Stefan Foerster: > Hello world, > > in a containerized setup I noticed a bad command startup if the AUTH > socket is not available (i.e. the container is down): > > $ postconf smtpd_sasl_path > smtpd_sasl_path = inet:dovecot:12345 > > #v+ > postfix/submission/smtpd[156]: connect from > client.example.com[xxxx:xxx:xx:xxxx::3] > postfix/submission/smtpd[156]: Anonymous TLS connection established from > pharmakeia.incertum.net[xxxx:xxx:xx:xxxx::x]: TLSv1.3 with cipher > TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature > ECDSA (P-256) server-digest SHA256 > postfix/submission/smtpd[156]: warning: host or service dovecot:12345 not > found: Name does not resolve > postfix/submission/smtpd[156]: warning: SASL: Connect to Dovecot auth socket > 'inet:dovecot:12345' failed: Address not available > postfix/submission/smtpd[156]: fatal: no SASL authentication mechanisms > postfix/master[1]: warning: process /usr/libexec/postfix/smtpd pid 156 exit > status 1 > postfix/master[1]: warning: /usr/libexec/postfix/smtpd: bad command startup > -- throttling > #v- > > I'm not sure if that's intentional behaviour, if so, please ignore me. > > But even the submission service might have e.g. an IP whitelist which > would mean the service could accept mails without needing to contact > dovecot at all, so perhaps a runtime error would be a better bet here.
This is likely solved in Postfix 3.7.1. Wietse 20220404 Bugfix: in an internal client module, "host or service not found" was a fatal error, causing the milter_default_action setting to be ignored. It is now a non-fatal error. The same client is used by many Postfix clients (smtpd_proxy, dovecot auth, tcp_table, memcache, socketmap, and so on). Problem reported by Christian Degenkolb. File: util/inet_connect.c.