greylist: accept() returned invalid socket (Numerical result out of range)
2008-06-04 by fwilke
Hi folks,
we have some heavily loaded MX servers (clustered and load balanced
with LVS) and tried to reduce SPAM by greylisting.
At about 900 parallel SMTP sessions milter-greylist comes with the
message
milter-greylist: greylist: accept() returned invalid socket
(Numerical result out of range), try again"
(this is near the default limit of fd (1024))
E(nvironment):
==============
linux kernel 2.6.19.7
sendmail 8.13.8 (packed with libmilter)
milter-greylist 4.0
greylist.conf:
--------------
greylist 5m
autowhite 5d
timeout 1d
quiet
dump_no_time_translation
report delays
user "smmsp"
stat ">>/var/log/milter-greylist.log" "%T{%T},%i,%s,%r,%A\n"
acl whitelist addr 127.0.0.0/8
acl whitelist addr 192.168.0.0/24
peer 192.168.0.1
peer 192.168.0.2
peer 192.168.0.3
# greylisting deactivated
acl whitelist default
# greylisting activated
#acl greylist default code "451" ecode "4.3.0" msg "Temporarily
unavailable. Please try again later."
cut of sendmail.mc:
-------------------
...
INPUT_MAIL_FILTER(`greylist',
`S=local:/var/milter-greylist/milter-greylist.sock,T=R:1m')
define(`confMILTER_MACROS_CONNECT', `j, {if_addr}')
define(`confMILTER_MACROS_ENVFROM', `i, {auth_authen}')
define(`confMILTER_MACROS_ENVRCPT', `{greylist}')
...
P(roblem):
==========
After activating milter-greylist in sendmail:
mforward1 milter-greylist: greylist: thread_create() failed: 12, try
again
This was fixed by increasing maximum stack size and number of open
file descriptors (ulimit -s 2048; ulimit -n 10240)
> ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
file size (blocks, -f) unlimited
max locked memory (kbytes, -l) 32
max memory size (kbytes, -m) unlimited
open files (-n) 10240 <---
pipe size (512 bytes, -p) 8
stack size (kbytes, -s) 2048 <---
cpu time (seconds, -t) unlimited
max user processes (-u) 270336
virtual memory (kbytes, -v) unlimited
But this came at next :(
mforward1 milter-greylist: greylist: accept() returned invalid
socket (Numerical result out of range), try again
D(iagnosis):
============
Investigated in internet and found a workaround for a similiar
problem
---
Autopsy: It looks like that the "accept()" system call in libmilter
returns a file descriptor which is greater than FD_SETSIZE.
Workaround:
1. To recompile and reinstall the libmilter from the source package
through the "DFD_SETSIZE" to increase the file descriptor limit
number for libmilter.
# env CPPFLAGS="-DFD_SETSIZE=8192" ./Build c
2. To recompile and reinstall the libmister through adding the
following line to devtools/Site/site.config.m4 file, that causes
libmilter to use "poll()" instead of "select()". I think libmilter
uses the "select()" system call for handing the file descriptors by
default, the following would cause libmilter to use the "poll()"
which doesn't have the file descriptor limit.
###
dnl Enable libmilter with a pool of workers
APPENDDEF(`conf_libmilter_ENVDEF',`-D_FFR_WORKERS_POOL=1')
dnl Use poll instead of select
APPENDDEF(`conf_libmilter_ENVDEF',`-DSM_CONF_POLL=1')
###
---
Recompiling with poll() instead of select() and increasing fd limit
to 8192,
but unfortunately this not the solution at all - the threshold to
lack of sockets is slightly increased.
Any hint?
Excuse me I'm rookie at this list
Regards
Frank