Milter-greylist

Hi folks,

we have some heavily loaded MX servers (clustered and load balanced 
with LVS) and tried to reduce SPAM by greylisting.

At about 900 parallel SMTP sessions milter-greylist comes with the 
message
„milter-greylist: greylist: accept() returned invalid socket 
(Numerical result out of range), try again"
(this is near the default limit of fd (1024)) 

E(nvironment):
==============

linux kernel 2.6.19.7
sendmail 8.13.8 (packed with libmilter)
milter-greylist 4.0

greylist.conf:
--------------
greylist 5m
autowhite 5d
timeout 1d
quiet
dump_no_time_translation
report delays
user "smmsp"
stat ">>/var/log/milter-greylist.log" "%T{%T},%i,%s,%r,%A\n"

acl whitelist addr 127.0.0.0/8
acl whitelist addr 192.168.0.0/24

peer 192.168.0.1
peer 192.168.0.2
peer 192.168.0.3

# greylisting deactivated
acl whitelist default
# greylisting activated
#acl greylist default code "451" ecode "4.3.0" msg "Temporarily 
unavailable. Please try again later."

cut of sendmail.mc:
-------------------
...
INPUT_MAIL_FILTER(`greylist',
`S=local:/var/milter-greylist/milter-greylist.sock,T=R:1m')
define(`confMILTER_MACROS_CONNECT', `j, {if_addr}')
define(`confMILTER_MACROS_ENVFROM', `i, {auth_authen}')
define(`confMILTER_MACROS_ENVRCPT', `{greylist}')
...

P(roblem):
==========
After activating milter-greylist in sendmail:
mforward1 milter-greylist: greylist: thread_create() failed: 12, try 
again

This was fixed by increasing maximum stack size and number of open 
file descriptors (ulimit -s 2048; ulimit -n 10240)

> ulimit -a
core file size        (blocks, -c) 0
data seg size         (kbytes, -d) unlimited
file size             (blocks, -f) unlimited
max locked memory     (kbytes, -l) 32
max memory size       (kbytes, -m) unlimited
open files                    (-n) 10240 <---
pipe size          (512 bytes, -p) 8
stack size            (kbytes, -s) 2048 <---
cpu time             (seconds, -t) unlimited
max user processes            (-u) 270336
virtual memory        (kbytes, -v) unlimited

But this came at next :(
mforward1 milter-greylist: greylist: accept() returned invalid 
socket (Numerical result out of range), try again

D(iagnosis):
============

Investigated in internet and found a workaround for a similiar 
problem

---
Autopsy: It looks like that the "accept()" system call in libmilter 
returns a file descriptor which is greater than FD_SETSIZE. 
Workaround: 
1. To recompile and reinstall the libmilter from the source package 
through the "DFD_SETSIZE" to increase the file descriptor limit 
number for libmilter. 
# env CPPFLAGS="-DFD_SETSIZE=8192" ./Build –c 
2. To recompile and reinstall the libmister through adding the 
following line to devtools/Site/site.config.m4 file, that causes 
libmilter to use "poll()" instead of "select()". I think libmilter 
uses the "select()" system call for handing the file descriptors by 
default, the following would cause libmilter to use the "poll()" 
which doesn't have the file descriptor limit. 
### 
dnl Enable libmilter with a pool of workers 
APPENDDEF(`conf_libmilter_ENVDEF',`-D_FFR_WORKERS_POOL=1') 
dnl Use poll instead of select 
APPENDDEF(`conf_libmilter_ENVDEF',`-DSM_CONF_POLL=1') 
###
---

Recompiling with poll() instead of select() and increasing fd limit 
to 8192,
but unfortunately this not the solution at all - the threshold to 
lack of sockets is slightly increased.

Any hint?
Excuse me I'm rookie at this list

Regards

Frank