Cyrus 2.5.9 imapd children count grows and exceeds limit

Paul Dekkers paul.dekkers at surfnet.nl
Tue Sep 13 03:04:47 EDT 2016


Hi,

I never tried to use the tcp_keepalive option as suggested in recent followup, but faced the same issue: I solved it by running nginx as imap-proxy in front of Cyrus. First just for the imaps connections, but I guess most people used that anyway so I’m not sure it was TLS related - or indeed tcp_keepalive. There were so many processes that the out-of-memory killer was going wild after some time. And this definitely wasn’t necessary.

Don’t recall having this with older versions (but then I was also running on FreeBSD mostly, and the recent version on Debian so I changed more parameters);

Regards,
Paul





On 9-12-16 05:01, "Info-cyrus on behalf of Andy Dorman via Info-cyrus" <info-cyrus-bounces+paul.dekkers=surfnet.nl at lists.andrew.cmu.edu on behalf of info-cyrus at lists.andrew.cmu.edu> wrote:

>Hi everyone.  We have 14 Debian servers running the current Debian 
>release of Cyrus imap 2.5.9.
>
>We upgraded from 2.4.18 to 2.5.9 on Aug 28, upgraded the cyrus.conf & 
>imapd.conf to rename the deprecated options and switch from skiplist to 
>twoskip for all our dbs. Our cyrus.conf and imapd.con (minus comments) 
>is at the end of this email.
>
>We now have 4 of the 14 servers where the number of imapd processes 
>slowly grows and usually within 12-14 hours reaches the imapd process 
>limit (currently set to 100).  From what we can tell watching the 
>process list, the old processes are never shut down after reaching their 
>usage limit (which is the default).
>
>The difference between the 4 with the problem and the others have to be 
>the mail clients.  Each server supports a different group of mail 
>domains and users, so I suspect some of the users on the problem servers 
>are using one or more mail clients that are not well behaved, but I have 
>no indication of what they are doing wrong.
>
>While we had this problem intermittently with 2.4.18 (once or twice a 
>month on a random server), it is much worse since the update to 2.5.9. 
>We now have to restart imapd on all the problem servers almost twice a day.
>
>If it matters, we have tried both idled and polling and have not seen 
>any difference.
>
>So has anyone else seen an issue like this?  Does anyone have any 
>suggestions on how to debug?
>
>We have examined syslog and do not see any strange reports outside of 
>the normal berkeley DBERROR messages we always see due to bdb compiled 
>into the debian Cyrus release.
>
>===== cyrus.conf =====
>START {
>    recover	cmd="/usr/sbin/cyrus ctl_cyrusdb -r"
>    idle		cmd="idled"
>    delprune	cmd="/usr/sbin/cyrus expire -E 3"
>    tlsprune	cmd="/usr/sbin/cyrus tls_prune"
>}
>
>SERVICES {
>    imap	cmd="imapd" listen="*:imap" prefork=5 maxchild=100
>    imaps	cmd="imapd -s" listen="*:imaps" prefork=5 maxchild=100
>    lmtp	cmd="lmtpd" listen="*:lmtp" prefork=5 maxchild=20
>    sieve	cmd="timsieved" listen="*:sieve" prefork=0 maxchild=100
>}
>
>EVENTS {
>    checkpoint  cmd="/usr/sbin/cyrus ctl_cyrusdb -c" period=30
>    delprune    cmd="/usr/sbin/cyrus expire -E 3" period=120
>    tlsprune    cmd="/usr/sbin/cyrus tls_prune" period=60
>    resquat     cmd="/usr/sbin/cyrus squatter -s -r -i *" at=0437
>}
>
>===== imapd.conf =====
>admins: cyrus
>
>allowallsubscribe: on
>
>allowanonymouslogin: no
>
>allowplaintext: on
>
>altnamespace: on
>
>annotation_db: twoskip
>
>anyoneuseracl: off
>
>autocreate_quota: 512000
>
>configdirectory: /var/lib/cyrus
>
>defaultdomain: ironicdesign.com
>
>defaultpartition: default
>
>duplicate_db: twoskip
>
>expunge_mode: delayed
>
>fulldirhash: on
>
>guid_mode: sha1
>
>hashimapspool: on
>
>idlesocket: /var/run/cyrus/socket/idle
>
>improved_mboxlist_sort: on
>
>lmtp_downcase_rcpt: on
>
>lmtpsocket: /var/run/cyrus/socket/lmtp
>
>mboxname_lockpath: /run/cyrus/lock
>
>notifysocket: /var/run/cyrus/socket/notify
>
>partition-default: /var/spool/cyrus/mail
>
>popminpoll: 1
>
>proc_path: /run/cyrus/proc
>
>quota_db: twoskip
>
>sasl_log_level: 7
>sasl_mech_list: PLAIN
>sasl_pwcheck_method: saslauthd
>sasl_minimum_layer: 0
>allowapop: no
>
>sieveusehomedir: false
>sievedir: /var/spool/cyrus/sieve
>
>statuscache_db: twoskip
>
>syslog_prefix: cyrus
>
>tls_sessions_db: twoskip
>
>tls_client_ca_file: /etc/ssl/certs/mail.ironicdesign.com.pem
>
>tls_client_ca_dir: /etc/ssl/certs
>
># The rest of our TLS setup
>tls_server_cert: /etc/ssl/certs/mail.ironicdesign.com.pem
>tls_server_key: /etc/ssl/certs/mail.ironicdesign.com.pem
>tls_session_timeout: 1440
>
>tls_ciphers: TLSv1+HIGH:!aNULL:@STRENGTH
>
>tls_versions: tls1_0 tls1_1 tls1_2
>
>umask: 077
>
>unix_group_enable: off
>
>unixhierarchysep: on
>
>userdeny_db: twoskip
>
>virtdomains: userid
>
>sieve_extensions: fileinto reject vacation imapflags notify envelope 
>body relational regex subaddress copy
>===== end imapd.conf =====
>
>Thanks for any ideas on what to look for or how to debug this.
>
>-- 
>Andy Dorman
>Ironic Design, Inc.
>AnteSpam.com
>
>----
>Cyrus Home Page: http://www.cyrusimap.org/
>List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
>To Unsubscribe:
>https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


More information about the Info-cyrus mailing list