Re: Temporary lookup failure

2008-09-05 Thread Wietse Venema 
Hungry Snail:
> 
> Hi guys,
> 
> I have just started recieving emails from postfix telling me that there is a
> Temporary lookup failure.
> 
> 
> *
> Subject:   Postfix SMTP server: errors from
> adsl190-28-1-167.epm.net.co[190.28.1.167] 
> Out: 220 mailserver.mydomain.tld ESMTP Postfix (Debian/GNU)
> In:  HELO equipo34
> Out: 250 mailserver.mydomain.tld
> In:  MAIL FROM:<[EMAIL PROTECTED]>
> Out: 250 2.1.0 Ok
> In:  RCPT TO:<[EMAIL PROTECTED]>
> Out: 451 4.3.0 <[EMAIL PROTECTED]>: Temporary lookup failure
> 
> Session aborted, reason: lost connection
> *

Look in the MAILLOG file. Postfix does not disclose configuration
problems to random network clients. It logs them instead.

http://www.postfix.org/DEBUG_README.html#mail

Wietse

> It only seems to be doing this for email accounts that do not exist
> (example: [EMAIL PROTECTED] does not exist).
> 
> Never had this before, and it suddenly started happening 8 hours ago.
> 
> any ideas? it doesnt seem to be happening to legit email accounts hosted on
> the server.
> 
> Cheers
> -- 
> View this message in context: 
> http://www.nabble.com/Temporary-lookup-failure-tp19341789p19341789.html
> Sent from the Postfix mailing list archive at Nabble.com.
> 
> 
>

Re: temporary lookup failure

2009-05-28 Thread Brian Evans - Postfix List 
Jon Harris wrote:
> Hi List
>
> A few of our clients use our postfix server for relaying. Generally, its
> working really well, but several users are reporting regular "451
> Temporary Lookup Failure" bounce errors. This is them sending "outgoing"
> (ie non-local domains) and domains that Postfix should be relaying for,
> in its other role as a fallback mx server.
>
> We use mysql to store local mailboxes, domains, etc but these are
> effectively "external" addresses. I can see anything in the logs that
> tells me anything other than the 451 error.
>
>  In:  MAIL FROM: 
>  Out: 250 Ok
>  In:  RCPT TO: 
>  Out: 451 : Temporary lookup
> failure
>
> Session aborted, reason: lost connection
> -
>
> I have tried various command line tests, but never got a 451. It doesn't
> appear to be consistently replicatable. Is this something to do with a
> mysql select statement timing out? Can I increase the lookup timeout -
> if there such a thing?
>
> There are obviously a lot of configuration files involved here. But I
> can't find anything to do with 451 errors.
>
> This is the relavent sections (I hope!) from main.cf
>   

Be sure to check 'postconf -n' instead.
Your eyes may not see what Postfix sees.

> main.cf
> ---
>
> .
> .
> .
> virtual_mailbox_domains =
> mysql:/etc/postfix/mysql_virtual_domains_maps.cf
> virtual_mailbox_base = /var/vmail
> virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
> virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
> virtual_minimum_uid = 150
> virtual_uid_maps = static:150
> virtual_gid_maps = static:12
>   

This may be a result of heavy load.
You are not using proxymap, so each lookup requires a connection.
MySQL has a default connection limit of 100, unless you changed it.
While this is OK for low-volume, this can cause temporary lookup errors
during peak usage.

Suggest changing all mysql: maps to proxy:mysql:
Example: proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf


> .
> .
> .
> ## relay section
> smtpd_recipient_restrictions =
> reject_invalid_hostname,
> reject_non_fqdn_sender,
> reject_non_fqdn_recipient,
> permit_mynetworks,
> permit_sasl_authenticated,
> reject_unauth_destination,
> reject_rbl_client cbl.abuseat.org,
> reject_rbl_client list.dsbl.org,
> reject_rbl_client sbl.spamhaus.org,
> reject_rbl_client pbl.spamhaus.org
> permit
>   
dsbl.org is dead.
Also, suggest merging the other 3 lists into zen.spamhaus.org

Brian

RE: temporary lookup failure

2009-05-29 Thread Jon Harris 
Hi Brian

Everything you said makes a great deal of sense - thanks very much. I
have changed the RBL settings, as you advised.

