Mats Luspa:
>
> Yes, apparmor is used. But I'm not an expert in configuring apparmor.
> But maybe something there is preventing the linux-container to read
> some part of the file system that affects postfix.
>
> I must check it.
Meanwhile, I have added logging to the mail_command_client() function
so that it logs why the bounce request is deferred.
Wietse
--- /var/tmp/postfix-3.1-20150208/src/global/mail_command_client.c
2014-12-14 13:22:05.000000000 -0500
+++ ./mail_command_client.c 2015-02-14 20:37:34.000000000 -0500
@@ -52,6 +52,7 @@
/* Utility library. */
#include <vstream.h>
+#include <msg.h>
/* Global library. */
@@ -67,16 +68,26 @@
/*
* Talk a little protocol with the specified service.
+ *
+ * This function is used for non-critical services where it is OK to back
+ * off after the first error. Log what communication stage failed, to
+ * facilitate trouble analysis.
*/
- if ((stream = mail_connect(class, name, BLOCKING)) == 0)
+ if ((stream = mail_connect(class, name, BLOCKING)) == 0) {
+ msg_warn("connect to %s/%s: %m", class, name);
return (-1);
+ }
va_start(ap, name);
status = attr_vprint(stream, ATTR_FLAG_NONE, ap);
va_end(ap);
- if (status != 0
- || attr_scan(stream, ATTR_FLAG_STRICT,
- RECV_ATTR_INT(MAIL_ATTR_STATUS, &status), 0) != 1)
+ if (status != 0) {
+ msg_warn("write %s: %m", VSTREAM_PATH(stream));
status = -1;
+ } else if (attr_scan(stream, ATTR_FLAG_STRICT,
+ RECV_ATTR_INT(MAIL_ATTR_STATUS, &status), 0) != 1) {
+ msg_warn("read %s: %m", VSTREAM_PATH(stream));
+ status = -1;
+ }
(void) vstream_fclose(stream);
return (status);
}
