Greetings, and sorry for the subject spam with search engine fodder, but I've wasted hours debugging something that wasn't obvious but I believe I have a somewhat useful overview now that I'd like to share.
My problem was that Postfix's smtp could not DNS-resolve "localhost", but could resolve other domains. Symptom in the log: Host or domain name not found. Name service error for name=localhost type=A: Host not found Host or domain name not found. Name service error for name=localhost type=AAAA: Host not found This "localhost" I was trying to resolve was procured from a transport map as "[localhost]", in order to use an SSH tunnel for semi-authenticated relaying. "localhost" is also often used for filtering when the filter software runs on the same computer as Postfix. Now, observe there are common configurations that don't play together well: - The typical DNS resolver looks for names without dots in a "search" list. This is either configured explicitly (possibly automatically) in /etc/resolv.conf, or taken from the "domain", or derived from the hostname. - The typical DNS resolver does not try a direct look up of names without dots at all. - Not all DNS zones provide a "localhost" hostname record, or if they do, only at the top level - where it's invisible if subdomains are used, such as mycomputer.mydepartment.example.org. The consequence is that in such circumstances, "localhost" is not reliably resolvable. This problem is exacerbated by the fact that Postfix does not allow me to use "localhost." instead -- this would have been a fully-qualified host name that defeats the domain search, and I've yet to see a resolver that balks at "localhost." with trailing dot. (Note that the DNS root zone is called "." and DNS is a hierarchical system rooted at the last component - the top-level domain.) Now, possible workarounds: - be sure that /etc/resolv.conf contains a "search" list where at least one of the listed domains has a direct localhost resolving to 127.0.0.1 and/or ::1. Say, if you have "search example.com another.example", at least localhost.example.com or localhost.another.example must resolve IN DNS - /etc/hosts doesn't work here. - add "options ndots:0" to /etc/resolv.conf (if setting multiple options, check your manual - my resolver needs them all on only one options line, separated by blanks). Be wary of system configuration tools that rewrite /etc/resolv.conf, they might lose this option. - make sure to use a local "search" domain first in /etc/resolv.conf that has a localhost entry. For instance, if /etc/resolv.conf contains "search example.org", be sure there is a "localhost.example.org" DNS entry that resolves in class IN and type A to 127.0.0.1 and/or type AAAA to ::1. I wonder if, in the long run: - Postfix should treat "localhost" special and force a direct query before allowing the search list; or - Postfix should generally try a direct query before the search list; (probably warrants a version bump to 3.0 rather than 2.9), or - Postfix should permit hostnames with trailing dots to prevent domain hunts, or - IETF or UNIX standardization efforts should be made instead to get the resolver defaults corrected. Looking forward to comments. Best regards, Matthias
