David, Yes. I started increasing the max children number for sendmail trying to aviod many "rejecting connections on daemon host1: 300 children, max 300". At the time the problems with MD started, I was using 600 children on a single machine. Only today I read your answer, my "solution" was to start 3 sendmail daemons (binding to it's own IP), and 3 MD instances with different sockts. Nawadays I'm running 900 children (3x 300 each). But now I'm getting too many "lost input channel from [IP] to MTA after rcpt" or "collect: premature EOM: unexpected close". I already set the RCPT timeout for sendmail, but still get a loot of connections from different hosts. By now, only hotmail holds 127 connections to one of my MX. I will try the "-C" option.
Thank you, - Marcelo Souza On Fri, 23 Jun 2006, David F. Skoll wrote: |[EMAIL PROTECTED] wrote: | |> Jun 23 00:00:04 host2 mimedefang[95658]: MIMEDefang-2.54: accept() |> returned invalid socket (Result too large), try again | |This means that the accept() system call returned a file descriptor |that is larger than FD_SETSIZE. This means you have (for some reason) |lots and lots of milter threads active. | |Do you have a lot of Sendmail processes running? We've seen DoS attacks |whereby attackers open up thousands of SMTP connections to a machine and |just sit there doing nothing. This causes lots of Sendmail processes and |Milter threads to hang around. Even though they don't consume CPU time, |they do consume memory and (in the case of the milters) file descriptors. |I recommend adding this to sendmail.mc: | | define(`confTO_COMMAND',`5m')dnl | |It causes Sendmail to close the connection and exit if the client sits |idle for five minutes. | |Another option is to use the -C option with MIMEDefang. This causes |the milter not to hold file descriptors open between Milter |callbacks. (Of course, the milter socket itself is always |held open, but that's under control of the milter library.) |See the mimedefang(8) man page for details. | |Regards, | |David. |_______________________________________________ |NOTE: If there is a disclaimer or other legal boilerplate in the above |message, it is NULL AND VOID. You may ignore it. | |Visit http://www.mimedefang.org and http://www.roaringpenguin.com |MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com |http://lists.roaringpenguin.com/mailman/listinfo/mimedefang | - Marcelo _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang