[CentOS] Postfix and virtual mail boxes.[SOLVED - kinda]

Sun Oct 10 11:53:35 UTC 2021
Peter <peter at pajamian.dhs.org>

On 10/10/21 11:28 pm, Rob Kampen wrote:
> smtp       inet  n       -       n       -       -       smtpd
>      -o smtpd_recipient_restrictions= -o content_filter=spamassassin

I assume based on what you've said before that this is after you added 
the workaround you mentioned, but the logs below are without the 
smtpd_recipient_restrictions= part here?

> Cannot see how this log listing can possibly help as it contains only 
> three lines

Nonetheless I do appreciate seeing them, no offense but you can never 
tell if someone's interpretations of the logs are accurate and so it's 
best just to see the logs themselves.

> Here is the log of the incorrectly rejected email coming into the new MX 
> - very short as it immediately rejects the alias recipient address - 
> which my other two MX do not do.


> This led me to the conclusion that the alias substitution is not taking 
> place on my new MX whereas it does on my two working MX - hence my 
> addition to the smtp processing line at the top of the master.cf file.

I wouldn't jump to that conclusion just yet, though.

That said, based on your config and logs I think I may have been wrong 
in my previous guess and it may very well be related to your 
policyd-spf.  More on that in a bit.

Can you provide the output of the following commands (but substitute the 
actual recipient domain and address for the munged versions you supplied 

postmap -q example.com mysql:/etc/postfix/mysql-virtual_alias_domains.cf

postmap -q rob at example.com mysql:/etc/postfix/mysql-virtual_forwardings.cf

postmap -q rob at example.com mysql:/etc/postfix/mysql-virtual_email2email.cf

postmap -q example.com mysql:/etc/postfix/mysql-virtual_domains.cf

postmap -q rob at example.com mysql:/etc/postfix/mysql-virtual_mailboxes.cf

The results of the above should give a much better picture of what's 
going on.

To check if it's the policyd that's causing the problem can you modify 
the smtpd_recipient_restrictions line in main.cf and remove just the 
"check_policy_service inet:localhost:12350," part?  So that it reads 
something like:

smtpd_recipient_restrictions = permit_mynetworks, 
permit_sasl_authenticated, reject_unauth_destination,
     check_policy_service unix:private/policyd-spf

Then check to see if it works after that (and provide logs again so I 
can check things over).  Note this also means reverting your workaround 
in master.cf for this test.