On 11/10/21 12:53 am, Peter wrote: > On 10/10/21 11:28 pm, Rob Kampen wrote: >> smtp inet n - n - - smtpd >> -o smtpd_recipient_restrictions= -o content_filter=spamassassin > > I assume based on what you've said before that this is after you added > the workaround you mentioned, but the logs below are without the > smtpd_recipient_restrictions= part here? Correct, once I added the -o smtpd_recipient_restrictions= the alias substitutions worked and the log becomes much longer as all the various processes complete and add their trace to the maillog. > >> Cannot see how this log listing can possibly help as it contains only >> three lines > > Nonetheless I do appreciate seeing them, no offense but you can never > tell if someone's interpretations of the logs are accurate and so it's > best just to see the logs themselves. > >> Here is the log of the incorrectly rejected email coming into the new >> MX - very short as it immediately rejects the alias recipient address >> - which my other two MX do not do. > > Right. > >> This led me to the conclusion that the alias substitution is not >> taking place on my new MX whereas it does on my two working MX - >> hence my addition to the smtp processing line at the top of the >> master.cf file. > > I wouldn't jump to that conclusion just yet, though. > > That said, based on your config and logs I think I may have been wrong > in my previous guess and it may very well be related to your > policyd-spf. More on that in a bit. > > Can you provide the output of the following commands (but substitute > the actual recipient domain and address for the munged versions you > supplied here): > > postmap -q example.com mysql:/etc/postfix/mysql-virtual_alias_domains.cf > > postmap -q rob at example.com > mysql:/etc/postfix/mysql-virtual_forwardings.cf > > postmap -q rob at example.com > mysql:/etc/postfix/mysql-virtual_email2email.cf > > postmap -q example.com mysql:/etc/postfix/mysql-virtual_domains.cf > > postmap -q rob at example.com mysql:/etc/postfix/mysql-virtual_mailboxes.cf > > The results of the above should give a much better picture of what's > going on. OK - just to let you know the munge I used. example.com is an alias domain for example.org which is the actual domain with Maildir space on the server. rob@ is alias for rkampen@ thus the only real address is rkampen at example.org now the results [root at mx rkampen]# postmap -q example.org mysql:/etc/postfix/mysql-virtual_alias_domains.cf [root at mx rkampen]# postmap -q example.org mysql:/etc/postfix/mysql-virtual_domains.cf example.org [root at mx rkampen]# postmap -q example.com mysql:/etc/postfix/mysql-virtual_alias_domains.cf example.com [root at mx rkampen]# postmap -q example.com mysql:/etc/postfix/mysql-virtual_domains.cf [root at mx rkampen]# postmap -q rob at example.com mysql:/etc/postfix/mysql-virtual_forwardings.cf [root at mx rkampen]# postmap -q rob at example.org mysql:/etc/postfix/mysql-virtual_forwardings.cf rkampen at example.org [root at mx rkampen]# postmap -q @example.com mysql:/etc/postfix/mysql-virtual_forwardings.cf @example.org [root at mx rkampen]# postmap -q rob at example.com mysql:/etc/postfix/mysql-virtual_email2email.cf [root at mx rkampen]# postmap -q rob at example.org mysql:/etc/postfix/mysql-virtual_email2email.cf [root at mx rkampen]# postmap -q rkampen at example.org mysql:/etc/postfix/mysql-virtual_email2email.cf rkampen at example.org [root at mx rkampen]# postmap -q rkampen at example.com mysql:/etc/postfix/mysql-virtual_email2email.cf [root at mx rkampen]# postmap -q rkampen at example.com mysql:/etc/postfix/mysql-virtual_mailboxes.cf [root at mx rkampen]# postmap -q rkampen at example.org mysql:/etc/postfix/mysql-virtual_mailboxes.cf example.org/rkampen/ As all but mysql-virtual_alias_domains.cf are copies from the other MX, I think these are fine. Also as email presented via port 587 via an authenticated STARTTLS session actually work fine, I have no reason to suspect any issues in this area. > > To check if it's the policyd that's causing the problem can you modify > the smtpd_recipient_restrictions line in main.cf and remove just the > "check_policy_service inet:localhost:12350," part? So that it reads > something like: > > smtpd_recipient_restrictions = permit_mynetworks, > permit_sasl_authenticated, reject_unauth_destination, > check_policy_service unix:private/policyd-spf > > Then check to see if it works after that (and provide logs again so I > can check things over). Note this also means reverting your > workaround in master.cf for this test. Well that may have done it! Now I get a correctly sent email with the alias substitutions done. Funny how that line seems to cause no error on my two original MX - looks like I better check them out a little more too. Here is the munged log (same