Hello World,
I'm running Postfix 3.6.4 in a container on Alpine 3.15 main. After
a bit of time, I'm starting to get error messages like that:
#v+
Mar 17 13:24:40 servername postfix/postscreen[164]: CONNECT from
[167.248.133.120]:52756 to [172.17.13.3]:25
Mar 17 13:24:40 servername postfix/proxymap[166]: panic: dict_open: attempt to open
lmdb:/var/lib/postfix/postscreen_cache with both "open" lock and "access" lock
Mar 17 13:24:41 servername postfix/master[1]: warning: process
/usr/libexec/postfix/proxymap pid 166 killed by signal 6
Mar 17 13:24:41 servername postfix/master[1]: warning:
/usr/libexec/postfix/proxymap: bad command startup -- throttling
Mar 17 13:24:48 servername postfix/postscreen[164]: fatal: watchdog timeout
#v-
I verified that these are the first messages since container startup
that indicate a problem by using:
#v+
journalctl CONTAINER_NAME=postfix_postfix_1 -o cat | egrep
'(warning|error|fatal|panic):'
#v-
Output of postconf -n is below - I'll happily provide further details.
I'm not running any of the postfix programs in a chroot, so I guess
I can simply drop the access by proxy. I also believe that I might be
fine without persistence for the postscreen cache.
However, if there is another fix, I'd be glad to hear about that.
Thanks,
Stefan
address_verify_map = proxy:lmdb:${data_directory}/verify_cache
alias_database = lmdb:/etc/postfix/maps/aliases
alias_maps = lmdb:/etc/postfix/maps/aliases
allow_percent_hack = no
biff = no
compatibility_level = 3.6
confirm_delay_cleared = yes
delay_warning_time = 1h
general_smtpd_restrictions = reject_non_fqdn_sender, reject_non_fqdn_recipient,
reject_unlisted_sender, reject_unlisted_recipient,
reject_unknown_sender_domain, reject_unknown_recipient_domain,
check_recipient_access lmdb:${maps_dir}/verify_recipients, check_sender_access
lmdb:${maps_dir}/verify_senders, check_policy_service inet:dovecot:25001
header_checks = pcre:${maps_dir}/header_checks.pcre
inet_interfaces = all
maillog_file = /dev/stdout
maps_dir = /etc/postfix/maps
maximal_queue_lifetime = 14d
message_size_limit = 26214400
milter_default_action = accept
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
milter_protocol = 6
myhostname = servername.example.com
parent_domain_matches_subdomains =
postscreen_access_list = permit_mynetworks, cidr:${maps_dir}/relay_clients.cidr
postscreen_cache_map = proxy:lmdb:$data_directory/postscreen_cache
postscreen_greet_action = enforce
proxy_interfaces = 65.108.140.253, [2a01:4f9:1a:90c5::2]
recipient_delimiter = +
relayhost =
smtp_address_preference = ipv6
smtp_dns_support_level = dnssec
smtp_generic_maps = regexp:${maps_dir}/smtp_generic.regexp
smtp_sasl_tls_security_options = noanonymous
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_loglevel = 1
smtp_tls_security_level = dane
smtp_tls_session_cache_database = lmdb:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP
smtpd_client_connection_count_limit = 20
smtpd_client_restrictions = ${stress?reject_unknown_client_hostname}
smtpd_data_restrictions = reject_multi_recipient_bounce,
reject_unauth_pipelining
smtpd_discard_ehlo_keywords = silent-discard, dsn
smtpd_helo_required = yes
smtpd_milters = inet:rspamd:11332
smtpd_recipient_restrictions = check_client_access
cidr:${maps_dir}/hard_blacklist.cidr, check_recipient_access
lmdb:${maps_dir}/recipient_access, $general_smtpd_restrictions
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,
check_client_access cidr:${maps_dir}/relay_clients.cidr,
reject_unauth_destination
smtpd_sasl_path = inet:dovecot:12345
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /srv/ssl/live/servername.example.com-rsa/fullchain.pem
smtpd_tls_dh1024_param_file = /srv/dh/dh_4096.pem
smtpd_tls_dh512_param_file = /srv/dh/dh_512.pem
smtpd_tls_eccert_file = /srv/ssl/live/servername.example.com-ecdsa/fullchain.pem
smtpd_tls_eckey_file = /srv/ssl/live/servername.example.com-ecdsa/privkey.pem
smtpd_tls_key_file = /srv/ssl/live/servername.example.com-rsa/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtputf8_enable = yes
submission_hostname = mail.example.com
submission_smtpd_recipient_restrictions = check_sasl_access
lmdb:${maps_dir}/sasl_access, $general_smtpd_restrictions
submission_tls_preempt_cipherlist = yes
swap_bangpath = no
unverified_recipient_reject_code = 550
unverified_sender_reject_code = 550
virtual_alias_domains = example.net
virtual_alias_maps = lmdb:${maps_dir}/virtual_aliases
virtual_mailbox_domains = lmdb:${maps_dir}/virtual_mailbox_domains
virtual_transport = lmtp:inet:dovecot:10025
