pagure-stg01 runs now on rhel8 and when one tries to comment on a ticket, the request ends with a "Gateway timeout". Looking at the logs I can see these errors:
May 04 12:02:16 pagure-stg01.fedoraproject.org postfix/smtpd[610612]: fatal: in parameter smtpd_relay_restrictions or smtpd_recipient_restrictions, specify at least one working instance of: reject_unauth_destination, defer_unauth_destination, reject, defer, defer_if_permit or check_relay_domains May 04 12:02:17 pagure-stg01.fedoraproject.org postfix/master[610574]: warning: process /usr/libexec/postfix/smtpd pid 610612 exit status 1 May 04 12:02:17 pagure-stg01.fedoraproject.org postfix/master[610574]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling
I guess our main.cf for pagure-stg01 is not rhel8 ready and my postfix skills are not enough to fix this :(
main.cf
Whenever convenient, happy to help debug with someone.
I have hotfixed this issue but a full fix needs to be done as our configs are based on postfix 2.4 or older (aka el6) and we will be running postfix-3.3.1-12.el8.x86_64
Do we use TLS on our postfix setup? If not there isn't a huge difference in the conf, you fixed the only breaking change.
We do use tls...
I see the tls configuration now. I was only working on the default main.cf file which doesn't have it but some of the others do.
i have the changes ready for that default main.cf file (there aren't too many) should I do all the others or will some of them remain on rhel7 for the moment?
There is a compatibility mode set so that if I did miss something it shouldn't fail it will just log in warning. This can be turned off once we are sure everything is up to date.
https://pagure.io/fedora-infra/ansible/pull-request/87
Hi Mark.. I needed to test postfix port allowances on a host so put in some changes to get it 'to work'. Could you test what I did to see what works and does not.. and apologies for diving ahead on this.
No problem smooge. I'll have a look
@smooge I had a look at the new main.cf.bastion01.iad2.fedoraproject.org file you made in this commit: https://pagure.io/fedora-infra/ansible/c/5b9d2b927d215f867ca94952d52ee8b272ffe857?branch=master
main.cf.bastion01.iad2.fedoraproject.org
It is all postfix3 compliant and looks good except the below is needed if you want to receive mail:
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
Metadata Update from @mobrien: - Issue assigned to mobrien
PR updated for extra files as requested
PR merged and ready to be pushed out.
Metadata Update from @mobrien: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.