecot and the dovecot-auth process?  What  
> is the
> formula for how many file descriptors I SHOULD be seeing in use  
> concurrently
> for master dovecot, dovecot-auth, etc.?

Each child process has a log output pipe open to master process.

Each imap-login and pop3-login process has an UNIX socket opened to  
dovecot-auth process. After user has logged in, the process is only  
proxying the SSL/TLS connections. After that it doesn't really need  
to have the socket open for dovecot-auth, but currently it does.. I  
hadn't thought about this before. This patch should fix it:

http://dovecot.org/list/dovecot-cvs/2007-January/007326.html

> I will try switching to login_process_per_connection=no, hoping  
> that the
> problem with file descriptors doesn't move from dovecot-auth to  
> imap-login !

If you do that, you should also increase login_processes_count.

>> I don't see why crypt() want to open any files though.
>
> Me either.  Doesn't the error message imply that crypt is calling  
> fdopen?

Yep. Maybe it's connecting to some daemon that handles the crypting.  
Or something..
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20070104/b84ccd83/attachment.pgp