Hi, After switching to rspamd (was amavis+spamassassin), virtual_alias_maps seems to be ignored (mail to aliases address are bounced with "user unknown"), and I don't find why…
1) Before (all is fine with virtual_alias_maps) content_filter=amavis:[127.0.0.1]:10024 milter_protocol = 3 smtpd_milters = unix:run/opendkim/opendkim.sock,unix:run/opendmarc/opendmarc.sock non_smtpd_milters = $smtpd_milters milter_connect_macros = j 2) after (virtual_alias_maps ignored) # content_filter=amavis:[127.0.0.1]:10024 milter_protocol = 6 milter_default_action = tempfail smtpd_milters = inet:localhost:11332 non_smtpd_milters = $smtpd_milters milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen} All others lines are identicals, especially virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf,mysql:/etc/postfix/mysql-sympa-virtual_alias_maps.cf Any clue ? Thanks Here is a log of a mail ok with 1) postfix/pickup[25504]: 18D8F222ED4: uid=0 from=<root> postfix/cleanup[27187]: 18D8F222ED4: message-id=<20210118105545.18d8f222...@mail.sesamath.net> opendkim[5572]: 18D8F222ED4: DKIM-Signature field added (s=mail, d=sesamath.net) postfix/qmgr[25505]: 18D8F222ED4: from=<r...@sesamath.net>, size=654, nrcpt=1 (queue active) postfix/smtpd[27196]: 4822622194E: client=localhost[127.0.0.1] postfix/cleanup[27187]: 4822622194E: message-id=<20210118105545.18d8f222...@mail.sesamath.net> postfix/qmgr[25505]: 4822622194E: from=<root-m...@sesamath.net>, size=1483, nrcpt=1 (queue active) amavis[20707]: (20707-14) Passed CLEAN {RelayedInbound}, [127.0.0.1] <root-m...@sesamath.net> -> <root-m...@sesamath.net>, Message-ID: <20210118105545.18d8f222...@mail.sesamath.net>, mail_id: kvP9WKxhumWJ, Hits: -1.791, size: 988, queued_as: 4822622194E, 211 ms postfix/smtp[27192]: 18D8F222ED4: to=<r...@sesamath.net>, orig_to=<root>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.28, delays=0.07/0/0/0.21, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 4822622194E) postfix/qmgr[25505]: 18D8F222ED4: removed postfix/pipe[27197]: 4822622194E: to=<t...@sesamath.net>, orig_to=<root-m...@sesamath.net>, relay=dovecot, delay=0.15, delays=0.03/0/0/0.12, dsn=2.0.0, status=sent (delivered via dovecot service) postfix/qmgr[25505]: 4822622194E: removed and the same test ko with 2) postfix/pickup[24882]: 6DD04222ED4: uid=0 from=<root> postfix/cleanup[24914]: 6DD04222ED4: message-id=<20210118103925.6dd04222...@mail.sesamath.net> postfix/qmgr[24883]: 6DD04222ED4: from=<r...@sesamath.net>, size=383, nrcpt=1 (queue active) postfix/pipe[24920]: 6DD04222ED4: to=<r...@sesamath.net>, orig_to=<root>, relay=dovecot, delay=0.14, delays=0.09/0.01/0/0.05, dsn=5.1.1, status=bounced (user unknown) postfix/bounce[24922]: 6DD04222ED4: sender non-delivery notification: 87950222EDA postfix/qmgr[24883]: 6DD04222ED4: removed Just in case, the full postconf -n 1) alias_maps = hash:/etc/aliases anvil_rate_time_unit = 60s append_dot_mydomain = no biff = no bounce_template_file = /etc/postfix/bounce_templates.cf broken_sasl_auth_clients = yes compatibility_level = 2 content_filter = amavis:[127.0.0.1]:10024 default_destination_concurrency_limit = 5 default_destination_rate_delay = 1s default_destination_recipient_limit = 30 delay_warning_time = 1h dovecot_destination_recipient_limit = 1 header_checks = pcre:/etc/postfix/header_checks.pcre html_directory = /usr/share/doc/postfix/html inet_interfaces = all laposte_destination_concurrency_limit = 1 laposte_destination_rate_delay = 1s laposte_destination_recipient_limit = 1 milter_connect_macros = j milter_protocol = 3 mydestination = $myhostname mydomain = sesamath.net myhostname = mail.sesamath.net mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/16 mynetworks_style = subnet myorigin = $mydomain non_smtpd_milters = $smtpd_milters readme_directory = /usr/share/doc/postfix receive_override_options = no_address_mappings recipient_delimiter = _ relay_domains = $mydestination relayhost = sender_dependent_relayhost_maps = regexp:/etc/postfix/sender_dependent_relayhost_maps.regexp slow_destination_concurrency_limit = 2 slow_destination_recipient_limit = 5 smtp_generic_maps = hash:/etc/postfix/smtp_generic_maps.hash smtp_tls_fingerprint_digest = sha256 smtp_tls_loglevel = 2 smtp_tls_security_level = may smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) smtpd_client_connection_rate_limit = 30 smtpd_client_message_rate_limit = 30 smtpd_client_recipient_rate_limit = 30 smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated reject_unknown_reverse_client_hostname reject_unknown_client_hostname smtpd_data_restrictions = reject_unauth_pipelining smtpd_helo_required = yes smtpd_milters = unix:run/opendkim/opendkim.sock,unix:run/opendmarc/opendmarc.sock smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject_unknown_recipient_domain reject_non_fqdn_recipient reject_rbl_client sbl-xbl.spamhaus.org reject_rbl_client psbl.surriel.com check_policy_service unix:private/spfcheck smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_login_maps = mysql:/etc/postfix/mysql-smtpd_sender_login_maps-user.cf, mysql:/etc/postfix/mysql-smtpd_sender_login_maps-alias.cf, mysql:/etc/postfix/mysql-smtpd_sender_login_maps-sender.cf smtpd_sender_restrictions = reject_unknown_sender_domain, permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_authenticated_sender_login_mismatch smtpd_starttls_timeout = 30s smtpd_tls_cert_file = /etc/letsencrypt/live/mail.sesamath.net/fullchain.pem smtpd_tls_fingerprint_digest = sha256 smtpd_tls_key_file = /etc/letsencrypt/live/mail.sesamath.net/privkey.pem smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes smtputf8_enable = no strict_rfc821_envelopes = yes sympa_destination_recipient_limit = 1 sympabounce_destination_recipient_limit = 1 transport_maps = mysql:/etc/postfix/mysql-transport_maps.cf, hash:/etc/postfix/transport_maps.hash virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf, mysql:/etc/postfix/mysql-sympa-virtual_alias_maps.cf virtual_gid_maps = static:3002 virtual_mailbox_base = /var/vmail virtual_mailbox_domains = /etc/postfix/virtual_mailbox_domains.list virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf virtual_transport = dovecot virtual_uid_maps = static:3002 2) alias_maps = hash:/etc/aliases anvil_rate_time_unit = 60s append_dot_mydomain = no biff = no bounce_template_file = /etc/postfix/bounce_templates.cf broken_sasl_auth_clients = yes compatibility_level = 2 config_directory = test.rspamd default_destination_concurrency_limit = 5 default_destination_rate_delay = 1s default_destination_recipient_limit = 30 delay_warning_time = 1h dovecot_destination_recipient_limit = 1 header_checks = pcre:/etc/postfix/header_checks.pcre html_directory = /usr/share/doc/postfix/html inet_interfaces = all laposte_destination_concurrency_limit = 1 laposte_destination_rate_delay = 1s laposte_destination_recipient_limit = 1 milter_default_action = tempfail milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen} milter_protocol = 6 mydestination = $myhostname mydomain = sesamath.net myhostname = mail.sesamath.net mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/16 mynetworks_style = subnet myorigin = $mydomain non_smtpd_milters = $smtpd_milters readme_directory = /usr/share/doc/postfix receive_override_options = no_address_mappings recipient_delimiter = _ relay_domains = $mydestination relayhost = sender_dependent_relayhost_maps = regexp:/etc/postfix/sender_dependent_relayhost_maps.regexp slow_destination_concurrency_limit = 2 slow_destination_recipient_limit = 5 smtp_generic_maps = hash:/etc/postfix/smtp_generic_maps.hash smtp_tls_fingerprint_digest = sha256 smtp_tls_loglevel = 2 smtp_tls_security_level = may smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) smtpd_client_connection_rate_limit = 30 