Hi,
Just wanted to report that since migrating from Debian 12 (bookworm) to
Debian 13 (trixie) with very little config changes that I am
intermittently experiencing issues on VM boot where Postfix (version
3.10.3-2) starts-up but gets in a weird state where it cannot properly
speak on the network (DNS fails, "Cannot assign requested address").
Restarting Postfix instantly clears it.
I suspected the issue is in systemd, so looked in
"/usr/lib/systemd/system/postfix.service" and
"/usr/lib/systemd/system/postfix@.service" and I found there's actually
been a discussion about this already:
After=network.target nss-lookup.target
# network-online.target is a semi-working work-around for specific
# network_interfaces, https://bugs.debian.org/854475#126
# Please add local override wanting network-online.target or
# systemd-networkd-wait-online@INTERFACE:no-carrier.service
#After=network-online.target
#Wants=network-online.target
The discussion is in https://bugs.debian.org/854475#126 and it's clear
the comment expects me to modify the file to uncomment it if I feel it
necessary (I suspect it is).
From what I can make out in the online discourse there's an assumption
if I was using static interfaces and DNS servers it would probably work
seamlessly.
"I don't think we'd need network-online.target, there is nothing in
most postfix configurations that actually needs network access to
work on startup."
In my instance this isn't true, I use LMTP to deliver mail and Postfix
must try immediately to resolve/reach this (and/or it seems to hold onto
an empty DNS server list).
For me default configuration didn't work, suspect I'm not the only one
so I'll paste the sort of log lines you get so others searching can find
this too:
Aug 26 19:01:51 SMTP postfix/smtpd[2101]: connect from
unknown[XX.XX.XX.XX]
Aug 26 19:01:52 SMTP postfix/smtpd[2101]: Anonymous TLS connection
established from unknown[XX.XX.XX.XX]: TLSv1.2 with cipher
ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)
Aug 26 19:01:52 SMTP postfix/smtpd[2101]: warning:
77.200.232.68.zen.spamhaus.org: RBL lookup error: Host or domain
name not found. Name service error for
name=XX.XX.XX.XX.zen.spamhaus.org type=A: Host not found, try again
Aug 26 19:01:52 SMTP postfix/smtpd[2101]: warning:
77.200.232.68.bl.spamcop.net: RBL lookup error: Host or domain name
not found. Name service error for name=XX.XX.XX.XX.bl.spamcop.net
type=A: Host not found, try again
Aug 26 19:01:53 SMTP policyd-spf[2106]: spfcheck: pyspf result:
"['None', '', 'helo']"
Aug 26 19:01:53 SMTP policyd-spf[2106]: None; identity=helo;
client-ip=XX.XX.XX.XX; helo=mta.mail.XX.co.uk;
envelope-from=x...@bounce.mail.xx.co.uk; receiver=matthew1471.co.uk
Aug 26 19:01:53 SMTP policyd-spf[2106]: spfcheck: pyspf result:
"['Pass', 'sender SPF authorized', 'mailfrom']"
Aug 26 19:01:53 SMTP policyd-spf[2106]: Pass; identity=mailfrom;
client-ip=XX.XX.XX.XX; helo=mta.mail.XX.co.uk;
envelope-from=x...@bounce.mail.xx.co.uk; receiver=matthew1471.co.uk
Aug 26 19:01:53 SMTP policyd-spf[2106]: : prepend Received-SPF: Pass
(mailfrom) identity=mailfrom; client-ip=XX.XX.XX.XX;
helo=mta.mail.XX.co.uk; envelope-from=x...@bounce.mail.xx.co.uk;
receiver=matthew1471.co.uk
Aug 26 19:01:53 SMTP postfix/smtpd[2101]: NOQUEUE: reject: RCPT from
unknown[XX.XX.XX.XX]: 450 4.1.8 <x...@bounce.mail.xx.co.uk>: Sender
address rejected: Domain not found; from=<x...@bounce.mail.xx.co.uk>
to=<x...@matthew1471.co.uk> proto=ESMTP helo=<mta.mail.XX.co.uk>
Aug 26 19:01:53 SMTP postfix/smtpd[2101]: disconnect from
unknown[XX.XX.XX.XX] ehlo=2 starttls=1 mail=1 rcpt=0/1 quit=1
commands=5/6
and
Aug 26 19:02:39 SMTP postfix/submissions/smtpd[2110]: connect from
unknown[XX.XX.XX.XX]
Aug 26 19:02:40 SMTP postfix/submissions/smtpd[2110]: Anonymous TLS
connection established from unknown[XX.XX.XX.XX]: TLSv1.3 with
cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange x25519
server-signature ECDSA (secp384r1) server-digest SHA384
Aug 26 19:02:40 SMTP postfix/submissions/smtpd[2110]: warning: host
or service [LMTP.home.arpa]:12345 not found: Temporary failure in
name resolution
Aug 26 19:02:40 SMTP postfix/submissions/smtpd[2110]: warning: SASL:
Connect to Dovecot auth socket 'inet:[LMTP.home.arpa]:12345' failed:
Cannot assign requested address
Aug 26 19:02:40 SMTP postfix/submissions/smtpd[2110]: fatal: no SASL
authentication mechanisms
I will try with network-online.target.
Kind Regards,
Matthew
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
