On Thu, Mar 04, 2021 at 01:24:59PM -0500, Steve Dondley wrote:
> After staring at these logs some more and piecing together the advice
> here, here's my understanding of what's happening:
>
> * Mail comes in via smtpd as user sends mail. It's going to 3
> recipients. I'm not sure who those might be. Maybe the catchall
> account and the two users the email is going to?
If the user addresses three recipients in a single message, that message
will get one queue-id when initially accepted by Postfix. So, one
message, three envelope recipients.
When does the envelope split? That is, when do you see more than one
queue-id with the original message-id?
When do you add Bcc recipients?
> * Mail goes into the qmgr
Messages don't go into "qmgr", it just schedules their delivery,
messages come via smtpd+cleanup or pickup+cleanup. You should see log
messages from these showing message "arrival", especially "cleanup",
which reports both the queue-id and the message-id.
What you get out of the qmgr log entries is the number of envelope
recipients of the queue-id in question. The rest is not important
in this context.
What are then more interesting are log messages from delivery agents,
particularly smtp(8), which reports both the queue-id of the current
message, and the response from the remote server, which often has
the upstream queue-id.
If not all the recipients of a message delivered via smtp(8) show the
same nexthop relay and nexthop reply text, then the envelope was
split, and any downstream processing is now happening on multiple
copies of the message.
> * Mail gets filtered by spamassassin
How many times?
> * filtered mail comes back to qmgr so qmgr can start delivering them
Again, not "qmgr" but smtpd+cleanup.
> * a copy of the email goes out to catchall
If a BCC was added by cleanup(8), then the message will have an extra
envelope recipient, that's the thing to look for. Are more recipients
present than accounted for from the source.
> * a second copy of the email goes out to catchall, twice. I don't know why.
You're not reading the logs carefully.
--
Viktor.
