I have postfix running on OpenBSD, and I'm having trouble with it appending a search domain when none is configured in either postfix or the local DNS server (dnsmasq).
My domain has a wildcard CNAME entry (*.example.com) pointing at myhost.example.com.
I know that normally, in order to make it behave like this I would have a 'search' entry in my resolv.conf, but I have no such entry. My /etc/resolv.conf contains:
nameserver 127.0.0.1
nameserver <my ISP's DNS 1>
nameserver <my ISP's DNS 2>
Dnsmasq knows to ignore the localhost entry (and says so in logs), but it means that other services look up in dnsmasq. dnsmasq is using only default config, with no changes at all.
If I enable logging in dnsmasq I get entries like this:
Dec 15 10:39:56 mail dnsmasq[640]: query[A] ncwfood.com from 127.0.0.1
Dec 15 10:39:56 mail dnsmasq[640]: forwarded ncwfood.com to <my ISP's DNS 1>
Dec 15 10:39:56 mail dnsmasq[640]: reply ncwfood.com is NXDOMAIN-IPv4
Dec 15 10:39:56 mail dnsmasq[640]: query[AAAA] ncwfood.com from 127.0.0.1
Dec 15 10:39:56 mail dnsmasq[640]: forwarded ncwfood.com to <my ISP's DNS 1>
Dec 15 10:39:56 mail dnsmasq[640]: reply ncwfood.com is NXDOMAIN-IPv6
That's all correct for a failing lookup, and dnsmasq is doing what it should. Then postfix does this:
Dec 15 10:39:56 mail dnsmasq[640]: query[A] ncwfood.com.example.com from 127.0.0.1
Dec 15 10:39:56 mail dnsmasq[640]: forwarded ncwfood.com.example.com to <my ISP's DNS 1>
Dec 15 10:39:56 mail dnsmasq[640]: reply myhost.example.com is <my IP>
Dec 15 10:39:56 mail dnsmasq[640]: query[AAAA] ncwfood.com.example.com from 127.0.0.1
Dec 15 10:39:56 mail dnsmasq[640]: cached ncwfood.com.example.com is <CNAME>
Dec 15 10:39:56 mail dnsmasq[640]: cached myhost.example.com is 2001:4b98:...
It appends my domain, does a lookup, matches the wildcard and ends up pointing where it shouldn't. If I issue name lookups directly to dnsmasq (e.g. with dig @localhost ...), it does not do these extra lookups, so it's definitely postfix that's doing it.
In my postfix config I have set it to defer to the system DNS service (dnsmasq), not to use its own dns resolver, and not to append a search domain, like this:
lmtp_host_lookup = native
smtp_host_lookup = native
smtp_dns_resolver_options =
disable_dns_lookups = yes
ignore_mx_lookup_error = no
The 'native' directive is clearly working as I am seeing the lookups in dnsmasq logs. According to the docs it seems as if smtp_dns_resolver_options is acting as if it's set to res_dnsrch, but it's not (it's blank).
Here's my postfix log from the same message transaction:
Dec 15 10:40:26 mail postfix/smtp[29517]: connect to ncwfood.com[46....]:25: Connection timed out
Dec 15 10:40:26 mail postfix/smtp[29517]: connect to ncwfood.com[2001:4b98:...]:25: No route to host
Dec 15 10:40:26 mail postfix/smtp[29517]: 22F8A3A4F0F: to=<xxx@ncwfood.com>, relay=none, delay=168442, delays=168412/0.33/30/0, dsn=4.4.1, status=deferred (connect to ncwfood.com[2001:4b98:...]:25: No route to host)
The address it's trying to connect to is my wildcard host which is not running a mail server, hence the connection failures.
I found a release note saying that postfix used to automatically append domains, but that was stopped in version 2.8; I'm running 2.10.
How can I stop postfix from doing these lookups?
Best Answer
I don't think
disable_dns_lookupsdoes what you think it does. From http://www.postfix.org/postconf.5.htmlI would suggest looking at some of the other postfix parameters like: append_at_myorigin and append_dot_mydomain as well as local_header_rewrite_clients
The output from postconf -n would help as well.