Milter-greylist

shuttlebox wrote:
 > Oliver Fromme wrote:
 > > shuttlebox wrote:
 > > > Nov 24 11:20:04 viola milter-greylist: [ID 653641 mail.error]
 > > > mkstemp("/var/milter-greylist/greylist.db-XX.caqCI") failed: Too many
 > > > open files
 > > 
 > >  There's your problen:  "Too many open files".
 > >  You need to increase the limit on file descriptors.
 > >  (The exact way to do that depends on your OS and shell.)
 > > 
 > >  Most shells have a "ulimit" or "limit" built-in command,
 > >  some systems also have /usr/bin/limits (see the manual
 > >  pages).  They can be used to lift the soft limit on
 > >  file descriptors, among other things.
 > > 
 > >  If you need to increase the hard limit of your OS, well,
 > >  that's OS-dependant.  For example, FreeBSD has a sysctl
 > >  variable (kern.maxfiles and kern.maxfilesperproc), and
 > >  the limits can be tuned per login-class in /etc/login.conf
 > >  (for system daemons like milter-greylist the login class
 > >  would be "daemon", unless a different one is created.)
 > 
 > But the limit for open files is 256 for both root and the milter user,
 > I can't see how the milter user needs more than that when I can't find
 > more than three files and none of them are actively open. Does the
 > process use a lot of temporary files outside the milter directory?

File descriptors are not only used for plain files, but
also for network connections and other things.  You can
view the current descriptors with the "lsof" tool.

On my personal machine (which has very low traffic), the
milter-greylist process currently uses 21 descriptors.

 > I raised the ulimit to 1024 files before I wrote the first mail and it
 > kept crashing. How can I know how many files I need? How many do you
 > use?

I think 1024 should be plenty.  As I said above, use the
"lsof" tool to check how many descriptors are in use by
the process.

Actually, looking at the error message again, it might be
the case that the mkstemp() function opens a large number
of files while trying to find a unique filename.  If that's
the case, then the implementation of mkstemp() of your OS
(which you still didn't mention) is broken.

 > Another thing, the init.d script starts milter-greylist as root and
 > then drops privileges to the milter user I assume, where do I put the
 > ulimit change then to make it count? I made /var/milter-greylist/ the
 > home directory of the milter user and created a .profile containing
 > "ulimit -n 1024" there. Is that the correct way to make
 > milter-greylist pick it up?

No, .profile is read only by login shells.  You should put
the ulimit command inside the init.d script right before
milter-greylist is started.  The limits are inherited by
child processes.

 > Can I check that it uses the new limit?

Depends on your OS.  When you use the "lsof" utility (see
above) and it reports more than 256 descriptors in use for
your milter-greylist process, then it obviously uses the
new limit.  ;-)

Best regards
   Oliver

-- 
Oliver Fromme,  secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

"Clear perl code is better than unclear awk code; but NOTHING
comes close to unclear perl code"  (taken from comp.lang.awk FAQ)