[Mimedefang] Running multiple Mimedefangs on a single box?

Atanas mimedefang at asd.aplus.net
Thu Oct 21 17:30:32 EDT 2004 

Some time ago I started getting errors like:

MIMEDefang: accept() returned invalid socket (Result too large), try again

Which in other words means something like "I'm out of FDs, bye". This 
happens when the Mimedefang's bunch of processes hits the file 
descriptor limit (FD_SETSIZE=1024). It's a well known limitation for all 
applications based on select(), and AFAIK there's no simple cure for 
that except switching to poll(), but it's beyond the subject (and my 
abilities).

When such a error happens, some Mimedefang slaves continue to work 
normally, while others just hang around and produce more errors causing 
lots of timeouts and milter tempfails until Mimedefang gets fully 
restarted. In the beginning such events were occasional and I was doing 
these restarts manually. Later I wrote a simple script to do that for 
me. But now it started happening too often (several times an hour) and 
is no longer acceptable.

The box is not that much (over)loaded - it still has about 60-70% idle 
CPU time, and during peak times the load barely hits 60-70% (i.e. 30-40% 
idle). Memory, I/O or any other resources are not a problem at all. I'm 
planning to add another box and eventually split the load (I have 
multiple MTAs connected to that box over tcp socket, so it's pretty easy 
to split them in 2 or more subsets). But I believe the load is not the 
real issue here and I'm sure I'll run into the same problem with 2 boxes 
as well.

For now I'm thinking about multiple Mimedefang instances (i.e. 
multiplexors, probably one per MTA or per group of MTAs) running same 
binaries and filters, but using smaller FD subsets and listening on 
different sockets. And all this on the same box and OS.

I could wrap them in FreeBSD jails as well, but it seems more 
complicated. I'd prefer having just one set of binaries, because it 
makes the things much easier to manage. That's one of the reasons I 
don't have it installed on each MTA.

So, would Mimedefang support such a configuration, and does anybody use 
something like that?

Regards,
Atanas

More information about the MIMEDefang mailing list