Loading ...
Sorry, an error occurred while loading the content.
 

classes per domain, too many open files

Expand Messages
  • Furs
    Folks, I need a sender access per domain. After reading postfix documentation i decided to use classes, in smtpd_recipient_restriction there is a new
    Message 1 of 3 , Aug 1, 2008
      Folks,

      I need a sender access per domain.

      After reading postfix documentation i decided to use classes,
      in smtpd_recipient_restriction there is a new restriction.
      This restriction tells postfix what class to use depending
      on domain recipient. Every class has its own whitelist,
      blacklist.

      Problem is there are too many classes. We have more than 1200 domains,
      so we use more than 1200 classes, it seems that postfix can't open them

      When we start postfix all is fine, but when we recieve a new mail postfix
      log an error message:

      "fatal: open database /etc/postfix/recipient-access/domains/domainXYZ.db:
      Too many open files"

      Somebody can tell how to avoid that.

      This is our "main.cf"

      smtpd_restriction_classes =
      access-domain1
      access-domain2
      ...

      access-domain1 = check_sender_access
      hash:/etc/postfix/recipient-access/domains/domain1
      access-domain2 = check_sender_access
      hash:/etc/postfix/recipient-access/domains/domain2


      smtpd_recipient_restriction =
      ...
      check_recipient_access hash:/etc/postfix/recipient_access/alldomains
      ...

      "Contents of alldomains":
      domain1 access-domain1
      domain2 access-domain2
      ...

      Thank you very much




      ________________________________________________________________
      Mensaje enviado desde el WebMail de OPENWIRED.NET
    • Noel Jones
      ... Wow, what a maintenance nightmare! Postfix needs to open a file descriptor for all those lookup ... ... the number of file descriptors per process is
      Message 2 of 3 , Aug 1, 2008
        Furs wrote:
        > Folks,
        >
        > I need a sender access per domain.
        >
        > After reading postfix documentation i decided to use classes,
        > in smtpd_recipient_restriction there is a new restriction.
        > This restriction tells postfix what class to use depending
        > on domain recipient. Every class has its own whitelist,
        > blacklist.
        >
        > Problem is there are too many classes. We have more than 1200 domains,
        > so we use more than 1200 classes, it seems that postfix can't open them
        >
        > When we start postfix all is fine, but when we recieve a new mail postfix
        > log an error message:
        >
        > "fatal: open database /etc/postfix/recipient-access/domains/domainXYZ.db:
        > Too many open files"
        >
        > Somebody can tell how to avoid that.

        Wow, what a maintenance nightmare!

        Postfix needs to open a file descriptor for all those lookup
        tables you have defined. An excerpt from the INSTALL file:

        ------
        ... the number of file descriptors per process is limited by
        the value of the FD_SETSIZE macro. If you expect to run more
        than 1000 mail delivery processes, you may need to override
        the definition of the FD_SETSIZE macro to make select() work
        correctly:

        % make makefiles CCARGS=-DFD_SETSIZE=2048

        Warning: the above has no effect on some Linux versions.
        Apparently, on these systems the FD_SETSIZE value can be
        changed only by using undocumented interfaces. Currently, that
        means including <bits/types.h> directly (which is not allowed)
        and overriding the __FD_SETSIZE macro. Beware, undocumented
        interfaces can change at any time and without warning.

        But wait, there is more: none of this will work unless the
        operating system is configured to handle thousands of
        connections. See the TUNING_README guide for examples of how
        to increase the number of open sockets or files.

        ------

        I think you'll be better off if you move this to an external
        policy server. www.policyd.org is a good place to start.

        --
        Noel Jones
      • Noel Jones
        ... You might be able to get away with using the proxy: server for your maps. Prepend all your map names with proxy: and see
        Message 3 of 3 , Aug 1, 2008
          Noel Jones wrote:
          > Furs wrote:
          >> Folks,
          >>
          >> I need a sender access per domain.
          >>
          >> After reading postfix documentation i decided to use classes,
          >> in smtpd_recipient_restriction there is a new restriction. This
          >> restriction tells postfix what class to use depending
          >> on domain recipient. Every class has its own whitelist,
          >> blacklist.
          >>
          >> Problem is there are too many classes. We have more than 1200 domains,
          >> so we use more than 1200 classes, it seems that postfix can't open them
          >>
          >> When we start postfix all is fine, but when we recieve a new mail postfix
          >> log an error message:
          >>
          >> "fatal: open database /etc/postfix/recipient-access/domains/domainXYZ.db:
          >> Too many open files"
          >>
          >> Somebody can tell how to avoid that.
          >
          > Wow, what a maintenance nightmare!
          >
          > Postfix needs to open a file descriptor for all those lookup tables you
          > have defined. An excerpt from the INSTALL file:
          >
          > ------
          > ... the number of file descriptors per process is limited by the value
          > of the FD_SETSIZE macro. If you expect to run more than 1000 mail
          > delivery processes, you may need to override the definition of the
          > FD_SETSIZE macro to make select() work correctly:
          >
          > % make makefiles CCARGS=-DFD_SETSIZE=2048
          >
          > Warning: the above has no effect on some Linux versions. Apparently, on
          > these systems the FD_SETSIZE value can be changed only by using
          > undocumented interfaces. Currently, that means including <bits/types.h>
          > directly (which is not allowed) and overriding the __FD_SETSIZE macro.
          > Beware, undocumented
          > interfaces can change at any time and without warning.
          >
          > But wait, there is more: none of this will work unless the operating
          > system is configured to handle thousands of connections. See the
          > TUNING_README guide for examples of how to increase the number of open
          > sockets or files.
          >
          > ------
          >
          > I think you'll be better off if you move this to an external policy
          > server. www.policyd.org is a good place to start.
          >

          You might be able to get away with using the proxy: server for
          your maps. Prepend all your map names with proxy:
          and see http://www.postfix.org/proxymap.8.html

          But a policy server still seems like a better idea.
          http://www.postfix.org/SMTPD_POLICY_README.html
          http://www.postfix.org/addon.html#policy

          --
          Noel Jones
        Your message has been successfully submitted and would be delivered to recipients shortly.