Re: classes per domain, too many open files
- Noel Jones wrote:
> Furs wrote:You might be able to get away with using the proxy: server for
>> I need a sender access per domain.
>> After reading postfix documentation i decided to use classes,
>> in smtpd_recipient_restriction there is a new restriction. This
>> restriction tells postfix what class to use depending
>> on domain recipient. Every class has its own whitelist,
>> Problem is there are too many classes. We have more than 1200 domains,
>> so we use more than 1200 classes, it seems that postfix can't open them
>> When we start postfix all is fine, but when we recieve a new mail postfix
>> log an error message:
>> "fatal: open database /etc/postfix/recipient-access/domains/domainXYZ.db:
>> Too many open files"
>> Somebody can tell how to avoid that.
> Wow, what a maintenance nightmare!
> Postfix needs to open a file descriptor for all those lookup tables you
> have defined. An excerpt from the INSTALL file:
> ... the number of file descriptors per process is limited by the value
> of the FD_SETSIZE macro. If you expect to run more than 1000 mail
> delivery processes, you may need to override the definition of the
> FD_SETSIZE macro to make select() work correctly:
> % make makefiles CCARGS=-DFD_SETSIZE=2048
> Warning: the above has no effect on some Linux versions. Apparently, on
> these systems the FD_SETSIZE value can be changed only by using
> undocumented interfaces. Currently, that means including <bits/types.h>
> directly (which is not allowed) and overriding the __FD_SETSIZE macro.
> Beware, undocumented
> interfaces can change at any time and without warning.
> But wait, there is more: none of this will work unless the operating
> system is configured to handle thousands of connections. See the
> TUNING_README guide for examples of how to increase the number of open
> sockets or files.
> I think you'll be better off if you move this to an external policy
> server. www.policyd.org is a good place to start.
your maps. Prepend all your map names with proxy:
and see http://www.postfix.org/proxymap.8.html
But a policy server still seems like a better idea.