Loading ...
Sorry, an error occurred while loading the content.

postfix chroot problem

Expand Messages
  • Paul Bliss
    Sorry that my question was not propperly formatted before. Here s another shot at it. ERROR MESSAGE: ****** Feb 23 13:03:41 [postfix/smtp] warning: no MX host
    Message 1 of 2 , Feb 28, 2006
    • 0 Attachment
      postfix chroot problem

      Sorry that my question was not propperly formatted before. Here's another shot at it.


      ERROR MESSAGE:
      ******
      Feb 23 13:03:41 [postfix/smtp] warning: no MX host for mechno.com has a valid A record
      Feb 23 13:03:41 [postfix/smtp] ECC4240EB8: to=<pbliss@...>, relay=none, delay=1, status=bounced ([mail.jojosarfo.org]: Name o

      r service not known)
      ******

      This is what it logged when I attempted when I tried to send mail to pbliss@..., but yielded similar results for any outgoing mail.

      To me, this indicates that the system is able to look up the MX record, but when it attempts to look up the A record of the resulting MX record, it fails.

      smtp started working correctly, though, when I turned off the 'chroot' option in master.cf

      I definitely want smtp running chroot'ed, but don't know how to address the a record lookup issue.
      If anyone is able to give me a hand I would really appreciate it.

      ******OUTPUT FROM POSTFINGER *****
      --System Parameters--
      mail_version = 2.1.5
      hostname = server
      uname = Linux isp1 2.6.5 #1 SMP Tue Apr 27 16:51:31 EDT 2004 i686 GNU/Linux

      --Packaging information--
      No packages found matching diversion.
      No packages found matching by.
      No packages found matching from.
      looks like this postfix comes from deb package: diversion by postfix-tls from-2.1.5-5

      --main.cf non-default parameters--
      alias_maps = hash:/etc/aliases
      biff = no
      bounce_queue_lifetime = 1d
      broken_sasl_auth_clients = yes
      disable_vrfy_command = yes
      mailbox_size_limit = 73000000
      maximal_queue_lifetime = 1d
      message_size_limit = 15000000
      mydestination = A.A.net, localhost, localhost.localdomain
      mynetworks = 127.0.0.0/8        DDD.DDD.DDD.DDD/19  DDD.DDD.DDD.0/21 DDD.DDD.DDD.0/19  DDD.DDD.DDD.0/20        DDD.DDD.DDD.0/20

      myorigin = /etc/mailname
      smtp_defer_if_no_mx_address_found = yes
      smtp_tls_note_starttls_offer = yes
      smtp_use_tls = yes
      smtpd_banner = $myhostname ESMTP Server
      smtpd_etrn_restrictions = reject
      smtpd_helo_required = yes
      smtpd_recipient_limit = 100
      smtpd_recipient_restrictions = reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, check_recipient_access hash:/etc/postfix/recipient_checks, check_sender_access hash:/etc/postfix/sender_checks, check_client_access hash:/etc/postfix/client_checks, reject_unauth_destination

      smtpd_sasl_auth_enable = yes
      smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
      smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
      smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
      smtpd_tls_loglevel = 1
      smtpd_tls_received_header = yes
      smtpd_use_tls = yes
      tls_daemon_random_source = dev:/dev/urandom
      tls_random_source = dev:/dev/urandom

