On 03 Dec 2019, at 15:27, @lbutlr <krem...@kreme.com> wrote:
> I have several domains, all of which have addresses with address delimiters 
> in use. One domain is rejecting all addresses with address extensions in the 
> lmtpd stage (after passing in smtpd). 

# postconf -n
alias_database = hash:$config_directory/aliases
alias_maps = hash:$config_directory/aliases
allow_percent_hack = no
broken_sasl_auth_clients = yes
compatibility_level = 2
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
enable_long_queue_ids = yes
header_checks = pcre:/etc/postfix/header_checks.pcre
home_mailbox = Maildir/
inet_interfaces = 127.0.0.1, 65.121.55.42
inet_protocols = ipv4
mailbox_command = /usr/local/bin/procmail -t -a $EXTENSION
maps_rbl_reject_code = 521
message_size_limit = 26214400
milter_connect_macros = j {daemon_name} v {if_name} _
milter_default_action = accept
mime_header_checks = pcre:$config_directory/mime_headers.pcre
mydestination =
mynetworks_style = subnet
myorigin = $mydomain
policyd-spf_time_limit = 3600
postscreen_access_list = cidr:$config_directory/postscreen_access.cidr
postscreen_blacklist_action = drop
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = ro.ascc.dnsbl.bit.nl=127.0.0.2
    pl.ascc.dnsbl.bit.nl=127.0.0.2*1 fresh30.spameatingmonkey.net=127.0.0.2*1
    freshzero.spameatingmonkey.net=127.0.0.2*1
    zen.spamhaus.org=127.0.0.[4..11]*5 zen.spamhaus.org=127.0.0.[2..3]*1
    list.dnswl.org=127.0.[0..255].0*-2 list.dnswl.org=127.0.[0..255].1*-3
    list.dnswl.org=127.0.[0..255].2*-4 list.dnswl.org=127.0.[0..255].3*-5
postscreen_dnsbl_threshold = 5
postscreen_dnsbl_ttl = 3d
postscreen_dnsbl_whitelist_threshold = -1
postscreen_greet_action = enforce
postscreen_greet_banner = mail.covisp.net ESTMP -- Please wait
postscreen_greet_ttl = 7d
postscreen_greet_wait = 11s
recipient_bcc_maps = pcre:$config_directory/rbcc.pcre
recipient_delimiter = +_
show_user_unknown_table_name = no
smtp_tls_exclude_ciphers = MD5, aDSS, kECDH, kDH, SEED, IDEA, RC2, RC5
smtp_tls_loglevel = 1
smtp_tls_security_level = may
smtpd_banner = $myhostname ESMTP $mail_name $mail_version
smtpd_client_auth_rate_limit = 3
smtpd_data_restrictions = reject_unauth_pipelining,
    reject_multi_recipient_bounce, permit
smtpd_delay_open_until_valid_rcpt = no
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_invalid_helo_hostname check_helo_access
    pcre:/etc/postfix/helo_checks.pcre permit
smtpd_log_access_permit_actions = static:all
smtpd_milters = unix:/var/run/spamass-milter.sock,
smtpd_recipient_restrictions = reject_unauth_destination reject_rhsbl_sender
    freshzero.spameatingmonkey.net, reject_rhsbl_sender
    fresh30.spameatingmonkey.net, reject_rhsbl_helo dbl.spamhaus.org
    reject_rhsbl_sender dbl.spamhaus.org reject_rhsbl_reverse_client
    dbl.spamhaus.org reject_non_fqdn_sender reject_non_fqdn_recipient
    reject_unknown_sender_domain reject_invalid_hostname
    reject_unlisted_recipient reject_unlisted_sender permit
smtpd_relay_restrictions = reject_unauth_destination
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_starttls_timeout = 20s
smtpd_tls_cert_file = /usr/local/etc/dehydrated/certs/covisp.net/fullchain.pem
smtpd_tls_key_file = /usr/local/etc/dehydrated/certs/covisp.net/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtputf8_enable = no
swap_bangpath = no
tls_preempt_cipherlist = yes
tls_ssl_options = no_compression
undisclosed_recipients_header = To: List of Bcc addresses:;
unknown_client_reject_code = 550
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_reason = Address lookup failed
virtual_alias_maps = proxy:mysql:$config_directory/mysql_virtual_alias_maps.cf
    hash:$config_directory/virtual
virtual_gid_maps = static:89
virtual_mailbox_base = /usr/local/virtual
virtual_mailbox_domains =
    proxy:mysql:$config_directory/mysql_virtual_domains_maps.cf
virtual_mailbox_maps =
    proxy:mysql:$config_directory/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 89
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_uid_maps = static:89

I have tested with a handful of the domains and they all work but one, which I 
find confusing as they all are configured the same as far as I can see in the 
sql database.

I can’t dump the database as it contains real names and other private info, but 
it is a postfixadmin database that postfix and dovecot both access without 
complaints.

So, if I send an email to ama...@myvirtualdomain.tld, virtual is set to expand 
that to kreme+ama...@kreme.com but in the logs it is expanded to 
ama...@covisp.net which does not exist and the mail is rejected. If I send 
directly to the +amazon address, it works. If I send to another address 
(t...@kreme.com => user+t...@othervirtual.tld, that works.

So, the issue appears to be limited to a specific virtual domain.






-- 
In my world there are people in chains and you can ride them like
        ponies

Reply via email to