Bill, The particular internal sender host is running Sendmail. Their admin sent me their log for the specific queueID my system accepted.
[root@use1otomprd01 /var/log]# fgrep '5825ZbvF01207' maillog* maillog-20250907:Sep 2 01:35:37 use1otomprd01 sendmail[12075]: 5825ZbvF012075: Authentication-Warning: use1otomprd01: otosadm set sender to [email protected] using -f maillog-20250907:Sep 2 01:35:39 use1otomprd01 sendmail[12075]: 5825ZbvF012075: [email protected], size=936398, class=0, nrcpts=1, msgid=202509020535.5825ZbvF012075@use1otomprd01, relay=otosadm@localhost maillog-20250907:Sep 2 01:35:39 use1otomprd01 sendmail[12075]: 5825ZbvF012075: [email protected], [email protected] (17423/1036), delay=00:00:02, xdelay=00:00:00, mailer=relay, pri=966398, relay=externaldelivery.example.com[y.y.y.y], dsn=2.0.0, stat=Sent (Ok: queued as 4cGDwq3YqbzjB8nV) I presumed that the sendmail system did not rewrite the recipient domain because it (the rewrite) was not present in the sendmail log. Chris John -----Original Message----- From: Bill Cole via Postfix-users <[email protected]> Sent: Monday, September 8, 2025 6:04 PM To: John, Chris via Postfix-users <[email protected]> Subject: [pfx] Re: Unexpected Recipient Domain Rewrite [Use CAUTION when opening links/attachments] On 2025-09-08 at 14:37:59 UTC-0400 (Mon, 8 Sep 2025 18:37:59 +0000) John, Chris via Postfix-users <[email protected]> is rumored to have said: > I have a postfix 3.5.2 system that accepts messages from internal > hosts and relays to internal destinations and to an email perimeter > that delivers to external (Internet) domains. Are the internal hosts runniong Popstfix or something else? Sendmail, for example? > The issue I'm seeing is regarding external domains that do not follow > DNS best practices and have CNAME records published for the same > domain that their MX records are published for. > > What I end up with is the recipient being changed from the intended > domain to the value of the published CNAME. That is a default behavior of Sendmail in many distributions and historically. It is consistent with the historical formal meaning of the CNAME record, which is that the result of the CNAME query is the *PROPER* name which should be used instead of the alias name. As Wietse has already noted, the log lines you provided state clearly that the message arrived and was delivered with the same recipient. Also, this log line provides a clue: [...] > Sep 2 01:35:39 mailhost postfix/cleanup[26989]: 4cGDwq3YqbzjB8nV: > warning: header Received: (from otosadm@localhost)??by use1otomprd01 > (8.15.2/8.14.7/Submit) id 5825ZbvF012075??for [email protected]; > Tue, 2 Sep 2025 01:35:37 -0400 from unknown[x.x.x.x]; > from=<[email protected]> > to=<[email protected]> proto=ESMTP helo=<use1otomprd01> That's a Sendmail-constructed Received header, being logged due to a Postfix header_checks match. It shows the initial submission of the message using the alias domain name. Sendmail rewrites that address to use the canonical name. This can be fixed on the machine running Sendmail by changing flags for one of the mailer definitions. See the Bat Book or Sendmail ops guide for details. -- Bill Cole [email protected] or [email protected] (AKA @[email protected] and many *@billmail.scconsult.com addresses) Not Currently Available For Hire _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected] ________________________________ This message (including any attachments) may contain confidential, proprietary, privileged and/or private information. The information is intended to be for the use of the individual or entity designated above. If you are not the intended recipient of this message, please notify the sender immediately, and delete the message and any attachments. Any disclosure, reproduction, distribution or other use of this message or any attachments by an individual or entity other than the intended recipient is prohibited. _______________________________________________ Postfix-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