Yes, the load has gone up considerably, particularly, we are seeing a
massive rise of spam traffic on this box (mainly on one or two of the
domains 30 domains its responsible for)

However, I have tried putting "proxy:" in front of my mysql maps and it
stopped it being able to receive email. Presumably, I need to enable
proxymap to get proxy maps to work. This is something I don't know how
to do.

This is what "postconf -d | grep proxy" returns:

local_recipient_maps = proxy:unix:passwd.byname $alias_maps
proxy_interfaces = 
proxy_read_maps = $local_recipient_maps $mydestination
$virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps
$virtual_mailbox_domains $relay_recipient_maps $relay_domains
$canonical_maps $sender_canonical_maps $recipient_canonical_maps
$relocated_maps $transport_maps $mynetworks
smtpd_proxy_ehlo = $myhostname
smtpd_proxy_filter = 
smtpd_proxy_timeout = 100s

There are no lines with proxy in my main.cf, do I need to add in a
"proxy_read_maps"? If so what do I set it to?

Incidently, here is a copy of my "mysql_virtual_mailbox_maps.cf" I did
initially have a few problems getting this working. If I use
proxy:mysql: will I need to change this?

user = 
password = 
hosts = localhost
dbname = postfix
table = mailbox
#select_field = CONCAT(domain,'/',maildir)
select_field = maildir
where_field = username
additional_conditions = and active = '1'
#query = SELECT CONCAT(domain,'/',maildir) FROM mailbox WHERE
username='%s' AND active = '1'

Regards

Jon


[snip]

Re: temporary lookup failure

2009-05-29 Thread Brian Evans - Postfix List 
Jon Harris wrote:
> Hi Brian
>
> Everything you said makes a great deal of sense - thanks very much. I
> have changed the RBL settings, as you advised.
>
> Yes, the load has gone up considerably, particularly, we are seeing a
> massive rise of spam traffic on this box (mainly on one or two of the
> domains 30 domains its responsible for)
>
> However, I have tried putting "proxy:" in front of my mysql maps and it
> stopped it being able to receive email. Presumably, I need to enable
> proxymap to get proxy maps to work. This is something I don't know how
> to do.
>
> This is what "postconf -d | grep proxy" returns:
>   

'postconf -d' shows defaults that are used unless you define them in main.cf
'postconf -n' shows what Postfix sees in your main.cf.

> There are no lines with proxy in my main.cf, do I need to add in a
> "proxy_read_maps"? If so what do I set it to?
>   

You have proxymap enabled according to your OP:
> master.cf
> -
> proxymap  unix  -   -   n   -   -   proxymap
What is the in the log of the error?


> Incidently, here is a copy of my "mysql_virtual_mailbox_maps.cf" I did
> initially have a few problems getting this working. If I use
> proxy:mysql: will I need to change this?
>   
No.  Read 'man 8 proxymap' to understand what it does.

> user = 
> password = 
> hosts = localhost
> dbname = postfix
> table = mailbox
> #select_field = CONCAT(domain,'/',maildir)
> select_field = maildir
> where_field = username
> additional_conditions = and active = '1'
> #query = SELECT CONCAT(domain,'/',maildir) FROM mailbox WHERE
> username='%s' AND active = '1'
>
>

Re: temporary lookup failure

2009-05-29 Thread Barney Desmond 
2009/5/29 Jon Harris :
> However, I have tried putting "proxy:" in front of my mysql maps and it
> stopped it being able to receive email. Presumably, I need to enable
> proxymap to get proxy maps to work. This is something I don't know how
> to do.

Error logs?

