Loading ...
Sorry, an error occurred while loading the content.

Re: classes per domain, too many open files

Expand Messages
  • Noel Jones
    ... You might be able to get away with using the proxy: server for your maps. Prepend all your map names with proxy: and see
    Message 1 of 3 , Aug 1, 2008
    • 0 Attachment
      Noel Jones wrote:
      > Furs wrote:
      >> Folks,
      >>
      >> I need a sender access per domain.
      >>
      >> After reading postfix documentation i decided to use classes,
      >> in smtpd_recipient_restriction there is a new restriction. This
      >> restriction tells postfix what class to use depending
      >> on domain recipient. Every class has its own whitelist,
      >> blacklist.
      >>
      >> Problem is there are too many classes. We have more than 1200 domains,
      >> so we use more than 1200 classes, it seems that postfix can't open them
      >>
      >> When we start postfix all is fine, but when we recieve a new mail postfix
      >> log an error message:
      >>
      >> "fatal: open database /etc/postfix/recipient-access/domains/domainXYZ.db:
      >> Too many open files"
      >>
      >> Somebody can tell how to avoid that.
      >
      > Wow, what a maintenance nightmare!
      >
      > Postfix needs to open a file descriptor for all those lookup tables you
      > have defined. An excerpt from the INSTALL file:
      >
      > ------
      > ... the number of file descriptors per process is limited by the value
      > of the FD_SETSIZE macro. If you expect to run more than 1000 mail
      > delivery processes, you may need to override the definition of the
      > FD_SETSIZE macro to make select() work correctly:
      >
      > % make makefiles CCARGS=-DFD_SETSIZE=2048
      >
      > Warning: the above has no effect on some Linux versions. Apparently, on
      > these systems the FD_SETSIZE value can be changed only by using
      > undocumented interfaces. Currently, that means including <bits/types.h>
      > directly (which is not allowed) and overriding the __FD_SETSIZE macro.
      > Beware, undocumented
      > interfaces can change at any time and without warning.
      >
      > But wait, there is more: none of this will work unless the operating
      > system is configured to handle thousands of connections. See the
      > TUNING_README guide for examples of how to increase the number of open
      > sockets or files.
      >
      > ------
      >
      > I think you'll be better off if you move this to an external policy
      > server. www.policyd.org is a good place to start.
      >

      You might be able to get away with using the proxy: server for
      your maps. Prepend all your map names with proxy:
      and see http://www.postfix.org/proxymap.8.html

      But a policy server still seems like a better idea.
      http://www.postfix.org/SMTPD_POLICY_README.html
      http://www.postfix.org/addon.html#policy

      --
      Noel Jones
    Your message has been successfully submitted and would be delivered to recipients shortly.