Loading ...
Sorry, an error occurred while loading the content.
 

Re: classes per domain, too many open files

Expand Messages
  • Noel Jones
    ... Wow, what a maintenance nightmare! Postfix needs to open a file descriptor for all those lookup ... ... the number of file descriptors per process is
    Message 1 of 3 , Aug 1 8:10 AM
      Furs wrote:
      > Folks,
      >
      > I need a sender access per domain.
      >
      > After reading postfix documentation i decided to use classes,
      > in smtpd_recipient_restriction there is a new restriction.
      > This restriction tells postfix what class to use depending
      > on domain recipient. Every class has its own whitelist,
      > blacklist.
      >
      > Problem is there are too many classes. We have more than 1200 domains,
      > so we use more than 1200 classes, it seems that postfix can't open them
      >
      > When we start postfix all is fine, but when we recieve a new mail postfix
      > log an error message:
      >
      > "fatal: open database /etc/postfix/recipient-access/domains/domainXYZ.db:
      > Too many open files"
      >
      > Somebody can tell how to avoid that.

      Wow, what a maintenance nightmare!

      Postfix needs to open a file descriptor for all those lookup
      tables you have defined. An excerpt from the INSTALL file:

      ------
      ... the number of file descriptors per process is limited by
      the value of the FD_SETSIZE macro. If you expect to run more
      than 1000 mail delivery processes, you may need to override
      the definition of the FD_SETSIZE macro to make select() work
      correctly:

      % make makefiles CCARGS=-DFD_SETSIZE=2048

      Warning: the above has no effect on some Linux versions.
      Apparently, on these systems the FD_SETSIZE value can be
      changed only by using undocumented interfaces. Currently, that
      means including <bits/types.h> directly (which is not allowed)
      and overriding the __FD_SETSIZE macro. Beware, undocumented
      interfaces can change at any time and without warning.

      But wait, there is more: none of this will work unless the
      operating system is configured to handle thousands of
      connections. See the TUNING_README guide for examples of how
      to increase the number of open sockets or files.

      ------

      I think you'll be better off if you move this to an external
      policy server. www.policyd.org is a good place to start.

      --
      Noel Jones
    • Noel Jones
      ... You might be able to get away with using the proxy: server for your maps. Prepend all your map names with proxy: and see
      Message 2 of 3 , Aug 1 8:22 AM
        Noel Jones wrote:
        > Furs wrote:
        >> Folks,
        >>
        >> I need a sender access per domain.
        >>
        >> After reading postfix documentation i decided to use classes,
        >> in smtpd_recipient_restriction there is a new restriction. This
        >> restriction tells postfix what class to use depending
        >> on domain recipient. Every class has its own whitelist,
        >> blacklist.
        >>
        >> Problem is there are too many classes. We have more than 1200 domains,
        >> so we use more than 1200 classes, it seems that postfix can't open them
        >>
        >> When we start postfix all is fine, but when we recieve a new mail postfix
        >> log an error message:
        >>
        >> "fatal: open database /etc/postfix/recipient-access/domains/domainXYZ.db:
        >> Too many open files"
        >>
        >> Somebody can tell how to avoid that.
        >
        > Wow, what a maintenance nightmare!
        >
        > Postfix needs to open a file descriptor for all those lookup tables you
        > have defined. An excerpt from the INSTALL file:
        >
        > ------
        > ... the number of file descriptors per process is limited by the value
        > of the FD_SETSIZE macro. If you expect to run more than 1000 mail
        > delivery processes, you may need to override the definition of the
        > FD_SETSIZE macro to make select() work correctly:
        >
        > % make makefiles CCARGS=-DFD_SETSIZE=2048
        >
        > Warning: the above has no effect on some Linux versions. Apparently, on
        > these systems the FD_SETSIZE value can be changed only by using
        > undocumented interfaces. Currently, that means including <bits/types.h>
        > directly (which is not allowed) and overriding the __FD_SETSIZE macro.
        > Beware, undocumented
        > interfaces can change at any time and without warning.
        >
        > But wait, there is more: none of this will work unless the operating
        > system is configured to handle thousands of connections. See the
        > TUNING_README guide for examples of how to increase the number of open
        > sockets or files.
        >
        > ------
        >
        > I think you'll be better off if you move this to an external policy
        > server. www.policyd.org is a good place to start.
        >

        You might be able to get away with using the proxy: server for
        your maps. Prepend all your map names with proxy:
        and see http://www.postfix.org/proxymap.8.html

        But a policy server still seems like a better idea.
        http://www.postfix.org/SMTPD_POLICY_README.html
        http://www.postfix.org/addon.html#policy

        --
        Noel Jones
      Your message has been successfully submitted and would be delivered to recipients shortly.