On Tue, Jan 26, 2021 at 02:17:00PM -0500, Ruben Safir wrote:
> www2:~ # postconf -M | awk '$8 == "smtp" {print $1,$5}'
> smtp n
> relay n
So it looks like no chroot. You can double-check with:
$ postconf -F smtp/unix/chroot
$ postconf -F relay/unix/chroot
but no need to post results unless you see something unexpected.
> > $ postconf default_transport transport_maps
>
> www2:~ # postconf default_transport transport_maps
> default_transport = smtp
> transport_maps = hash:/etc/postfix/transport
> cat /etc/postfix/transport|grep -v '#'
So no transport overrides it seems.
> This is from the logs...
>
> 2021-01-26T09:25:49.845785-05:00 www2 postfix/smtp[16846]:
> CF8C4163FD5: to=<cdeu t...@council.nyc.gov>, relay=none, delay=17058,
> delays=16803/0.06/255/0, dsn=4.4.3, status=deferred (Host or domain
> name not found. Name service error for name= mx2.nycdoitt.iphmx.com
> type=A: Host not found, try again)
> 2021-01-26T10:00:50.870560-05:00 www2 postfix/smtp[17129]: warning: no
> MX host for council.nyc.gov has a valid address record
> 2021-01-26T10:00:50.875743-05:00 www2 postfix/smtp[17136]: warning: no
> MX host for council.nyc.gov has a valid address record
Well, your C library DNS routines (used by Postfix) are unable to
resolve the IP addresses of the host. If dig(1) can resolve it,
and is using the same /etc/resolv.conf file, then the problem
is your C library. The "dig" command has its own DNS resolution
code, independent of the implementation in the C library.
Does "posttls-finger" (if you have that installed) also fail to
resolve the host? It works for me:
$ posttls-finger -c -lmay "[mx1.nycdoitt.iphmx.com]"
posttls-finger: mx1.nycdoitt.iphmx.com[68.232.135.242]:25:
subject_CN=esa4.nycdoitt.iphmx.com,
issuer_CN=HydrantID SSL ICA G2,
fingerprint=...,
pkey_fingerprint=...
--
Viktor.
