Postfix: Name service error for name=domain.com type=MX: Host not found, try again

I tried to post this in Serverfault but I couldn ’ deoxythymidine monophosphate since it ’ south blocked by their spam detector .
here is the full moon text of my motion :
hawaii :
I ’ m stuck with a Postfix MX related problem.

I ’ ve just migrated a very old Centos 5 waiter to v7 so I ’ megabyte using postfix-2.10.1-7.el7.x86_64. I ’ ve upgraded the bequest suffix configuration ( possibly the campaign of this hell ) and early auxiliary gorge which seems to work :

  • postfix-perl-scripts-2.10.1-7.el7.x86_64
  • postgrey-1.34-12.el7.noarch
  • amavisd-new-2.11.1-1.el7.noarch
  • spamassassin-3.4.0-4.el7_5.x86_64
  • perl-Mail-SPF-2.8.0-4.el7.noarch
  • perl-Mail-DKIM-0.39-8.el7.noarch
  • dovecot-2.2.36-3.el7.x86_64

After many tribulations I think I got most of the system running except the annoying MX relate problems, as ( from /var/log/maillog ) :

Mar 28 14:26:48 tormento postfix/smtpd[1021]: warning: Unable to look up MX host for spmailtechn.com: Host not found, try again
Mar 28 14:26:51 tormento postfix/smtpd[1052]: warning: Unable to look up MX host for inlumine.ual.es: Host not found, try again
Mar 28 14:31:38 tormento postfix/smtpd[1442]: warning: Unable to look up MX host for aol.com: Host not found, try again
Mar 28 13:07:53 tormento postfix/smtpd[26556]: warning: Unable to look up MX host for hotmail.com: Host not found, try again
Mar 28 13:12:06 tormento postfix/smtpd[26650]: warning: Unable to look up MX host for facebookmail.com: Host not found, try again
Mar 28 13:12:31 tormento postfix/smtpd[26650]: warning: Unable to look up MX host for joker.com: Host not found, try again
Mar 28 13:13:02 tormento postfix/smtpd[26650]: warning: Unable to look up MX host for bounce.linkedin.com: Host not found, try again

and :

Mar 28 14:50:36 tormento postfix/smtp[1700]: 7B6C69C6A2: to=, orig_to=, relay=none, delay=1142, delays=1142/0.07/0/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=gmail.com type=MX: Host not found, try again)
Mar 28 14:32:05 tormento postfix/smtp[1383]: 721A19C688: to=, orig_to=, relay=none, delay=4742, delays=4742/0/0/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=yahoo.com type=MX: Host not found, try again)

as examples .
The first fishy is DNS solution but this is working both using Hetztner DNS servers ( where machine is host ) or 8.8.8.8 or 9.9.9.9 :

$ dig mx gmail.com

; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> mx gmail.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20330
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;gmail.com.			IN	MX

;; ANSWER SECTION:
gmail.com.		3014	IN	MX	10 alt1.gmail-smtp-in.l.google.com.
gmail.com.		3014	IN	MX	5 gmail-smtp-in.l.google.com.
gmail.com.		3014	IN	MX	40 alt4.gmail-smtp-in.l.google.com.
gmail.com.		3014	IN	MX	20 alt2.gmail-smtp-in.l.google.com.
gmail.com.		3014	IN	MX	30 alt3.gmail-smtp-in.l.google.com.

;; Query time: 1 msec
;; SERVER: 213.133.100.100#53(213.133.100.100)
;; WHEN: jue mar 28 14:56:00 CET 2019
;; MSG SIZE  rcvd: 161

or :


dig mx  inlumine.ual.es

; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> mx inlumine.ual.es
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38239
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;inlumine.ual.es.		IN	MX

;; ANSWER SECTION:
inlumine.ual.es.	172800	IN	MX	1 ASPMX.L.GOOGLE.COM.
inlumine.ual.es.	172800	IN	MX	10 ASPMX3.GOOGLEMAIL.COM.
inlumine.ual.es.	172800	IN	MX	10 ASPMX2.GOOGLEMAIL.COM.
inlumine.ual.es.	172800	IN	MX	5 ALT1.ASPMX.L.GOOGLE.COM.
inlumine.ual.es.	172800	IN	MX	5 ALT2.ASPMX.L.GOOGLE.COM.

;; AUTHORITY SECTION:
inlumine.ual.es.	172800	IN	NS	dns.ual.es.
inlumine.ual.es.	172800	IN	NS	alboran.ual.es.

