On Wed, May 28, 2025 at 03:14:32AM +0200, Daniel Roesen via Postfix-users wrote:
> Postfix fails to start up due to inability to deal with inet_interface =
> $myhostname resolving to (also) IPv6 link-local address(es):
>
> postfix/postfix-script[1200]: starting the Postfix mail system
> postfix/master[1202]: fatal: bind fe80::20c:29ff:fec7:e39f port 25: Invalid
> argument
> postfix/master[1201]: fatal: daemon initialization failure -- see logs for
> details
> postfix/postfix-script[1203]: fatal: mail system startup failed
There is no current or planned support for scoped IPv6 addresses.
> Back in October 2024, Fedora Linux changed the /etc/nsswitch.conf
> setting for hosts to:
>
> hosts: files myhostname resolve [!UNAVAIL=return] dns
This is the core problem, and you should consider the symptoms a
blessing, because the [!UNAVAIL=return] turns all 4XX lookup
failures into hard errors, making email delivery unreliable.
With prejudice, you need to adjust your nsswitch.conf to be
server-appropriate. I have:
hosts: myhostname files dns
See: https://marc.info/?l=postfix-users&m=171381526626315&w=2
but I also have:
$ postconf inet_interfaces
inet_interfaces = all
which means that the lookup in question does not arise when determining
the addresses to listen on. If that's what you need, also drop
"myhostname".
> When investigating, I found some discussion with nss-myhostname's
> author (L. Poettering) that seems to indicate that this behaviour
> is intentional. Debian ran into a similar problem around 2013 with
> their ping6, and Lennart (author of NSS myhostname) confirmed returning
> LL addresses is intentional:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705900#128
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705900#178
>
> Postfix cannot deal with link-local according to the code in
> src/global/own_inet_addr.c I looked at. It doesn't expect link-local
> addresses get returned, has no provisions for dealing with address
> scopes so subsequent binding to those addresses fails due to missing
> address scope I guess.
You need to fix nsswitch.conf anyway, may as well make it fit for
purpose.
--
Viktor.
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
