Mats Luspa: > > Yes, apparmor is used. But I'm not an expert in configuring apparmor. > But maybe something there is preventing the linux-container to read > some part of the file system that affects postfix. > > I must check it.
Meanwhile, I have added logging to the mail_command_client() function so that it logs why the bounce request is deferred. Wietse --- /var/tmp/postfix-3.1-20150208/src/global/mail_command_client.c 2014-12-14 13:22:05.000000000 -0500 +++ ./mail_command_client.c 2015-02-14 20:37:34.000000000 -0500 @@ -52,6 +52,7 @@ /* Utility library. */ #include <vstream.h> +#include <msg.h> /* Global library. */ @@ -67,16 +68,26 @@ /* * Talk a little protocol with the specified service. + * + * This function is used for non-critical services where it is OK to back + * off after the first error. Log what communication stage failed, to + * facilitate trouble analysis. */ - if ((stream = mail_connect(class, name, BLOCKING)) == 0) + if ((stream = mail_connect(class, name, BLOCKING)) == 0) { + msg_warn("connect to %s/%s: %m", class, name); return (-1); + } va_start(ap, name); status = attr_vprint(stream, ATTR_FLAG_NONE, ap); va_end(ap); - if (status != 0 - || attr_scan(stream, ATTR_FLAG_STRICT, - RECV_ATTR_INT(MAIL_ATTR_STATUS, &status), 0) != 1) + if (status != 0) { + msg_warn("write %s: %m", VSTREAM_PATH(stream)); status = -1; + } else if (attr_scan(stream, ATTR_FLAG_STRICT, + RECV_ATTR_INT(MAIL_ATTR_STATUS, &status), 0) != 1) { + msg_warn("read %s: %m", VSTREAM_PATH(stream)); + status = -1; + } (void) vstream_fclose(stream); return (status); }