Hi,
I'm not sure if this is the right place to ask this but here we go (let
me know if I should report it somewhere else).
In setting up a milter on a postfix daemon running in docker container I
stumbled upon the following problem.
postfix trows fatal errors if it can't resolve the DNS name of a milter
due to the milter (also running as a docker container) being offline
although default_action for this milter is set to "accept".
I have the following setup:
- postfix 3.4.14 from https://mailcow.email/ (should be this
https://packages.debian.org/buster/postfix package)
- with smtpd_milters = inet:rspamd:9900,
{inet:mymilter:40000,connect_timeout=3s,default_action=accept}
- a docker container mymilter with the run command "docker run -d --name
mymilter--network-alias mymilter --network
mailcowdockerized_mailcow-network --restart unless-stopped
mymilter:latest"
- mymilter listens on port 40000 as a milter
Everything runs normal as long as the mymilter container is online.
If I stop mymilter postfix refuses to accept smtp connections with for
example the following errors.
Mar 31 15:43:43 14bc2104d36b postfix/smtpd[382]: fatal: host/service
mymilter/40000 not found: Name or service not known
Mar 31 15:43:44 14bc2104d36b postfix/master[348]: warning: process
/usr/lib/postfix/sbin/smtpd pid 382 exit status 1
Mar 31 15:43:44 14bc2104d36b postfix/master[348]: warning:
/usr/lib/postfix/sbin/smtpd: bad command startup -- throttling
If I replace mymilter in smtpd_milters with an IP address of the docker
container and stop the container the default_action=accept is honored.
As far as I can tell the network-alias gets removed from dockers
internal DNS server on container stop which triggers the postfix fatal
error.
However shouldn't a failed DNS request also evoke the default policy of
"accept" for this milter?
Is this a postfix bug or am I missing something? Can I somehow add "DNS
not Working" to the "it's Ok"-List for this milter?
thanks for your help
Christian