      --master.cf--
      smtp      inet  n       -       -       -       -       smtpd
      pickup    fifo  n       -       -       60      1       pickup
      cleanup   unix  n       -       -       -       0       cleanup
      qmgr      fifo  n       -       -       300     1       qmgr
      rewrite   unix  -       -       -       -       -       trivial-rewrite
      bounce    unix  -       -       -       -       0       bounce
      defer     unix  -       -       -       -       0       bounce
      flush     unix  n       -       -       1000?   0       flush
      proxymap  unix  -       -       n       -       -       proxymap
      smtp      unix  -       -       -       -       -       smtp
      relay     unix  -       -       -       -       -       smtp
      showq     unix  n       -       -       -       -       showq
      error     unix  -       -       -       -       -       error
      local     unix  -       n       n       -       -       local
      virtual   unix  -       n       n       -       -       virtual
      lmtp      unix  -       -       n       -       -       lmtp
      maildrop  unix  -       n       n       -       -       pipe
        flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
      cyrus     unix  -       n       n       -       -       pipe
        flags=R user=cyrus argv=/usr/sbin/cyrdeliver -e -m "${extension}" ${user}
      uucp      unix  -       n       n       -       -       pipe
        flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
      ifmail    unix  -       n       n       -       -       pipe
        flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
      bsmtp     unix  -       n       n       -       -       pipe
        flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender $recipient
      scalemail-backend unix  -       n       n       -       2       pipe
        flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
      trace     unix  -       -       -       -       0       bounce
      verify    unix  -       -       -       -       1       verify

      -- end of postfinger output --


      Once again, I appeciate your time immensely and hope that you can help me to shed light on my problem.

      Sincerely,
       Paul

    • Victor Duchovni
      ... This is correct, the MX lookup yields results, but the hosts in question have no A records in DNS. One difference between the MX lookups and the subsequent
      Message 2 of 2 , Feb 28, 2006
      • 0 Attachment
        On Tue, Feb 28, 2006 at 09:15:16AM -0500, Paul Bliss wrote:

        > Sorry that my question was not propperly formatted before. Here's another shot at it.
        >
        >
        > ERROR MESSAGE:
        > ******
        > Feb 23 13:03:41 [postfix/smtp] warning: no MX host for mechno.com has a valid A record
        > Feb 23 13:03:41 [postfix/smtp] ECC4240EB8: to=<pbliss@...>, relay=none, delay=1, status=bounced ([mail.jojosarfo.org]: Name o
        > r service not known)
        > ******
        >
        > This is what it logged when I attempted when I tried to send mail to pbliss@..., but yielded similar results for any outgoing mail.
        > To me, this indicates that the system is able to look up the MX record, but when it attempts to look up the A record of the resulting MX record, it fails.

        This is correct, the MX lookup yields results, but the hosts in question
        have no A records in DNS. One difference between the MX lookups and the
        subsequent "A" lookups, is that the "A" lookups don't disable the domain
        search list. So with:

        example.com. IN MX 0 host.example.com

        and

        /etc/resolv.conf:
        search example.net example.org
        nameserver 127.0.0.1

        The "A" lookups will be:

        host.example.com.example.net. IN A ?
        host.example.com.example.org. IN A ?
        host.example.com. IN A ?

        Perhaps your search path in the chroot jail lists domains which don't work
        (lookups return SERVFAIL rather than NXDOMAIN). Does the resolv.conf
        in chroot jail match /etc/resolv.conf, is the chroot jail resolv.conf
        world-readable?

        > smtp started working correctly, though, when I turned off the 'chroot'
        > option in master.cf

        So DNS A lookups work outside the chroot jail, see above.

        > --main.cf non-default parameters--

        No smtp_host_lookup override...

        > --master.cf--
        > smtp unix - - - - - smtp
        > relay unix - - - - - smtp

        No master.cf "-o" options.

        > -- end of postfinger output --
        >
        >
        > Once again, I appeciate your time immensely and hope that you can help me to shed light on my problem.

        If all else fails, write a test program that chroots into the Postfix
        jail, drops root privs (becomes "postfix") and does DNS lookups... Do
        "A" lookups with RES_DEFNAMES and without RES_DEFNAMES, do "MX" lookups
        without RES_DEFNAMES. Report the results.

        --
        Viktor.

        Disclaimer: off-list followups get on-list replies or get ignored.
        Please do not ignore the "Reply-To" header.

        To unsubscribe from the postfix-users list, visit
        http://www.postfix.org/lists.html or click the link below:
        <mailto:majordomo@...?body=unsubscribe%20postfix-users>

        If my response solves your problem, the best way to thank me is to not
        send an "it worked, thanks" follow-up. If you must respond, please put
        "It worked, thanks" in the "Subject" so I can delete these quickly.
      Your message has been successfully submitted and would be delivered to recipients shortly.