> So, the complete error message would be : > > "I made DNS queries with type A and AAAA for the name > another-example.com.mail.protection.outlook.com. All queries > failed. The last query that failed had type AAAA. The last error > was "name exists but there is no AAAA record". > > But we reall don't want to send THAT in an email bounce message. > > > I wonder if beyond this bouncing the smtp uses then IPv4 and sends the > > messages anyway. Please could you clarify this for me? > > All A and AAAA queries failed.
Sergio Belkin: > > Thanks Wietse for your answer > > Is quite interesting that I find the following in logs: > Dec 2 23:53:09 muteriver postfix/smtp[28063]: warning: no MX host for > another-example.com has a valid address record Indeed, these details are not revealed in the bounce message but can be found in Postfix logs. > And then: > > Dec 2 23:53:09 muteriver postfix/smtp[28063]: ED1CF1813C56F: to=< > apere...@another-example.com>, relay=none, delay=5.9, delays=0.17/0/5.8/0, > dsn=5.4.4, status=bounced (Host or domain name not found. Name service > error for name=another-example.com.mail.protection.outlook.com type=AAAA: > Host found but no data record of requested type) > > and finally: > > Dec 2 23:53:10 muteriver postfix/qmgr[1528]: ED1CF1813C56F: removed > > That last line led me to wonder if the message was finally sent... The message ED1CF1813C56F is deleted ONLY after Postfix successfully injects the non-delivery notifcation into the Postfix mail queue. > If I try to resolve another-example.com.mail.protection.outlook.com > manually on the mail server works fine with IPv4. > > What do you think? What comes to mind: 1) You ran the command as root, and the Postfix SMTP client does not run as root. Name resution fails when the necessary files are not accessible. 2) You ran the command outside the Postfix chroot jail, and the Postfix SMTP client runs inside the Postfix chroot jail. Name resolution fails inside the chroot jail when files are missing, have wrong permissions, or have wrong contents. 3) Some "security" configuration is breaking Postfix. For exammple SeLiux or AppArmor. 4) Some other permisssion or configuration problem. To find out if name resolution fails due to missing files or bad permissions, run the Postfix SMTP client under strace as described in http://www.postfix.org/DEBUG_README.html Wietse