;; Query time: 113 msec
;; SERVER: 213.133.100.100#53(213.133.100.100)
;; WHEN: jue mar 28 14:56:51 CET 2019
;; MSG SIZE  rcvd: 217

my main.cf :

$ postconf -n
address_verify_sender = postmaster@olea.org
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
body_checks = regexp:/etc/postfix/body_checks.regexp
broken_sasl_auth_clients = yes
canonical_maps = hash:/etc/postfix/canonical
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
header_checks = pcre:/etc/postfix/header_checks.pcre
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
mail_owner = postfix
mailbox_command = /usr/bin/procmail -a "$EXTENSION"
mailbox_size_limit = 200000000
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 30000000
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, tormento.olea.org, /etc/postfix/localdomains
myhostname = tormento.olea.org
newaliases_path = /usr/bin/newaliases.postfix
policy_time_limit = 3600
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
recipient_delimiter = +
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_cert_file = /etc/pki/tls/certs/tormento.olea.org.crt.pem
smtp_tls_key_file = /etc/pki/tls/private/tormento.olea.org.key.pem
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks check_client_access hash:/etc/postfix/access permit_sasl_authenticated reject_non_fqdn_recipient reject_non_fqdn_sender reject_rbl_client cbl.abuseat.org reject_rbl_client dnsbl-1.uceprotect.net reject_rbl_client zen.spamhaus.org reject_unauth_destination check_recipient_access hash:/etc/postfix/roleaccount_exceptions reject_multi_recipient_bounce check_helo_access pcre:/etc/postfix/helo_checks.pcre reject_non_fqdn_hostname reject_invalid_hostname check_sender_mx_access cidr:/etc/postfix/bogus_mx.cidr check_sender_access hash:/etc/postfix/rhsbl_sender_exceptions check_policy_service unix:postgrey/socket permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname, olea.org, cacharreo.club
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/pki/tls/certs/tormento.olea.org.crt.pem
smtpd_tls_key_file = /etc/pki/tls/private/tormento.olea.org.key.pem
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_protocols = TLSv1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_maps = hash:/etc/postfix/virtual

and my master.cf :

$ postconf -M
smtp       inet  n       -       n       -       -       smtpd
submission inet  n       -       n       -       -       smtpd -o smtpd_tls_security_level=may -o smtpd_sasl_auth_enable=yes -o cleanup_service_name=cleanup_submission -o content_filter=smtp-amavis:[127.0.0.1]:10023
smtps      inet  n       -       n       -       -       smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
pickup     unix  n       -       n       60      1       pickup
cleanup    unix  n       -       n       -       0       cleanup
qmgr       unix  n       -       n       300     1       qmgr
tlsmgr     unix  -       -       n       1000?   1       tlsmgr
rewrite    unix  -       -       n       -       -       trivial-rewrite
bounce     unix  -       -       n       -       0       bounce
defer      unix  -       -       n       -       0       bounce
trace      unix  -       -       n       -       0       bounce
verify     unix  -       -       n       -       1       verify
flush      unix  n       -       n       1000?   0       flush
proxymap   unix  -       -       n       -       -       proxymap
proxywrite unix  -       -       n       -       1       proxymap
smtp       unix  -       -       n       -       -       smtp
relay      unix  -       -       n       -       -       smtp -o fallback_relay=
showq      unix  n       -       n       -       -       showq
error      unix  -       -       n       -       -       error
retry      unix  -       -       n       -       -       error
discard    unix  -       -       n       -       -       discard
local      unix  -       n       n       -       -       local
virtual    unix  -       n       n       -       -       virtual
lmtp       unix  -       -       n       -       -       lmtp
anvil      unix  -       -       n       -       1       anvil
scache     unix  -       -       n       -       1       scache
smtp-amavis unix -       -       n       -       2       smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20
127.0.0.1:10025 inet n   -       n       -       -       smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks_style=host -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
policy     unix  -       n       n       -       2       spawn user=nobody argv=/usr/bin/perl /usr/share/postfix/policyd-spf-perl

I fear I ’ thousand missing something very obvious but I ’ ve been googling for two days doing any come of tests and immediately I don ’ thymine know what much to do .
Thanks in gain .

Post data:

well, this is embarrassing. As I predicted my problem was caused by the most obvious and trivial reason : lack of read entree to /etc/resolv.conf for the suffix user o_0
As you probably know the suffix subproceses ( smtp, smtpd, qmgr, etc ) runs with the suffix exploiter. All the comments and suggestion I ’ ve received has been related with problems accessing to DNS resolving data and the common suspects has been SELinux or a chrooted suffix. You all were veracious in the final argue. Following an advice and tried :

# sudo -u postfix -H cat /etc/resolv.conf
cat: /etc/resolv.conf: Permission denied

So… What ? ?

# ls -l /etc/resolv.conf
-rw-r-----. 1 root named 118 mar 28 20:34 /etc/resolv.conf

OMG ! … then after a chmod o+r and restarting Postfix all the e-mail on hold can be processed and sent and new chain mail is processed as expected .
I doubt I ’ ve changed the resolv.conf read permissions but I can ’ deoxythymidine monophosphate be 100 % sure. then last the problem is fixed and I ’ megabyte very deplorable for stole the attention of all of you for this farcical argue .
Thanks you all .

informant : https://themedipia.com
Category : Website hosting

Leave a Reply

Your email address will not be published.