Having a problem understanding where my issue is with AV for this one (maybe more) domain. I see the following message for this unknown user where AV seems to be working, I only cache positives....
mx1# grep 8024C2E2BD /var/log/maillog Feb 24 08:33:45 mx1 postfix/cleanup[7752]: 8024C2E2BD: message-id=<20120224133345.8024c2e...@mx1.webtent.net> Feb 24 08:33:45 mx1 postfix/qmgr[73990]: 8024C2E2BD: from=<double-bou...@mx1.webtent.net>, size=271, nrcpt=1 (queue active) Feb 24 08:33:50 mx1 postfix/smtp[6812]: 8024C2E2BD: enabling PIX workarounds: disable_esmtp delay_dotcrlf for x.x.x.x[x.x.x.x]:25 Feb 24 08:33:55 mx1 postfix/smtp[6812]: 8024C2E2BD: to=<tmia...@example.com>, relay=x.x.x.x[x.x.x.x]:25, delay=10, delays=0.01/0.01/5.1/5, dsn=5.1.1, status=undeliverable-but-not-cached (host x.x.x.x[x.x.x.x] said: 550 5.1.1 User unknown (in reply to RCPT TO command)) Feb 24 08:34:00 mx1 postfix/qmgr[73990]: 8024C2E2BD: removed But unlike other domains that we transport for, I do not see the NOQUEUE reject log entries for this user address, I do see the deliveries for this user to localhost for scanning. Does this mean the address is in the verify db already as a good address? But then I would not understand why it would be checking again if that was the case. I do understand that AV will not reject if it can answer promptly, but still can't figure out why these messages are getting to the local scanner.... mx1# grep 83C1B2E2D6 /var/log/maillog Feb 24 08:33:45 mx1 postfix/smtpd[7085]: 83C1B2E2D6: client=rot.hbagac.com[70.99.240.229] Feb 24 08:33:45 mx1 postfix/cleanup[7806]: 83C1B2E2D6: message-id=<1psq9w1e2.xplsni5lho6...@hbagac.com> Feb 24 08:33:45 mx1 postfix/qmgr[73990]: 83C1B2E2D6: from=<cordial...@hbagac.com>, size=8570, nrcpt=1 (queue active) Feb 24 08:33:48 mx1 postfix/smtp[5906]: 83C1B2E2D6: to=<tmia...@example.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=3.4, delays=0.47/0/0/2.9, dsn=2.7.1, status=sent (250 2.7.1 Ok, discarded, UBE, id=07851-02) Feb 24 08:33:48 mx1 postfix/qmgr[73990]: 83C1B2E2D6: removed Can someone help me understand what I have going on here with this domain? Here is my postfconf if it can shed some light ... mx1# postconf -n address_verify_map = btree:$data_directory/verify address_verify_negative_cache = no address_verify_poll_count = 1 alias_maps = hash:/usr/local/etc/postfix/aliases bounce_queue_lifetime = 1d broken_sasl_auth_clients = yes canonical_maps = ldap:/usr/local/etc/postfix/ldap/canonical.cf command_directory = /usr/local/sbin config_directory = /usr/local/etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/local/libexec/postfix data_directory = /var/db/postfix delay_warning_time = 4h disable_vrfy_command = yes html_directory = /usr/local/share/doc/postfix mail_owner = postfix mailbox_size_limit = 102400000 mailq_path = /usr/local/bin/mailq manpage_directory = /usr/local/man maximal_backoff_time = 1000s maximal_queue_lifetime = 1d message_size_limit = 51200000 mynetworks = 127.0.0.0/8, <snip> newaliases_path = /usr/local/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/local/share/doc/postfix relay_domains = ldap:/usr/local/etc/postfix/ldap/transport.cf sample_directory = /usr/local/etc/postfix sendmail_path = /usr/local/sbin/sendmail setgid_group = maildrop smtpd_banner = $myhostname ESMTP Mail Exchange smtpd_data_restrictions = reject_unauth_pipelining, permit smtpd_helo_restrictions = permit_mynetworks smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_client_access cidr:/usr/local/etc/postfix/relay_clients, check_client_access ldap:/usr/local/etc/postfix/ldap/relay_clients.cf, check_client_access hash:/usr/local/etc/postfix/client_checks, reject_unauth_destination, reject_non_fqdn_sender, reject_non_fqdn_recipient, check_helo_access hash:/usr/local/etc/postfix/helo_checks, check_recipient_access pcre:/usr/local/etc/postfix/recipient_checks.pcre, check_recipient_access ldap:/usr/local/etc/postfix/ldap/verification.cf, reject_rbl_client zen.spamhaus.org, permit smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_local_domain = $myhostname smtpd_sasl_path = smtpd smtpd_sasl_security_options = noanonymous smtpd_sender_restrictions = permit_mynetworks check_sender_access hash:/usr/local/etc/postfix/sender_access reject_unknown_sender_domain check_sender_access ldap:/usr/local/etc/postfix/ldap/verification-sender.cf smtpd_tls_CAfile = /usr/local/etc/postfix/cacert.pem smtpd_tls_cert_file = /usr/local/etc/postfix/mx1-cert.pem smtpd_tls_key_file = /usr/local/etc/postfix/mx1-key.pem smtpd_tls_security_level = may smtpd_use_tls = yes transport_maps = ldap:/usr/local/etc/postfix/ldap/transport.cf unknown_local_recipient_reject_code = 550 unverified_recipient_reject_code = 550 unverified_sender_reject_code = 550 Thank you.
