[Dovecot] v2.1.rc1 released
Noel Butler
noel.butler at ausics.net
Fri Nov 25 00:30:18 EET 2011
On Thu, 2011-11-24 at 21:35 +0100, Miguel Tormo wrote:
> El Jueves, 24 de Noviembre de 2011 20:25:47 Timo Sirainen escribió:
> > I'm not sure if changing /etc/security/limits.conf helps. It's probably
> > only used by PAM when user logs in, so if Dovecot is started in system
> > bootup it's unlikely to have been even read yet. Also I think some OSes
> > override the limits in /etc/init.d/ scripts. Of course, I could be
> > completely wrong in all of the above, I haven't really tested any of
> > it
>
> Well actually this is tricky, I'm not sure if it would work after a system boot, but I'm sure it works after a reboot of the service. It is also true what you say that some OSes override the limits in the /etc/init.d/ scripts, for example issuing an 'ulimit -n 4096' (if using bash) before dropping privileges (that should be inherited, but if privileges are dropped using "su" or something that uses PAM, then the /etc/security/limits.conf file comes into play again).
>
much simpler way without rebuilding is as Timo suggested, just pick your
value
#!/bin/sh
# Start/stop dovecot.
ulimit -n 16384
...
Be careful, building in kernel based higher limits means /every/ service
and can lead to DoS, this way limits dovecot to 16384, but keeps other
stuff like mysql at 4096, and everything else at 1024, bit safer.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20111125/67750002/attachment-0004.bin>
More information about the dovecot
mailing list