postfix not resolving mDNS lookups (make it work in a LAN-without-internet)
Hi!
Introduction
===
Few days ago I thought it would be a great idea to send emails to others
in the same LAN (each participant having their own postfix server) and
without reaching Internet. Applications of this is: a dynamic during a
conference, a workshop, emergency situation (where Internet or
centralized server in the LAN is not working), etc.
In my first attempt I thought mDNS [1] is very fine for this, to make it
work in debian you have to install avahi-daemon [2]. After that, your
hostname is appended with .local domain.
Mail clients thunderbird [3] and claws mail [4] allow using the
/var/mail/user localhost mailbox. The emails are managed very fine but
there is a problem trying to send email using postfix as a localhost
SMTP server to a mDNS host
Showing the config files and testing
==
When you install avahi-daemon, hosts line in /etc/nsswitch.conf looks like
hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname
so it first tries to do "nsswitch resolution" with mDNS before
contacting dns thing
you can check it with command getent (getent - get entries from Name
Service Switch libraries), and I think this is equivalent to calling
getaddrinfo:
$ getent hosts host1.local
192.168.1.124 host1.local
from a default debian 10 stable postfix server version 3.4.5, in file
/etc/postfix/main.cf I added: (1) ability to run IPs (that works fine,
but is not as interesting as mDNS!) and (2) ability to query nsswitch.conf:
# allow raw IPs -> src
https://serverfault.com/questions/373350/postfix-allow-sending-to-raw-ip-address
resolve_numeric_domain = yes
# http://www.postfix.org/postconf.5.html#smtp_host_lookup
smtp_host_lookup = dns, native
In official postfix documentation for "smtp_host_lookup" says "native -
Use the native naming service only (nsswitch.conf, or equivalent
mechanism)". I thought that it included mDNS but I am pretty sure is not
working (and I think is very easy to replicate)
: unable to look up host host1.local: Name
or service not known
for testing purposes, if I added an entry in /etc/hosts like:
192.168.1.24 host1.local
and I restart postfix server, then works (interesting: If I quit
/etc/hosts entry still works until I restart postfix server again, looks
like postfix server only checks /etc/hosts in init time, not dynamically).
But /etc/hosts is not so interesting in this scenario because is so
static, and for the use case I said in the beginning, very boring.
I think the error I'm getting is coming from file src/smtp/smtp_addr.c
(sourcecode of postfix 3.4.5) [5]. Postfix is using getaddrinfo, and it
should be resolving mDNS lookups, but is not doing it and I don't
understand why.
I hope we can have this feature and that it does not harm other things
Thanks for your time!
Pedro
[1] https://en.wikipedia.org/wiki/Multicast_DNS
[2] https://wiki.debian.org/ZeroConf
[3] https://www.thunderbird.net/
[4] https://www.claws-mail.org/
[5]
/*
* Use the native name service which also looks in /etc/hosts.
*
* XXX A soft error dominates past and future hard errors. Therefore we
* should not clobber a soft error text and status code.
*/
#define RETRY_AI_ERROR(e) \
((e) == EAI_AGAIN || (e) == EAI_MEMORY || (e) == EAI_SYSTEM)
#ifdef EAI_NODATA
#define DSN_NOHOST(e) \
((e) == EAI_AGAIN || (e) == EAI_NODATA || (e) == EAI_NONAME)
#else
#define DSN_NOHOST(e) \
((e) == EAI_AGAIN || (e) == EAI_NONAME)
#endif
if (smtp_host_lookup_mask & SMTP_HOST_FLAG_NATIVE) {
if ((aierr = hostname_to_sockaddr(host, (char *) 0, 0, &res0)) != 0) {
dsb_simple(why, (SMTP_HAS_SOFT_DSN(why) || RETRY_AI_ERROR(aierr)) ?
(DSN_NOHOST(aierr) ? "4.4.4" : "4.3.0") :
(DSN_NOHOST(aierr) ? "5.4.4" : "5.3.0"),
"unable to look up host %s: %s",
host, MAI_STRERROR(aierr));
0xCF8ACB83E96003E3.asc
Description: application/pgp-keys
0xCF8ACB83E96003E3.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
Re: postfix not resolving mDNS lookups (make it work in a LAN-without-internet)
> \On Aug 26, 2019, at 7:33 AM, postfix-user-l...@cas.cat wrote: > > When you install avahi-daemon, hosts line in /etc/nsswitch.conf looks like > > hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname > > so it first tries to do "nsswitch resolution" with mDNS before > contacting dns thing > > you can check it with command getent (getent - get entries from Name > Service Switch libraries), and I think this is equivalent to calling > getaddrinfo: > > $ getent hosts host1.local > 192.168.1.124 host1.local > > from a default debian 10 stable postfix server version 3.4.5, in file > /etc/postfix/main.cf I added: (1) ability to run IPs (that works fine, > but is not as interesting as mDNS!) and (2) ability to query nsswitch.conf: > > # allow raw IPs -> src > https://serverfault.com/questions/373350/postfix-allow-sending-to-raw-ip-address > resolve_numeric_domain = yes > > # http://www.postfix.org/postconf.5.html#smtp_host_lookup > smtp_host_lookup = dns, native Is smtp(8) using "chroot" in your master.cf file? If so, the relevant nsswitch.conf is likely the one in the chroot jail, and the jail would also need to contain the relevant nss plugin modules. Simpler may be to disable chroot. -- Viktor.
