Single-end Unix sockets

[Leo Gaspard]

Hello,

tl;dr: Postfix keeps open unix sockets that seem useless to me. Why?
First note I am new to postfix, so I may be wrongly interpreting some 
commands; but using it on a VPS with a limit of 500 non-TCP sockets 
triggered the limit. So I tried to search why it is using so many sockets.

It currently uses 65 unix-domain sockets:

# ss -exmp | grep master | wc -l
65

Among these, two are shared with other processes:

# ss -exmp | grep master
[...]
u_str  ESTAB      0      0                    * 329917704               
* 0 users:(("qmgr",5104,5),("master",5093,33))
[...]
u_str  ESTAB      0      0                    * 329917708               
* 0 users:(("tlsmgr",5315,5),("master",5093,36))
[...]

The 63 others are all (almost) the same line:

# ss -exmp | grep master
u_str  ESTAB      0      0                    * 329917676               
* 0       users:(("master",5093,15))
u_str  ESTAB      0      0                    * 329917677               
* 0       users:(("master",5093,16))
u_str  ESTAB      0      0                    * 329917685               
* 0       users:(("master",5093,19))
[...]

This line seems weird to me: it is a socket with a connection that is 
established, but used only by "master".

Now looking at netstat's output:

# netstat -anx --program | grep "5093/master"
unix  2      [ ACC ]     STREAM     LISTENING     329917757 
5093/master         private/retry
[... Normal sockets associated to a file]
unix  2      [ ACC ]     STREAM     LISTENING     329917753 
5093/master         private/error
unix  3      [ ]         STREAM     CONNECTED     329917808 5093/master
unix  3      [ ]         STREAM     CONNECTED     329917807 5093/master
unix  3      [ ]         STREAM     CONNECTED     329917804 5093/master
unix  3      [ ]         STREAM     CONNECTED     329917803 5093/master
unix  3      [ ]         STREAM     CONNECTED     329917800 5093/master
unix  3      [ ]         STREAM     CONNECTED     329917799 5093/master
unix  3      [ ]         STREAM     CONNECTED     329917796 5093/master
unix  3      [ ]         STREAM     CONNECTED     329917795 5093/master
[... This goes on for a number of lines]
unix  3      [ ]         STREAM     CONNECTED     329917676 5093/master
unix  2      [ ]         DGRAM                    329917651 5093/master

# # Getting more precisely the number of sockets not associated to files

# netstat -anx --program | grep "5093/master[[:space:]]*$" | wc -l
65

So I guess the 65 sockets without file listed by netstat are the same as 
the 63+2 sockets listed by ss.

Which means 63 sockets are open by master, yet are neither reachable 
through a file nor currently used by any process.

Finally, it is not even pre-reserving sockets so as not to have to 
allocate new ones after startup:

# postconf -nf
[...]
default_process_limit = 1
[...]

# postconf -Mf
smtp       inet  n       -       -       -       -       smtpd
[... Summing the last digits (with a 1 instead of a -) yields 28]

So postfix would need at most 28 sockets to communicate, should all the 
processes be started at the same time. Thus not needing 65.

There are still two reasons why sockets could be needed: authentication 
is managed through dovecot, and user and domain management is managed 
through mysql. However, I still could not understand why 63 sockets 
should just lie around, neither bound nor bindable to.

Is there a reason unknown to me, why these sockets exist? (they are 
re-created after a postfix reboot)

Thanks in advance,

Leo Gaspard