PROBLEM: We still have this bug. I will quote https://bugs.launchpad.net/ubuntu/+source/qmail/+bug/1333558 here: ============================================================================= When qmail tries to deliver emails to a domain that is DNSSEC-enabled the response it gets is often way larger than 512 Byte (2-5k is often experienced) since it queries for ANY instead of A,AAAA and MX. The result is that the delivery of mails to those domains can not be performed and the queue just increases. I got the error "deferral: CNAME_lookup_failed_temporarily._(#4.4.3)/" in the log file. ============================================================================= HOW TO REPRODUCE: 1. find any domain with large dns query, for example megafon.ru: ============================================================================== dig megafon.ru ANY ; <<>> DiG 9.12.3-P4 <<>> megafon.ru ANY ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63104 ;; flags: qr rd ra; QUERY: 1, ANSWER: 17, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;megafon.ru. IN ANY ;; ANSWER SECTION: megafon.ru. 1202 IN SOA ns1.misp.ru. nossc.megafon.ru. 3000653548 10800 3600 604800 10800 megafon.ru. 1202 IN MX 10 mx4.megafon.ru. megafon.ru. 1202 IN MX 20 sib-mx01.megafon.ru. megafon.ru. 1202 IN MX 20 sib-mx02.megafon.ru. megafon.ru. 1202 IN MX 20 vlg-mx01.megafon.ru. megafon.ru. 1202 IN MX 20 vlg-mx02.megafon.ru. megafon.ru. 1202 IN MX 10 mx.megafon.ru. megafon.ru. 1202 IN MX 10 mx2.megafon.ru. megafon.ru. 1202 IN MX 10 mx3.megafon.ru. megafon.ru. 1202 IN AAAA 2a03:d000:4006:2:10:99:74:132 megafon.ru. 1202 IN A 85.26.148.161 megafon.ru. 1202 IN NS ns1.misp.ru. megafon.ru. 1202 IN NS ns2.misp.ru. megafon.ru. 1202 IN TXT "mailru-verification: 13ed24f252f7b4d8" megafon.ru. 1202 IN TXT "facebook-domain-verification=yn137jjulngoiebkp8pace2zjtfv5a" megafon.ru. 1202 IN TXT "v=spf1 include:_spf01.megafon.ru include:_spf02.megafon.ru ~all" megafon.ru. 1202 IN TXT "ca0bc90825294abaa3d2777c4e7406a8" ;; Query time: 21 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Пт ноя 29 15:15:56 MSK 2019 ;; MSG SIZE rcvd: 588 =============================================================================== "MSG SIZE rcvd: 588" - that's enought 2. send mail to any address in megafon.ru, for example "not_existent_mailbox@megafon.ru" 3. see qmail-send logs @400000005de1033e2852af6c starting delivery 491: msg 7879766 to remote not_existent_mailbox@megafon.ru @400000005de1033e2852c2f4 status: local 0/10 remote 2/10 @400000005de10348286acb4c delivery 491: deferral: CNAME_lookup_failed_temporarily._(#4.4.3)/ WORKAROUND: use dnscache, it as ols as qmail and don't process these large queries: emerge -av djbdbs dnscache-conf dnscache dnslog /var/dnscache 127.0.0.2 ln -s /var/dnscache /service/dnscache rc-service restart svscan and change resolver in /etc/resolv.conf and /etc/conf.d/net*
This is the "any-to-cname" patch that is missing here, and I wonder why noone has ever noticed (I know why I have not noticed it, but that is a different story). Please just drop this into /etc/portage/patches/mail-mta/netqmail for the moment: http://www.memoryhole.net/qmail/any-to-cname.patch
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=668d198ff2da26953b3d6f9df3f8aea93375317d commit 668d198ff2da26953b3d6f9df3f8aea93375317d Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2019-11-30 22:42:42 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2019-12-03 13:34:53 +0000 mail-mta/netqmail: avoid ANY DNS queries Closes: https://bugs.gentoo.org/701476 Signed-off-by: Rolf Eike Beer <eike@sf-mail.de> Closes: https://github.com/gentoo/gentoo/pull/13816 Signed-off-by: Joonas Niilola <juippis@gentoo.org> .../files/netqmail-1.06-any-to-cname.patch | 74 ++++++++ mail-mta/netqmail/netqmail-1.06-r12.ebuild | 199 +++++++++++++++++++++ 2 files changed, 273 insertions(+)