This is an old issue that still isn't resolved on debian & derivates ( others ? ) maybe someone should include it in the howtos. issue: saslauthd's memory usage starts to climb handling invalid authentication requests, eventually eating all your server memory ( & swap ). this is in fact a very serious issue, as it facilitates (D)DOS attacks by someone sending lots of crap auth. requests until the OOM process killer kicks in. there's an easy workaround by changing /etc/default/saslauthd Code: OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r" to Code: OPTIONS="-n 0 -c -m /var/spool/postfix/var/run/saslauthd -r" adding "-n 0" effectively prevents the saslauthd daemon from using thread processes by using forks instead. ( on 1 of my servers it used up 8GB and 16GB swap.... which was freed up instantaneously upon changing the config and invoking /etc/init.d/saslauthd restart ) if anybody has a better solution.. feel free to post my 5 cents
(bump) Still a problem on Debian Squeeze Recently ran into this problem on a "Prefect Server" built on Squeeze. So, thanks again for the solution ;-)
Thank you, this is indeed still a problem with the current version on Debian Squeeze. Look at the yearly memory graph, it is very interesting. The server stalled when the committed memory exceeded the available physical RAM (8GB) plus swap (2GB). This leak went unnoticed (*blush*) for one year to crash at last. I found the culprit by adding another graph showing memory usage by process. Problem now solved with the no-thread option.
Hmm. I don't have a /etc/default/saslauthd file, but I am using ISPConfig aand Postfix and I do see sasl auths going on in my mail.log so I mus be using it. Is there an alternate location it might be in? Thanks!
If you use dovecot, then postfix is authenticating against dovecot and not saslauthd. saslauthd is used on courier setups.