munging as above) Oct 11 13:53:09 mx postfix/smtpd[10711]: connect from mail-pj1-x1030.google.com[2607:f8b0:4864:20::1030] Oct 11 13:53:10 mx policyd-spf[10723]: ERROR: Unknown name "TestOnly" in file "/etc/python-policyd-spf/policyd-spf.conf" Oct 11 13:53:10 mx policyd-spf[10723]: None; identity=helo; client-ip=2607:f8b0:4864:20::1030; helo=mail-pj1-x1030.google.com; envelope-from=rob at prolinkcentral.com; receiver=rkampen at example.com Oct 11 13:53:11 mx policyd-spf[10723]: None; identity=mailfrom; client-ip=2607:f8b0:4864:20::1030; helo=mail-pj1-x1030.google.com; envelope-from=rob at prolinkcentral.com; receiver=rkampen at example.com Oct 11 13:53:11 mx postfix/smtpd[10711]: 332699E29D: client=mail-pj1-x1030.google.com[2607:f8b0:4864:20::1030] Oct 11 13:53:11 mx postfix/cleanup[10725]: 332699E29D: message-id=<8a5de3cf-3dbb-062e-e48c-69e320ff60e7 at prolinkcentral.com> Oct 11 13:53:11 mx opendkim[1040]: 332699E29D: mail-pj1-x1030.google.com [2607:f8b0:4864:20::1030] not internal Oct 11 13:53:11 mx opendkim[1040]: 332699E29D: not authenticated Oct 11 13:53:12 mx opendkim[1040]: 332699E29D: DKIM verification successful Oct 11 13:53:12 mx postfix/qmgr[10600]: 332699E29D: from=<rob at prolinkcentral.com>, size=3223, nrcpt=1 (queue active) Oct 11 13:53:12 mx spamd[2843]: spamd: connection from localhost [::1]:42696 to port 783, fd 6 Oct 11 13:53:12 mx spamd[2843]: spamd: setuid to spamd succeeded Oct 11 13:53:12 mx spamd[2843]: spamd: processing message <8a5de3cf-3dbb-062e-e48c-69e320ff60e7 at prolinkcentral.com> for spamd:5001 Oct 11 13:53:12 mx postfix/smtpd[10711]: disconnect from mail-pj1-x1030.google.com[2607:f8b0:4864:20::1030] Oct 11 13:53:13 mx spamd[2843]: spamd: clean message (0.0/5.0) for spamd:5001 in 1.2 seconds, 3432 bytes. Oct 11 13:53:13 mx spamd[2843]: spamd: result: . 0 - DKIM_SIGNED,DKIM_VALID,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_NONE scantime=1.2,size=3432,user=spamd,uid=5001,required_score=5.0,rhost=localhost,raddr=::1,rport=42696,mid=<8a5de3cf-3dbb-062e-e48c-69e320ff60e7 at prolinkcentral.com>,autolearn=ham autolearn_force=no Oct 11 13:53:13 mx postfix/pipe[10727]: 332699E29D: to=<rkampen at example.org>, orig_to=<rkampen at example.com>, relay=spamassassin, delay=3.4, delays=2.1/0.02/0/1.3, dsn=2.0.0, status=sent (delivered via spamassassin service) Oct 11 13:53:13 mx postfix/qmgr[10600]: 332699E29D: removed Oct 11 13:53:13 mx postfix/pickup[10599]: CBDB2B82E6: uid=5001 from=<rob at prolinkcentral.com> Oct 11 13:53:13 mx postfix/cleanup[10725]: CBDB2B82E6: message-id=<8a5de3cf-3dbb-062e-e48c-69e320ff60e7 at prolinkcentral.com> Oct 11 13:53:13 mx opendkim[1040]: CBDB2B82E6: no signing table match for 'rob at prolinkcentral.com' Oct 11 13:53:13 mx spamd[1392]: prefork: child states: II Oct 11 13:53:14 mx opendkim[1040]: CBDB2B82E6: DKIM verification successful Oct 11 13:53:14 mx postfix/qmgr[10600]: CBDB2B82E6: from=<rob at prolinkcentral.com>, size=3859, nrcpt=1 (queue active) Oct 11 13:53:16 mx postfix/smtpd[10734]: connect from localhost[127.0.0.1] Oct 11 13:53:16 mx postfix/smtpd[10734]: EE7C99E29D: client=localhost[127.0.0.1] Oct 11 13:53:16 mx postfix/cleanup[10725]: EE7C99E29D: message-id=<8a5de3cf-3dbb-062e-e48c-69e320ff60e7 at prolinkcentral.com> Oct 11 13:53:17 mx opendkim[1040]: EE7C99E29D: no signing table match for 'rob at prolinkcentral.com' Oct 11 13:53:17 mx opendkim[1040]: EE7C99E29D: DKIM verification successful Oct 11 13:53:17 mx postfix/smtpd[10734]: disconnect from localhost[127.0.0.1] Oct 11 13:53:17 mx postfix/qmgr[10600]: EE7C99E29D: from=<rob at prolinkcentral.com>, size=4126, nrcpt=1 (queue active) Oct 11 13:53:17 mx amavis[2831]: (02831-04) Passed CLEAN {RelayedOpenRelay}, [127.0.0.1] [192.168.128.235] <rob at prolinkcentral.com> -> <rkampen at example.org>, Message-ID: <8a5de3cf-3dbb-062e-e48c-69e320ff60e7 at prolinkcentral.com>, mail_id: 7PNe4rZbbMof, Hits: 0.003, size: 3884, queued_as: EE7C99E29D, dkim_sd=20210112:prolinkcentral-co-nz.20210112.gappssmtp.com, 2598 ms Oct 11 13:53:17 mx postfix/smtp[10732]: CBDB2B82E6: to=<rkampen at example.org>, relay=127.0.0.1[127.0.0.1]:10024, delay=3.3, delays=0.66/0.02/0.01/2.6, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as EE7C99E29D) Oct 11 13:53:17 mx postfix/qmgr[10600]: CBDB2B82E6: removed Oct 11 13:53:17 mx postfix/pipe[10736]: EE7C99E29D: to=<rkampen at example.org>, relay=dovecot, delay=0.24, delays=0.13/0.02/0/0.09, dsn=2.0.0, status=sent (delivered via dovecot service) Oct 11 13:53:17 mx postfix/qmgr[10600]: EE7C99E29D: removed I see an ERROR on line two - no idea why - my reading on this file suggested that TestOnly is the latest correct line, hence I edited to this..... Thanks Peter, your help has been invaluable and MUCH appreciated! > > > Peter > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos