Jim Popovitch:
> On Mon, 2021-05-31 at 16:18 -0400, Wietse Venema wrote:
> > Jim Popovitch:
> > > Hello,
> > >
> > > If given hostname that resolves to multiple A/AAAA records, will
> > > smtpd_milters=inet:... cycle through all A/AAAA records until if
> > > finds a host that it can connect to?
> >
> > Postfix will try each IP address (as returned from getaddrinfo(3))
> > until it can establish a TCP connection. Postfix does not randomize
> > the order of these IP addresses, and it does not reconnect (and
> > replay a session) when an established Milter connection goes bad.
>
> Thanks for that detail.
>
> > > If so, does it make sense to reduce milter_connect_timeout to 10
> > > or 15 seconds?
> >
> > When does it make sense to run Postfix and Milters in different
> > failure domains? I have no experience with such configurations.
>
> My thought is that having 2+ content filter endpoints could increase
> postfix's resiliency if a rules update or processing hack corrupt the
> process the milter is calling.
That would not solve your problem.
Postfix will try each IP address in the order as returned from
getaddrinfo(3) until it can establish a TCP connection. Postfix
will not reconnect when an established Milter connection goes bad.
For example, the Milter does not respond, or produces bad responses.
Wietse
