Bill, The particular internal sender host is running Sendmail. Their admin sent me their log for the specific queueID my system accepted.
[root@use1otomprd01 /var/log]# fgrep '5825ZbvF01207' maillog* maillog-20250907:Sep 2 01:35:37 use1otomprd01 sendmail[12075]: 5825ZbvF012075: Authentication-Warning: use1otomprd01: otosadm set sender to mg-procurement-operat...@example.com using -f maillog-20250907:Sep 2 01:35:39 use1otomprd01 sendmail[12075]: 5825ZbvF012075: from=mg-procurement-operat...@example.com, size=936398, class=0, nrcpts=1, msgid=202509020535.5825ZbvF012075@use1otomprd01, relay=otosadm@localhost maillog-20250907:Sep 2 01:35:39 use1otomprd01 sendmail[12075]: 5825ZbvF012075: to=katherine...@bizpro.cn, ctladdr=mg-procurement-operat...@example.com (17423/1036), delay=00:00:02, xdelay=00:00:00, mailer=relay, pri=966398, relay=externaldelivery.example.com[y.y.y.y], dsn=2.0.0, stat=Sent (Ok: queued as 4cGDwq3YqbzjB8nV) I presumed that the sendmail system did not rewrite the recipient domain because it (the rewrite) was not present in the sendmail log. Chris John -----Original Message----- From: Bill Cole via Postfix-users <postfix-users@postfix.org> Sent: Monday, September 8, 2025 6:04 PM To: John, Chris via Postfix-users <postfix-users@postfix.org> Subject: [pfx] Re: Unexpected Recipient Domain Rewrite [Use CAUTION when opening links/attachments] On 2025-09-08 at 14:37:59 UTC-0400 (Mon, 8 Sep 2025 18:37:59 +0000) John, Chris via Postfix-users <chris.j...@bms.com> is rumored to have said: > I have a postfix 3.5.2 system that accepts messages from internal > hosts and relays to internal destinations and to an email perimeter > that delivers to external (Internet) domains. Are the internal hosts runniong Popstfix or something else? Sendmail, for example? > The issue I'm seeing is regarding external domains that do not follow > DNS best practices and have CNAME records published for the same > domain that their MX records are published for. > > What I end up with is the recipient being changed from the intended > domain to the value of the published CNAME. That is a default behavior of Sendmail in many distributions and historically. It is consistent with the historical formal meaning of the CNAME record, which is that the result of the CNAME query is the *PROPER* name which should be used instead of the alias name. As Wietse has already noted, the log lines you provided state clearly that the message arrived and was delivered with the same recipient. Also, this log line provides a clue: [...] > Sep 2 01:35:39 mailhost postfix/cleanup[26989]: 4cGDwq3YqbzjB8nV: > warning: header Received: (from otosadm@localhost)??by use1otomprd01 > (8.15.2/8.14.7/Submit) id 5825ZbvF012075??for katherine...@bizpro.cn; > Tue, 2 Sep 2025 01:35:37 -0400 from unknown[x.x.x.x]; > from=<mg-procurement-operat...@example.com> > to=<katherine...@web.b51.vhostgo.com> proto=ESMTP helo=<use1otomprd01> That's a Sendmail-constructed Received header, being logged due to a Postfix header_checks match. It shows the initial submission of the message using the alias domain name. Sendmail rewrites that address to use the canonical name. This can be fixed on the machine running Sendmail by changing flags for one of the mailer definitions. See the Bat Book or Sendmail ops guide for details. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo@toad.social and many *@billmail.scconsult.com addresses) Not Currently Available For Hire _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org ________________________________ This message (including any attachments) may contain confidential, proprietary, privileged and/or private information. The information is intended to be for the use of the individual or entity designated above. If you are not the intended recipient of this message, please notify the sender immediately, and delete the message and any attachments. Any disclosure, reproduction, distribution or other use of this message or any attachments by an individual or entity other than the intended recipient is prohibited. _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