Re: postfix not resolving mDNS lookups (make it work in a LAN-without-internet)
On 8/26/19 3:57 PM, Viktor Dukhovni wrote: > Is smtp(8) using "chroot" in your master.cf file? If so, the relevant > nsswitch.conf is likely the one in the chroot jail, and the jail would > also need to contain the relevant nss plugin modules. Simpler may be > to disable chroot. That's it!! I applied this patch (that disables chroot) and then it works [1]. Thank you, Viktor! With curiosity, I do not understand why the chroot of postfix is not resolving through the nsswitch that includes and that is identical to the : cmp /var/spool/postfix/etc/nsswitch.conf /etc/nsswitch.conf (returns no output because it is equal and I see the same content) The "relevant nss plugin modules" looks like they are there too: $ find /var/spool/postfix/lib | grep mdns /var/spool/postfix/lib/x86_64-linux-gnu/libnss_mdns6_minimal.so.2 /var/spool/postfix/lib/x86_64-linux-gnu/libnss_mdns4.so.2 /var/spool/postfix/lib/x86_64-linux-gnu/libnss_mdns_minimal.so.2 /var/spool/postfix/lib/x86_64-linux-gnu/libnss_mdns6.so.2 /var/spool/postfix/lib/x86_64-linux-gnu/libnss_mdns4_minimal.so.2 /var/spool/postfix/lib/x86_64-linux-gnu/libnss_mdns.so.2 Cheers, Pedro [1] (I think is an untouched master for debian10, yes! it is in two places!) # diff -u /etc/postfix/master.cf.orig /etc/postfix/master.cf --- master.cf.orig 2019-08-26 16:49:09.231356916 +0200 +++ master.cf 2019-08-26 16:49:37.100024149 +0200 @@ -9,7 +9,7 @@ # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (no) (never) (100) # == -smtp inet n - y - - smtpd +smtp inet n - n - - smtpd #smtp inet n - y - 1 postscreen #smtpd pass - - y - - smtpd #dnsblog unix - - y - 0 dnsblog @@ -51,7 +51,7 @@ flush unix n - y 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap -smtp unix - - y - - smtp +smtp unix - - n - - smtp relay unix - - y - - smtp -o syslog_name=postfix/$service_name # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 0xCF8ACB83E96003E3.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
Re: postfix not resolving mDNS lookups (make it work in a LAN-without-internet)
On 8/26/19 5:18 PM, postfix-user-2019-8-26 wrote: > That's it!! > > I applied this patch (that disables chroot) and then it works [1]. Thank > you, Viktor! > > (...) > > [1] (I think is an untouched master for debian10, yes! it is in two places!) > > # diff -u /etc/postfix/master.cf.orig /etc/postfix/master.cf > --- master.cf.orig 2019-08-26 16:49:09.231356916 +0200 > +++ master.cf 2019-08-26 16:49:37.100024149 +0200 > @@ -9,7 +9,7 @@ > # service type private unpriv chroot wakeup maxproc command + args > # (yes) (yes) (no) (never) (100) > # > == > -smtp inet n - y - - smtpd > +smtp inet n - n - - smtpd > #smtp inet n - y - 1 postscreen > #smtpd pass - - y - - smtpd > #dnsblog unix - - y - 0 dnsblog > @@ -51,7 +51,7 @@ > flush unix n - y 1000? 0 flush > proxymap unix - - n - - proxymap > proxywrite unix - - n - 1 proxymap > -smtp unix - - y - - smtp > +smtp unix - - n - - smtp > relay unix - - y - - smtp > -o syslog_name=postfix/$service_name > # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 > Reviewing my config patch to make it work it is only needed to disable chroot for the smtp client part: # diff -u /etc/postfix/master.cf.orig /etc/postfix/master.cf --- master.cf.orig 2019-08-26 16:49:09.231356916 +0200 +++ master.cf 2019-08-26 17:45:10.926390350 +0200 @@ -51,7 +51,7 @@ flush unix n - y 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap -smtp unix - - y - - smtp +smtp unix - - n - - smtp relay unix - - y - - smtp -o syslog_name=postfix/$service_name # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 0xCF8ACB83E96003E3.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
Re: postfix not resolving mDNS lookups (make it work in a LAN-without-internet)
> On Aug 26, 2019, at 11:18 AM, postfix-user-2019-8-26 > wrote: > > I applied this patch (that disables chroot) and then it works [1]. Thank > you, Viktor! > > With curiosity, I do not understand why the chroot of postfix is not > resolving through the nsswitch I'm afraid I can't help you debug what's required to get mDNS working in a Debian chroot jail. The simplest solution is to not chroot the smtp(8) delivery agent. You might find some help on an appropriate Debian forum. Perhaps /var/run/avahi-daemon or similar needs to be bind mounted in the chroot jail, but that's just wild speculation: https://stackoverflow.com/questions/27905063/use-avahi-in-schroot-chroot-environment -- Viktor.
Re: Segmentation fault in xsasl_dovecot_server.c
On Sun, Aug 25, 2019 at 01:23:09PM -0400, Wietse Venema wrote: > Updated patch follows. I would appreciate it if someone could verify > that this reports no errors with a real Dovecot server. PLAIN / LOGIN works as expected for me on a lightly loaded server. -- Eray