My suspicion is that the proxy map isn't available for some reason.
Run `postconf -m` to check that proxy is actually a supported map type
(ie. was compiled into your distribution). This is a Debian machine of
mine, yours should be similar:

yoshino:~# postconf -m
btree
cidr
environ
hash
nis
pcre
pgsql
proxy
regexp
sdbm
static
tcp
unix


> This is what "postconf -d | grep proxy" returns:

`-d` shows you the defaults. Use plain `postconf` to show all relevant
values, so your grep will return useful results. Use `-d` when you're
reading the postconf manpage and want to know what the default is for
system-dependent stuff (at least, that's what I use it for).

> There are no lines with proxy in my main.cf, do I need to add in a
> "proxy_read_maps"? If so what do I set it to?

No. I've never seen it mentioned here; chances are you'll never need
to change it. proxy is something of a "magic" map type, you stack it
on another "real" map.

> If I use
> proxy:mysql: will I need to change this?

No. The proxy map basically just does connection sharing/pooling to
ease the load on mysql (when used on mysql tables).
http://www.postfix.org/proxymap.8.html

Re: temporary lookup failure

2009-05-29 Thread Victor Duchovni 
On Sat, May 30, 2009 at 02:09:35AM +1000, Barney Desmond wrote:

> 2009/5/29 Jon Harris :
> > However, I have tried putting "proxy:" in front of my mysql maps and it
> > stopped it being able to receive email. Presumably, I need to enable
> > proxymap to get proxy maps to work. This is something I don't know how
> > to do.
> 
> Error logs?

All tables used with "proxy:" need to be listed in "proxy_read_maps".
The default value covers many of the built-in table-valued parameters,
but it is not uncommon to need to extend this list. There is no "+="
syntax in main.cf, so extending the parameter means copying in the
default value, and then the required additions.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:


If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Temporary Lookup Failure

2020-08-29 Thread Benny Pedersen 

@lbutlr skrev den 2020-08-29 14:16:

After updating Bind and dovecot and rebooting the server, I am getting
these errors on almost every incoming mail.


try reboot ?


Current load os 0.29 instead of 12.9 and climbing, sp I don’t think
it’s related.


is

dig +trace google.com

working ?

is

ping6 -c 3 google.com

working ?

try doing the same with freebsd.org

what is failing ?

and lastly have you "Making the DNS More Private with QNAME 
Minimisation" this is imho not yet solved in rbldnsd, so disable it in 
bind9

Re: Temporary Lookup Failure

2020-08-29 Thread Wietse Venema 
@lbutlr:
> Aug 29 01:30:13 mail.covisp.net postfix/smtpd[40178] 4Bdp5d3gF5z36j0y: 
> reject: RCPT from mx2.freebsd.org[96.47.72.81]: 451 4.3.0 
> : Temporary lookup failure; 
> from= to= 
> proto=ESMTP helo=

Your Postfix resolv.conf file may point to the wrong IP address.

Wietse

Re: Temporary Lookup Failure

2020-08-29 Thread Viktor Dukhovni 
On Sat, Aug 29, 2020 at 06:16:27AM -0600, @lbutlr wrote:

> After updating Bind and dovecot and rebooting the server, I am getting these 
> errors on almost every incoming mail.
> Bind is running, and I can manually lookup the domains and dig -x the IPs, so 
> I don’t think bind is the issue?

Red herrings.


> Aug 29 01:30:13 mail.covisp.net postfix/smtpd[40178] 4Bdp5d3gF5z36j0y:
> reject: RCPT from mx2.freebsd.org[96.47.72.81]: 451 4.3.0
> : Temporary lookup failure;
> from= to=
> proto=ESMTP helo=

Who said the lookup failure is a DNS problem?  More likely some table
driver no longer works after the upgrade, or other similar resource.

The real error is earlier in the logs.

-- 
Viktor.

Re: Temporary Lookup Failure

2020-08-29 Thread Bob Proulx 
@lbutlr wrote:
> Bind is running, and I can manually lookup the domains and dig -x
> the IPs, so I don’t think bind is the issue?

Although dig and drill are good for tracing DNS queries the better
tool for tracing system default lookups is 'getent'.  It will perform
a lookup using the same libc library as any program using
gethostent(3).

