[Mimedefang] Result too large

scuba at centroin.com.br scuba at centroin.com.br
Fri Jun 30 14:28:42 EDT 2006


David,

	Yes. I started increasing the max children number for sendmail 
trying to aviod many "rejecting connections on daemon host1: 300 children, 
max 300". At the time the problems with MD started, I was using 600 
children on a single machine.
	Only today I read your answer, my "solution" was to start 3 
sendmail daemons (binding to it's own IP), and 3 MD instances with 
different sockts. Nawadays I'm running 900 children (3x 300 each).
	But now I'm getting too many "lost input channel from [IP] to MTA 
after rcpt" or "collect: premature EOM: unexpected close". 
	I already set the RCPT timeout for sendmail, but still get a loot 
of connections from different hosts. By now, only hotmail holds 127 
connections to one of my MX.
	I will try the "-C" option.

Thank you,

- Marcelo Souza

On Fri, 23 Jun 2006, David F. Skoll wrote:

|scuba at centroin.com.br wrote:
|
|> Jun 23 00:00:04 host2 mimedefang[95658]: MIMEDefang-2.54: accept()
|> returned invalid socket (Result too large), try again
|
|This means that the accept() system call returned a file descriptor
|that is larger than FD_SETSIZE.  This means you have (for some reason)
|lots and lots of milter threads active.
|
|Do you have a lot of Sendmail processes running?  We've seen DoS attacks
|whereby attackers open up thousands of SMTP connections to a machine and
|just sit there doing nothing.  This causes lots of Sendmail processes and
|Milter threads to hang around.  Even though they don't consume CPU time,
|they do consume memory and (in the case of the milters) file descriptors.
|I recommend adding this to sendmail.mc:
|
|	define(`confTO_COMMAND',`5m')dnl
|
|It causes Sendmail to close the connection and exit if the client sits
|idle for five minutes.
|
|Another option is to use the -C option with MIMEDefang.  This causes
|the milter not to hold file descriptors open between Milter
|callbacks.  (Of course, the milter socket itself is always
|held open, but that's under control of the milter library.)
|See the mimedefang(8) man page for details.
|
|Regards,
|
|David.
|_______________________________________________
|NOTE: If there is a disclaimer or other legal boilerplate in the above
|message, it is NULL AND VOID.  You may ignore it.
|
|Visit http://www.mimedefang.org and http://www.roaringpenguin.com
|MIMEDefang mailing list MIMEDefang at lists.roaringpenguin.com
|http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
|


- Marcelo




More information about the MIMEDefang mailing list