Discussion:
[Dovecot] Inotify max_user_instances
Daniel L. Miller
2013-03-07 15:50:02 UTC
Permalink
Maybe I have multiple problems - dunno.

I've started seeing the following log lines:
Mar 7 07:46:22 bubba dovecot: imap(dmiller at amfes.com): Warning: Inotify
instance limit for user 5000 (UID vmail) exceeded, disabling. Increase
/proc/sys/fs/inotify/max_user_instances

max_user_instances is currently 128.

I've tried stopping and restarting dovecot - the message immediately
returns. I could just increase max_user_instances - but I'd like to
understand what the number SHOULD be and why simply restarting Dovecot
doesn't fix it. If this issue is for user "vmail" this is used by mail
services only - and I've only got a few users on my system.

I'm also fighting a netfilter issue - my connection tracking counters
keep climbing. Don't know if this is in any way related.
--
Daniel
Steffen Kaiser
2013-03-08 08:31:26 UTC
Permalink
Post by Daniel L. Miller
Maybe I have multiple problems - dunno.
Mar 7 07:46:22 bubba dovecot: imap(dmiller at amfes.com): Warning: Inotify
instance limit for user 5000 (UID vmail) exceeded, disabling. Increase
/proc/sys/fs/inotify/max_user_instances
max_user_instances is currently 128.
I've tried stopping and restarting dovecot - the message immediately returns.
I could just increase max_user_instances - but I'd like to understand what
the number SHOULD be and why simply restarting Dovecot doesn't fix it. If
this issue is for user "vmail" this is used by mail services only - and I've
only got a few users on my system.
see
http://stackoverflow.com/questions/11110245/inotify-fd-why-is-the-limit-per-user-id-and-not-per-process

Dovecot needs one inotify entity per IDLE, maybe more for internal
purposes. So in theory, you will need: <max number of simultaneous users>
* <number of watched mailboxes per users> + <fixed amount>, because you
use one _system_ user for all IMAP-users.
Post by Daniel L. Miller
I'm also fighting a netfilter issue - my connection tracking counters keep
climbing. Don't know if this is in any way related.
Do you use NAT on the same machine? Or some intrusion detection system?
When you get many short connections, esp. UDP ones, the connection tracker
fills up easily.

- --
Steffen Kaiser
Daniel L. Miller
2013-03-08 12:21:54 UTC
Permalink
Post by Steffen Kaiser
see
http://stackoverflow.com/questions/11110245/inotify-fd-why-is-the-limit-per-user-id-and-not-per-process
Dovecot needs one inotify entity per IDLE, maybe more for internal
purposes. So in theory, you will need: <max number of simultaneous
users> * <number of watched mailboxes per users> + <fixed amount>,
because you use one _system_ user for all IMAP-users.
Thanks. I actually had this increased previously - but for whatever
reason my sysctl.d/60-inotify.conf didn't get applied last reboot.
Post by Steffen Kaiser
Post by Daniel L. Miller
I'm also fighting a netfilter issue - my connection tracking counters
keep climbing. Don't know if this is in any way related.
Do you use NAT on the same machine? Or some intrusion detection
system? When you get many short connections, esp. UDP ones, the
connection tracker fills up easily.
Yes and Yes. Could fail2ban be hurting more than it's helping?
--
Daniel
Loading...