On 03 Dec 2019, at 15:27, @lbutlr <krem...@kreme.com> wrote: > I have several domains, all of which have addresses with address delimiters > in use. One domain is rejecting all addresses with address extensions in the > lmtpd stage (after passing in smtpd).
# postconf -n alias_database = hash:$config_directory/aliases alias_maps = hash:$config_directory/aliases allow_percent_hack = no broken_sasl_auth_clients = yes compatibility_level = 2 disable_vrfy_command = yes dovecot_destination_recipient_limit = 1 enable_long_queue_ids = yes header_checks = pcre:/etc/postfix/header_checks.pcre home_mailbox = Maildir/ inet_interfaces = 127.0.0.1, 65.121.55.42 inet_protocols = ipv4 mailbox_command = /usr/local/bin/procmail -t -a $EXTENSION maps_rbl_reject_code = 521 message_size_limit = 26214400 milter_connect_macros = j {daemon_name} v {if_name} _ milter_default_action = accept mime_header_checks = pcre:$config_directory/mime_headers.pcre mydestination = mynetworks_style = subnet myorigin = $mydomain policyd-spf_time_limit = 3600 postscreen_access_list = cidr:$config_directory/postscreen_access.cidr postscreen_blacklist_action = drop postscreen_dnsbl_action = enforce postscreen_dnsbl_sites = ro.ascc.dnsbl.bit.nl=127.0.0.2 pl.ascc.dnsbl.bit.nl=127.0.0.2*1 fresh30.spameatingmonkey.net=127.0.0.2*1 freshzero.spameatingmonkey.net=127.0.0.2*1 zen.spamhaus.org=127.0.0.[4..11]*5 zen.spamhaus.org=127.0.0.[2..3]*1 list.dnswl.org=127.0.[0..255].0*-2 list.dnswl.org=127.0.[0..255].1*-3 list.dnswl.org=127.0.[0..255].2*-4 list.dnswl.org=127.0.[0..255].3*-5 postscreen_dnsbl_threshold = 5 postscreen_dnsbl_ttl = 3d postscreen_dnsbl_whitelist_threshold = -1 postscreen_greet_action = enforce postscreen_greet_banner = mail.covisp.net ESTMP -- Please wait postscreen_greet_ttl = 7d postscreen_greet_wait = 11s recipient_bcc_maps = pcre:$config_directory/rbcc.pcre recipient_delimiter = +_ show_user_unknown_table_name = no smtp_tls_exclude_ciphers = MD5, aDSS, kECDH, kDH, SEED, IDEA, RC2, RC5 smtp_tls_loglevel = 1 smtp_tls_security_level = may smtpd_banner = $myhostname ESMTP $mail_name $mail_version smtpd_client_auth_rate_limit = 3 smtpd_data_restrictions = reject_unauth_pipelining, reject_multi_recipient_bounce, permit smtpd_delay_open_until_valid_rcpt = no smtpd_helo_required = yes smtpd_helo_restrictions = reject_invalid_helo_hostname check_helo_access pcre:/etc/postfix/helo_checks.pcre permit smtpd_log_access_permit_actions = static:all smtpd_milters = unix:/var/run/spamass-milter.sock, smtpd_recipient_restrictions = reject_unauth_destination reject_rhsbl_sender freshzero.spameatingmonkey.net, reject_rhsbl_sender fresh30.spameatingmonkey.net, reject_rhsbl_helo dbl.spamhaus.org reject_rhsbl_sender dbl.spamhaus.org reject_rhsbl_reverse_client dbl.spamhaus.org reject_non_fqdn_sender reject_non_fqdn_recipient reject_unknown_sender_domain reject_invalid_hostname reject_unlisted_recipient reject_unlisted_sender permit smtpd_relay_restrictions = reject_unauth_destination smtpd_sasl_authenticated_header = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_starttls_timeout = 20s smtpd_tls_cert_file = /usr/local/etc/dehydrated/certs/covisp.net/fullchain.pem smtpd_tls_key_file = /usr/local/etc/dehydrated/certs/covisp.net/privkey.pem smtpd_tls_loglevel = 1 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtputf8_enable = no swap_bangpath = no tls_preempt_cipherlist = yes tls_ssl_options = no_compression undisclosed_recipients_header = To: List of Bcc addresses:; unknown_client_reject_code = 550 unknown_local_recipient_reject_code = 550 unverified_recipient_reject_reason = Address lookup failed virtual_alias_maps = proxy:mysql:$config_directory/mysql_virtual_alias_maps.cf hash:$config_directory/virtual virtual_gid_maps = static:89 virtual_mailbox_base = /usr/local/virtual virtual_mailbox_domains = proxy:mysql:$config_directory/mysql_virtual_domains_maps.cf virtual_mailbox_maps = proxy:mysql:$config_directory/mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 89 virtual_transport = lmtp:unix:private/dovecot-lmtp virtual_uid_maps = static:89 I have tested with a handful of the domains and they all work but one, which I find confusing as they all are configured the same as far as I can see in the sql database. I can’t dump the database as it contains real names and other private info, but it is a postfixadmin database that postfix and dovecot both access without complaints. So, if I send an email to ama...@myvirtualdomain.tld, virtual is set to expand that to kreme+ama...@kreme.com but in the logs it is expanded to ama...@covisp.net which does not exist and the mail is rejected. If I send directly to the +amazon address, it works. If I send to another address (t...@kreme.com => user+t...@othervirtual.tld, that works. So, the issue appears to be limited to a specific virtual domain. -- In my world there are people in chains and you can ride them like ponies