smtpd_client_message_rate_limit = 30 smtpd_client_recipient_rate_limit = 30 smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated reject_unknown_reverse_client_hostname reject_unknown_client_hostname smtpd_data_restrictions = reject_unauth_pipelining smtpd_helo_required = yes smtpd_milters = inet:localhost:11332 smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject_unknown_recipient_domain reject_non_fqdn_recipient reject_rbl_client sbl-xbl.spamhaus.org reject_rbl_client psbl.surriel.com check_policy_service unix:private/spfcheck smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_sender_login_maps = mysql:/etc/postfix/mysql-smtpd_sender_login_maps-user.cf, mysql:/etc/postfix/mysql-smtpd_sender_login_maps-alias.cf, mysql:/etc/postfix/mysql-smtpd_sender_login_maps-sender.cf smtpd_sender_restrictions = reject_unknown_sender_domain, permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_authenticated_sender_login_mismatch smtpd_starttls_timeout = 30s smtpd_tls_cert_file = /etc/letsencrypt/live/mail.sesamath.net/fullchain.pem smtpd_tls_fingerprint_digest = sha256 smtpd_tls_key_file = /etc/letsencrypt/live/mail.sesamath.net/privkey.pem smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes smtputf8_enable = no strict_rfc821_envelopes = yes sympa_destination_recipient_limit = 1 sympabounce_destination_recipient_limit = 1 transport_maps = mysql:/etc/postfix/mysql-transport_maps.cf, hash:/etc/postfix/transport_maps.hash virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf, mysql:/etc/postfix/mysql-sympa-virtual_alias_maps.cf virtual_gid_maps = static:3002 virtual_mailbox_base = /var/vmail virtual_mailbox_domains = /etc/postfix/virtual_mailbox_domains.list virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf virtual_transport = dovecot virtual_uid_maps = static:3002 master.cf is the same in both case (I'll remove amavis section when rspamd will be fine) # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - y - 50 smtpd submission inet n - y - 20 smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING smtps inet n - y - 50 smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING pickup fifo n - y 60 1 pickup cleanup unix n - y - 0 cleanup qmgr fifo n - n 300 1 qmgr tlsmgr unix - - y 1000? 1 tlsmgr rewrite unix - - y - - trivial-rewrite bounce unix - - y - 0 bounce defer unix - - y - 0 bounce trace unix - - y - 0 bounce verify unix - - y - 1 verify flush unix n - y 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - y - 10 smtp slow unix - - - - 3 smtp laposte unix - - - - 1 smtp relay unix - - y - 10 smtp -o smtp_fallback_relay= showq unix n - y - - showq error unix - - y - - error retry unix - - y - - error discard unix - - y - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - y - - lmtp anvil unix - - y - 1 anvil scache unix - - y - 1 scache maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -a ${recipient} -d ${user}@${nexthop} -m ${extension} spfcheck unix - n n - 0 spawn user=policyd-spf argv=/usr/sbin/postfix-policyd-spf-perl # sympa mailing list manager sympa unix - n n - - pipe flags=R user=sympa argv=/usr/lib/sympa/lib/sympa/queue ${recipient} sympabounce unix - n n - - pipe flags=R user=sympa argv=/usr/lib/sympa/lib/sympa/bouncequeue ${recipient} # for content_filter=amavis in main.cf amavis unix - - y - 2 smtp -o smtp_data_done_timeout=1200 -o disable_dns_lookups=yes -o smtp_send_xforward_command=yes -o max_use=100 # amavis return 127.0.0.1:10025 inet n - y - - smtpd -o content_filter= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o smtpd_restriction_classes= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters -o local_header_rewrite_clients= -o smtpd_milters= -o local_recipient_maps= -o relay_recipient_maps= -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -- Daniel Nous n'héritons pas la terre de nos ancêtres, nous l'empruntons à nos enfants. Seattle (chef indien)