Hello all,
Yes, this again. I promise it's slightly different this time.
I have users in LDAP and they're brought in as local users by
libnss-ldapd. With local_recipient_maps set to use a LDAP map instead of
unix:passwd.byname, smtpd correctly tempfails incoming mail when the
LDAP service is unavailable. This is all working fine.
However, for mail that originates on the mail host, e.g. by mail(1),
when an LDAP outage causes local users to disappear (getent passwd
username returns no results with exit code 2) local bounces the mail as
user unknown. While this is not surprising behaviour, it is not the
desired behaviour, either.
I was hoping that setting mailbox_transport_maps to the same LDAP map as
local_recipient_maps would cause local to tempfail rather than bounce in
this case. It turns out that it does not.
Digging into the code, in deliver_mailbox() I see a call to maps_find()
that isn't followed by a check on dict_errno. I think this is a bug. If
maps_find() sets dict_errno to DICT_ERR_RETRY, deliver_mailbox() should
fail the delivery and expect a retry later. But my C is very rusty and
this is not trivial code so I haven't gotten any further than that.
local/mailbox.c:280 in deliver_mailbox():
/* The -1 is a hint for the down-stream deliver_completed() function. */
if (*var_mbox_transp_maps
&& (map_transport = maps_find(transp_maps, state.msg_attr.user,
DICT_FLAG_NONE)) != 0) {
state.msg_attr.rcpt.offset = -1L;
*statusp = deliver_pass(MAIL_CLASS_PRIVATE, map_transport,
state.request, &state.msg_attr.rcpt);
return (YES);
}
if (*var_mailbox_transport) {
...
Is there a better way to do what I'm trying to do, which is to tempfail
instead of bounce when LDAP/NSS is not working correctly? (I appreciate
that it's not Postfix's fault that NSS isn't distinguishing not found
from an error, but that doesn't help me get this working.)
If you're curious, nscd is not a complete solution here (though I am using
it) because, after a cold start, it's likely that Postfix on one host will
come up before the LDAP service on another host. They're both virtual
machines on the same hardware. It's not ideal but this is too small of a
shop to do anything bigger than that.
Thanks.
P.S. This is not the same as the following discussions; I'm talking about
local specifically, not smtpd. The smtpd part tempfails as expected.
http://www.irbs.net/internet/postfix/0602/1501.html
http://readlist.com/lists/postfix.org/postfix-users/14/72278.html
http://archives.neohapsis.com/archives/postfix/2000-02/1121.html
--
William Ono <wm...@soundwave.net>
