Stefan Foerster:
> Hello world,
>
> in a containerized setup I noticed a bad command startup if the AUTH
> socket is not available (i.e. the container is down):
>
> $ postconf smtpd_sasl_path
> smtpd_sasl_path = inet:dovecot:12345
>
> #v+
> postfix/submission/smtpd[156]: connect from
> client.example.com[xxxx:xxx:xx:xxxx::3]
> postfix/submission/smtpd[156]: Anonymous TLS connection established from
> pharmakeia.incertum.net[xxxx:xxx:xx:xxxx::x]: TLSv1.3 with cipher
> TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature
> ECDSA (P-256) server-digest SHA256
> postfix/submission/smtpd[156]: warning: host or service dovecot:12345 not
> found: Name does not resolve
> postfix/submission/smtpd[156]: warning: SASL: Connect to Dovecot auth socket
> 'inet:dovecot:12345' failed: Address not available
> postfix/submission/smtpd[156]: fatal: no SASL authentication mechanisms
> postfix/master[1]: warning: process /usr/libexec/postfix/smtpd pid 156 exit
> status 1
> postfix/master[1]: warning: /usr/libexec/postfix/smtpd: bad command startup
> -- throttling
> #v-
>
> I'm not sure if that's intentional behaviour, if so, please ignore me.
>
> But even the submission service might have e.g. an IP whitelist which
> would mean the service could accept mails without needing to contact
> dovecot at all, so perhaps a runtime error would be a better bet here.
This is likely solved in Postfix 3.7.1.
Wietse
20220404
Bugfix: in an internal client module, "host or service not
found" was a fatal error, causing the milter_default_action
setting to be ignored. It is now a non-fatal error. The
same client is used by many Postfix clients (smtpd_proxy,
dovecot auth, tcp_table, memcache, socketmap, and so on).
Problem reported by Christian Degenkolb. File: util/inet_connect.c.
