[pfx] Re: FYI Debian Trixie Networking Issue

Tue, 26 Aug 2025 14:22:15 -0700

Kind of you to reply and hah looks like I wasn't as clever with my redaction as I thought I'd been.
Postfix DNS is indeed unable to look up anything, including my LMTP server (but clearly the OS can as you'll see below). 


The server is basically stock Debian 13 (as it was before with stock 
Debian 12) apart from installing postfix, postfix-pcre, 
postfix-policyd-spf-python and configuration of the Postfix config files 
(tar'd on 12 and untar'd into 13).


Around when I powered the server back up I have since found:

Aug 26 15:09:26 SMTP dhcpcd[701]: eth0: leased 10.0.0.XX for 86400 seconds
Aug 26 15:09:26 SMTP dhcpcd[701]: eth0: adding route to 10.0.0.0/24
Aug 26 15:09:26 SMTP dhcpcd[701]: eth0: adding default route via 10.0.0.XX

Aug 26 15:09:26 SMTP systemd[1]: Started systemd-timesyncd.service - 
Network Time Synchronization.
Aug 26 15:09:28 SMTP systemd-timesyncd[974]: Contacted time server 
192.168.0.XX:123 (0.debian.pool.ntp.org).
Aug 26 15:09:28 SMTP systemd-timesyncd[974]: Initial clock 
synchronization to Tue 2025-08-26 15:09:28.075139 BST.
*Aug 26 15:09:28 SMTP postfix[1037]: postfix/postlog: warning: 
/var/spool/postfix/etc/resolv.conf and /etc/resolv.conf differ
Aug 26 15:09:28 SMTP postfix/postfix-script[1037]: warning: 
/var/spool/postfix/etc/resolv.conf and /etc/resolv.conf differ*
Aug 26 15:09:29 SMTP postfix/master[1211]: daemon started -- version 
3.10.3, configuration /etc/postfix
Aug 26 15:09:29 SMTP systemd[1]: Started postfix.service - Postfix Mail 
Transport Agent (main/default instance).
Aug 26 15:09:29 SMTP systemd[1]: Reached target multi-user.target - 
Multi-User System.
Aug 26 15:09:29 SMTP systemd[1]: Reached target graphical.target - 
Graphical Interface.
Aug 26 15:09:29 SMTP systemd[1]: Startup finished in 5.790s (kernel) + 
27.858s (userspace) = 33.649s.

Aug 26 15:10:05 SMTP kernel: hv_balloon: Max. dynamic memory size: 2048 MB

Aug 26 15:10:19 SMTP postfix/submissions/smtpd[1280]: connect from 
unknown[XX.XX.XX.XX]
Aug 26 15:10:20 SMTP postfix/submissions/smtpd[1280]: Anonymous TLS 
connection established from unknown[XX.XX.XX.XX]: TLSv1.3 with cipher 
TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange x25519 
server-signature ECDS>
Aug 26 15:10:20 SMTP postfix/submissions/smtpd[1280]: warning: host or 
service [LMTP.home.arpa]:12345 not found: Temporary failure in name 
resolution
Aug 26 15:10:20 SMTP postfix/submissions/smtpd[1280]: warning: SASL: 
Connect to Dovecot auth socket 'inet:[LMTP.home.arpa]:12345' failed: 
Cannot assign requested address
Aug 26 15:10:20 SMTP postfix/submissions/smtpd[1280]: fatal: no SASL 
authentication mechanisms



I think what's troubling is that it doesn't recover until the service is 
restarted (reload isn't enough).



Looks like it's exactly as you suspected "is the file 
/var/spool/postfix/etc/resolv.conf up-to-date BEFORE Postfix is 
started?" it would appear not.


For completeness, as you requested:

   root@SMTP:~# postconf -F smtp/inet/chroot smtp/inet/chroot = y

   root@SMTP:~# postconf -F submissions/inet/chroot
   submissions/inet/chroot = y


Running Postfix chrooted on Linux is like fighting windmills. Don't 

waste your time on that.


Agree it's not optimal in its current state.. As a Postfix novice I 
simply went for whatever Debian by default suggested in the hope they 
knew better than me and by default in Debian 12 (and 13) it's chrooted :-).



I presume there's some sort of race condition between DHCP setting the 
DNS server and chroot taking a snapshot of the resolv.conf that contains 
it as it fires up Postfix... network-online might be sensible in my 
environment or as you suggested just abandoning the chroot.



Just rebooted and did this to confirm and as usual it looks like you're 
spot on:


   root@SMTP:~# cat /var/spool/postfix/etc/resolv.conf
   # Generated by dhcpcd
   # /etc/resolv.conf.head can replace this line
   # /etc/resolv.conf.tail can replace this line

   root@SMTP:~# cat /etc/resolv.conf
   # Generated by dhcpcd from eth0.dhcp
   # /etc/resolv.conf.head can replace this line
   domain home.arpa
   nameserver 10.0.0.XX
   # /etc/resolv.conf.tail can replace this line


Not familiar with this issue on Debian 12 but perhaps Debian 13 is just 
too efficient at starting up that this suddenly appeared.



So the prior debian.bugs.org discussion is incorrect about Postfix not 
needing networking early, if one is using DHCP assigned DNS servers and 
needs the network to settle before starting a chroot'd Postfix... if 
using static DNS servers it's probably fine.



I can play with Systemd from here on - definitely going to see more 
people Googling "Cannot assign requested address" and "Temporary failure 
in name resolution" with Debian 13.


Kind Regards, Matthew

On 26/08/2025 20:54, Wietse Venema via Postfix-users wrote:

Matthew via Postfix-users:

     Aug 26 19:01:51 SMTP postfix/smtpd[2101]: connect from
     unknown[XX.XX.XX.XX]
     Aug 26 19:01:52 SMTP postfix/smtpd[2101]: Anonymous TLS connection
     established from unknown[XX.XX.XX.XX]: TLSv1.2 with cipher
     ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)

Clearly, this VM has external connectivity. Assuming that the client
is 77.200.232.68 (see next logfile record), DNS is unable to look
up the name for that IP address (mta.mail.which.co.uk).


     Aug 26 19:01:52 SMTP postfix/smtpd[2101]: warning:
     77.200.232.68.zen.spamhaus.org: RBL lookup error: Host or domain
     name not found. Name service error for
     name=XX.XX.XX.XX.zen.spamhaus.org type=A: Host not found, try again
     Aug 26 19:01:52 SMTP postfix/smtpd[2101]: warning:
     77.200.232.68.bl.spamcop.net: RBL lookup error: Host or domain name
     not found. Name service error for name=XX.XX.XX.XX.bl.spamcop.net
     type=A: Host not found, try again

We already know that DNS is borked, and that the VM has external
connectivity.

What DNS resolver are you using? Can you use a better one?
Avoid the ones that are optimized for desktop users.

Are you running Postfix smtpd chrooted? Report output from:

     postconf -F smtp/inet/chroot
     postconf -F submissions/inet/chroot

If chrooted, does the problem go away if you turn off chroot?

     postconf -F '*/inet/chroot=n'
     postfix reload

If chrooted, is the file /var/spool/postfix/etc/resolv.conf up-to-date
BEFORE Postfix is started?

Running Postfix chrooted on Linux is like fighting windmills. Don't
waste your time on that.

        Wietse
_______________________________________________
Postfix-users mailing list --postfix-users@postfix.org
To unsubscribe send an email topostfix-users-le...@postfix.org
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org






















					Reply via email to