[Dovecot] file descriptor leak?
Timo Sirainen
tss at iki.fi
Wed Jan 3 23:00:13 UTC 2007
On 4.1.2007, at 0.34, Steven F Siirila wrote:
>> Each imap-login and pop3-login connects to dovecot-auth. So if you've
>> about 250 SSL/TLS connections, or 250 users logging in at the same
>> time, and login_process_per_connection=yes, I guess this could
>> happen. So login_process_per_connection=no should work around this.
>
> First off, we don't allow non-SSL/TLS connections.
> When you say "I guess this could happen" are you saying that there
> might
> be a file descriptor leak? Is it normal to have hundreds of file
> descriptors
> in used by the master dovecot and the dovecot-auth process? What
> is the
> formula for how many file descriptors I SHOULD be seeing in use
> concurrently
> for master dovecot, dovecot-auth, etc.?
Each child process has a log output pipe open to master process.
Each imap-login and pop3-login process has an UNIX socket opened to
dovecot-auth process. After user has logged in, the process is only
proxying the SSL/TLS connections. After that it doesn't really need
to have the socket open for dovecot-auth, but currently it does.. I
hadn't thought about this before. This patch should fix it:
http://dovecot.org/list/dovecot-cvs/2007-January/007326.html
> I will try switching to login_process_per_connection=no, hoping
> that the
> problem with file descriptors doesn't move from dovecot-auth to
> imap-login !
If you do that, you should also increase login_processes_count.
>> I don't see why crypt() want to open any files though.
>
> Me either. Doesn't the error message imply that crypt is calling
> fdopen?
Yep. Maybe it's connecting to some daemon that handles the crypting.
Or something..
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20070104/b84ccd83/attachment.pgp
More information about the dovecot
mailing list