From c7709ceafdeadf207aa1c4c656da757b7387a97f Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Wed, 25 May 2022 19:57:21 +0200
Subject: [PATCH] fix(postfix): Fix non-functional dns lookups for lmtp

This patch fixes the unexpected dns lookup behaviour of LMTP.

By default, lmtp only check DNS names directly, by that it ignores
search domains and alike which breaks Kubernetes' lookup behaviour for
namespace internal service names, unless you explicitly configure the
whole FQDN.

This is especially confusing, because the same DNS name works perfectly
fine for SASL lookups. So while the SASL authentication works fine, the
LMTP delivery fails.

This behaviour can be fixed, by enabling native lookups, which will
re-enable regular nss behaviour including the usage of search domains,
which will allow all Kubernetes aspects to work like a charm.

I caught this on the postfix mailing list, after investigating the odd
behaviour for almost a day.

References:
https://marc.info/?l=postfix-users&m=142793569913728&w=2
---
 images/postfix/config/main.cf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/images/postfix/config/main.cf b/images/postfix/config/main.cf
index 07bfbf2d8..d827423b3 100644
--- a/images/postfix/config/main.cf
+++ b/images/postfix/config/main.cf
@@ -79,6 +79,7 @@ smtpd_sasl_security_options = noanonymous, noplaintext
 smtpd_sasl_tls_security_options = noanonymous
 smtpd_tls_auth_only = yes
 
+lmtp_host_lookup = dns, native
 virtual_transport = lmtp:inet:dovecot-internal:24
 
 ########
-- 
GitLab