In this case try this.

getent ahosts mx2.freebsd.org

I get this result:

$ getent hosts mx2.freebsd.org
2610:1c1:1:606c::19:2 mx2.freebsd.org

$ getent ahosts mx2.freebsd.org
96.47.72.81 STREAM mx2.freebsd.org
96.47.72.81 DGRAM  
96.47.72.81 RAW
2610:1c1:1:606c::19:2 STREAM 
2610:1c1:1:606c::19:2 DGRAM  
2610:1c1:1:606c::19:2 RAW

As others noted if postfix is running chroot'd then the
/etc/resolv.conf that it will use will be the file in the postfix
chroot.  On my system that would be this one.  Which on my system is
updated when the service script starts postfix.

/var/spool/postfix/etc/resolv.conf

Bob

Re: Temporary Lookup Failure

2020-08-30 Thread 
On 29 Aug 2020, at 07:17, Viktor Dukhovni  wrote:
> On Sat, Aug 29, 2020 at 06:16:27AM -0600, @lbutlr wrote:
> 
>> After updating Bind and dovecot and rebooting the server, I am getting these 
>> errors on almost every incoming mail.
>> Bind is running, and I can manually lookup the domains and dig -x the IPs, 
>> so I don’t think bind is the issue?
> 
> Red herrings.
> 
> 
>> Aug 29 01:30:13 mail.covisp.net postfix/smtpd[40178] 4Bdp5d3gF5z36j0y:
>> reject: RCPT from mx2.freebsd.org[96.47.72.81]: 451 4.3.0
>> : Temporary lookup failure;
>> from= to=
>> proto=ESMTP helo=
> 
> Who said the lookup failure is a DNS problem?  More likely some table
> driver no longer works after the upgrade, or other similar resource.
> 
> The real error is earlier in the logs.

The previous line is mostly the same, only it says permit. I posted all the 
lines for the given QID.Looking at the logs for other errors the only thing I 
see is that occasionally (but far less than the number of lookup errors) was 
"(address resolver failure)" and ,mysql connection issues when I was stopping 
the various services. And to was not just freebsd.org that failed, it was most 
things.

After several hours last night and this morning with a trickle of mail coming 
in and several reboots I finally got it working with a manual shutdown of all 
the related services, a removal of several ancillary ports (spamassin, etc) and 
rebuilding those ports. And then manually starting the services back up. 
Nothing showed as an out of date port, but spamassasin, at least, showed 
something that was updated instead of installed.

Haven’t gotten a recourance in just about an hour.

Still don't know what the cause was and find it rather concerning because of 
the reboots. 

When I can get there in person, I'll reboot again and see if all comes back up 
this time.



-- 
Bowling scores are way up, minigolf scores are way down, and we have
more excellent waterslides than any other planet we communicate
with

RE: temporary lookup failure [Fixed]

2009-06-02 Thread Jon Harris 
viktor

I tried re-editing the main.cf and its now working. Haven't seen any
"Temporary Lookup Failures" since.

I must have left a typo in there. Must remember to edit more carefully
;-(

thanks 

jon 

-Original Message-
From: owner-postfix-us...@postfix.org
[mailto:owner-postfix-us...@postfix.org] On Behalf Of Victor Duchovni
Sent: 29 May 2009 17:17
To: postfix-users@postfix.org
Subject: Re: temporary lookup failure

On Sat, May 30, 2009 at 02:09:35AM +1000, Barney Desmond wrote:

> 2009/5/29 Jon Harris :
> > However, I have tried putting "proxy:" in front of my mysql maps and
it
> > stopped it being able to receive email. Presumably, I need to enable
> > proxymap to get proxy maps to work. This is something I don't know
how
> > to do.
> 
> Error logs?

All tables used with "proxy:" need to be listed in "proxy_read_maps".
The default value covers many of the built-in table-valued parameters,
but it is not uncommon to need to extend this list. There is no "+="
syntax in main.cf, so extending the parameter means copying in the
default value, and then the required additions.

-- 
Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.

