On Mon, Dec 23, 2024, at 08:37, Laura Smith wrote: > Sent with Proton Mail secure email. > > On Monday, 23 December 2024 at 12:23, Adam Nielsen > <a.niel...@shikadi.net> wrote: > >> But what's the underlying issue? Maybe there's a different fix? > > Its been a while so I can't remember the exact details, but I know its > to do with Postfix. > > Postfix creates a copy (not symlink) of /etc/resolv.conf in its > /var/spool/postfix jail. > > If the jail file contains 127.0.0.53 email is broken. If changed to > 127.0.0.54 email works. > > As I said, its been a long time, but IIRC the underlying reason is > something to do with DNNSEC validation and systemd-resolved breaks it > with the 127.0.0.53 proxy.
It's probably DANE validation failing when systemd-resolved doesn't handle DNSSEC in the way that Postfix expects. The simplest fix is to set "DNSSEC=no" in /etc/systemd/resolved.conf.
