I have a ongoing supportcase about this but I could also use the community experience for this:
We are experiencing a high amount of deferred emails by mailer-deamon which I think is caused by our customers use of domain aliases.
We use this method to create domain alias:
zmprov cd foobar.com zimbraDomainType alias
zmprov md foobar.com zimbraMailCatchAllAddress @foobar.com zimbraMailCatchAllForwardingAddress @foo.com
We have used this for a while for many customers and got a backscatter problem which got us to use the policy daemon, adviced by zimbra support:
zmlocalconfig -e postfix_enable_smtpd_policyd=yes
zmprov mcf +zimbraMtaRestriction "check_policy_service unixrivate/policy"
We thought that would fix the problem but still we have a lot of deferred emails because of this. Here is an example today:
Sep 29 14:53:00 zimbra01 postfix/qmgr: 65E771603D5: from=<firstname.lastname@example.org>, size=3302, nrcpt=1 (queue active)
Sep 29 14:53:00 zimbra01 postfix/smtp: 2BD7F1603CE: to=<email@example.com>, orig_to=<firstname.lastname@example.org>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.5, delays=0.73/0/0.01/0.77, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=12557-12, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 65E771603D5)
Sep 29 14:53:00 zimbra01 postfix/error: 65E771603D5: to=<email@example.com>, relay=none, delay=0.06, delays=0.02/0.01/0/0.03, dsn=5.0.0, status=bounced (foo.com)
Sep 29 14:53:00 zimbra01 postfix/bounce: 65E771603D5: sender non-delivery notification: 73D651603D7
Sep 29 14:53:00 zimbra01 postfix/qmgr: 65E771603D5: removed
Sep 29 19:07:51 zimbra01 postfix/smtp: 73D651603D7: to=<firstname.lastname@example.org>, relay=none, delay=15291, delays=15261/0.01/30/0, dsn=4.4.1, status=deferred (connect to mxin1.gvt.com.br[126.96.36.199]:25: Connection timed out)
foobar.com is a domain alias to foo.com.
I also tested this myself and when I send to email@example.com (alias) i get a non delivery report, but when i send to the real domain firstname.lastname@example.org I get a reject which is what we want. Isn't the policy daemon working correctly? Anyone know how to fix this or have same experiences?
Thanks in advance