Re: Temporary lookup failure with relay_recipient_maps

2013-03-06 Thread Reindl Harald 


Am 06.03.2013 17:17, schrieb Alvaro Marin:
> Hello,
> 
> I've several Postfix servers configured to relay email for users/domains.
> We've different LDAP servers to query and a cdb file; something like this:
> 
> relay_recipient_maps = ldap:/etc/postfix/ldap_users.cf, 
> ldap:/etc/postfix/activedirectory.cf,
> ldap:/etc/postfix/activedirectory2.cf, cdb:/etc/postfix/relayusers
> 
> For a moment, one ActiveDirectory server for some domains was down, so I've 
> seen in logs:
> 
> warning: dict_ldap_connect: Unable to bind to server ldap://IP1 ldap://IP2 as 
> cn=x,ou=x,dc=x,dc=x: -1 (Can't
> contact LDAP server)
> 
> The other LDAP and AD server configured in Postfix, were responding ok but a 
> lot of emails were being rejected with
> the "Temporary lookup failure" error (and not only emails for domains in that 
> down AD server, emails for domains of
> working LDAP/AD too).
> 
> Mar  6 16:19:13 relay1 postfix/smtpd[21555]: warning: dict_ldap_connect: 
> Unable to bind to server ldap://IP1
> ldap://IP2 as cn=x,ou=x,dc=x,dc=x: -1 (Can't contact LDAP server)
> Mar  6 16:19:13 relay1 postfix/smtpd[21555]: maps_find: relay_recipient_maps: 
> u...@domain.com: search aborted
> Mar  6 16:19:13 relay1 postfix/smtpd[21555]: mail_addr_find: u...@domain.com 
> -> (try again)
> Mar  6 16:19:13 relay1 postfix/smtpd[21555]: 0F36A38C1CA: reject: RCPT from
> mail1.bemta7.messagelabs.com[216.82.254.103]: 451 4.3.0 : 
> Temporary lookup failure;
> from= to= proto=ESMTP helo=
> 
> Is anyway to configure Postfix to avoid this situation? If one LDAP/AD of the 
> configuration of relay_recipient_maps
> is down, query other servers and give that failure error only for domains 
> configured in the down server.

i do not find any word what postfix version you are using nor
output of "postconf -n"

however: 451 is a temporary error and not that bad



signature.asc
Description: OpenPGP digital signature

Re: Temporary lookup failure with relay_recipient_maps

2013-03-06 Thread Wietse Venema 
Alvaro Marin:
> For a moment, one ActiveDirectory server for some domains was down, so 
> I've seen in logs:
> 
> warning: dict_ldap_connect: Unable to bind to server ldap://IP1 
> ldap://IP2 as cn=x,ou=x,dc=x,dc=x: -1 (Can't contact LDAP server)
...
> Is anyway to configure Postfix to avoid this situation? If one LDAP/AD 
> of the configuration of relay_recipient_maps is down, query other 
> servers and give that failure error only for domains configured in the 
> down server.

Postfix reports that the LDAP client library could not connect to
any of the LDAP servers. Don't shoot the messenger.

Wietse

Re: Temporary lookup failure with relay_recipient_maps

2013-03-06 Thread lst_hoe02 


Zitat von Wietse Venema :


Alvaro Marin:

For a moment, one ActiveDirectory server for some domains was down, so
I've seen in logs:

warning: dict_ldap_connect: Unable to bind to server ldap://IP1
ldap://IP2 as cn=x,ou=x,dc=x,dc=x: -1 (Can't contact LDAP server)

...

Is anyway to configure Postfix to avoid this situation? If one LDAP/AD
of the configuration of relay_recipient_maps is down, query other
servers and give that failure error only for domains configured in the
down server.


Postfix reports that the LDAP client library could not connect to
any of the LDAP servers. Don't shoot the messenger.

Wietse


Would the "domain" parameter in the LDAP config prevent this, if only  
non-matching addresses would have been asked or does postfix detect  
the absence of the LDAP servers anyway?
Just curious, the real solution is more of using at least two LDAP  
server per config and don't kill both of them at once.


Regards

Andreas

Re: Temporary lookup failure with relay_recipient_maps

2013-03-06 Thread Viktor Dukhovni 
On Wed, Mar 06, 2013 at 06:13:05PM +, lst_ho...@kwsoft.de wrote:

> Zitat von Wietse Venema :
> 
> >Postfix reports that the LDAP client library could not connect to
> >any of the LDAP servers. Don't shoot the messenger.
> >
> > Wietse
> 
> Would the "domain" parameter in the LDAP config prevent this, if
> only non-matching addresses would have been asked or does postfix
> detect the absence of the LDAP servers anyway?

[ I'll play Wietse, since the LDAP connection management logic is my code. ]

Postfix (unsupported ancient versions aside) only connects to the
LDAP server when it is about to make a query.  The non-matching
domain short-circuit happens before any connection attempts.

-- 
Viktor.

Re: Temporary lookup failure with relay_recipient_maps

2013-03-07 Thread lst_hoe02 


Zitat von Viktor Dukhovni :


On Wed, Mar 06, 2013 at 06:13:05PM +, lst_ho...@kwsoft.de wrote:


Zitat von Wietse Venema :

>Postfix reports that the LDAP client library could not connect to
>any of the LDAP servers. Don't shoot the messenger.
>
>Wietse

Would the "domain" parameter in the LDAP config prevent this, if
only non-matching addresses would have been asked or does postfix
detect the absence of the LDAP servers anyway?


[ I'll play Wietse, since the LDAP connection management logic is my code. ]

Postfix (unsupported ancient versions aside) only connects to the
LDAP server when it is about to make a query.  The non-matching
domain short-circuit happens before any connection attempts.

--
Viktor.


Thanks for confirming. So this would be the "solution" the OP was  
looking for, given that only full qualified LDAP lookups are used.


Regards

Andreas

Re: Temporary lookup failure with ldap

2013-11-11 Thread Wietse Venema 
Merve Temizer:
> If i do not need why i am getting "Temporary lookup failure" for every
> attempt while i was sending mail through telnet?

The reason for the failure is in the MAILLOG file. 

Postfix does not provide configuration error details to SMTP clients.

Wietse

Re: Temporary lookup failure with ldap

2013-11-11 Thread Wietse Venema 
Merve Temizer:
> If i do not need why i am getting "Temporary lookup failure" for every
> attempt while i was sending mail through telnet?

Wietse
> The reason for the failure is in the MAILLOG file.  Postfix does
> not provide configuration error details to SMTP clients.

Merve Temizer:
> i changed ldap-aliases.cf configuration to:
> 
> server_host = localhost
> server_port = 389
> search_base = ou=people,dc=localhost
> query_filter = (uid=%u)
> result_attribute = homeDirectory
> bind=yes
> bind_dn= cn=admin,dc=localhost
> bind_pw=secret
> 
> and can see postmap works.

If the Postfix SMTP daemon reports errors that you can't resolve,
then you need to share logfile information.

Wietse

Re: Temporary lookup failure with ldap

2013-11-12 Thread Merve Temizer 
Thanks, it was solved as my previous answer.


2013/11/11 Wietse Venema 

> Merve Temizer:
> > If i do not need why i am getting "Temporary lookup failure" for every
> > attempt while i was sending mail through telnet?
>
> Wietse
> > The reason for the failure is in the MAILLOG file.  Postfix does
> > not provide configuration error details to SMTP clients.
>
> Merve Temizer:
> > i changed ldap-aliases.cf configuration to:
> >
> > server_host = localhost
> > server_port = 389
> > search_base = ou=people,dc=localhost
> > query_filter = (uid=%u)
> > result_attribute = homeDirectory
> > bind=yes
> > bind_dn= cn=admin,dc=localhost
> > bind_pw=secret
> >
> > and can see postmap works.
>
> If the Postfix SMTP daemon reports errors that you can't resolve,
> then you need to share logfile information.
>
> Wietse
>