Hi,

I have a ongoing supportcase about this but I could also use the community experience for this:

We are experiencing a high amount of deferred emails by mailer-deamon which I think is caused by our customers use of domain aliases.

We use this method to create domain alias:
zmprov cd foobar.com zimbraDomainType alias
zmprov md foobar.com zimbraMailCatchAllAddress @foobar.com zimbraMailCatchAllForwardingAddress @foo.com

We have used this for a while for many customers and got a backscatter problem which got us to use the policy daemon, adviced by zimbra support:

zmlocalconfig -e postfix_enable_smtpd_policyd=yes
zmprov mcf +zimbraMtaRestriction "check_policy_service unixrivate/policy"

We thought that would fix the problem but still we have a lot of deferred emails because of this. Here is an example today:
Sep 29 14:53:00 zimbra01 postfix/qmgr[20233]: 65E771603D5: from=<noseoi2831@gvt.net.br>, size=3302, nrcpt=1 (queue active)
Sep 29 14:53:00 zimbra01 postfix/smtp[3029]: 2BD7F1603CE: to=<gf@foo.com>, orig_to=<gf@foobar.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.5, delays=0.73/0/0.01/0.77, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=12557-12, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 65E771603D5)
Sep 29 14:53:00 zimbra01 postfix/error[4343]: 65E771603D5: to=<gf@foo.com>, relay=none, delay=0.06, delays=0.02/0.01/0/0.03, dsn=5.0.0, status=bounced (foo.com)
Sep 29 14:53:00 zimbra01 postfix/bounce[4344]: 65E771603D5: sender non-delivery notification: 73D651603D7
Sep 29 14:53:00 zimbra01 postfix/qmgr[20233]: 65E771603D5: removed
Sep 29 19:07:51 zimbra01 postfix/smtp[3254]: 73D651603D7: to=<noseoi2831@gvt.net.br>, relay=none, delay=15291, delays=15261/0.01/30/0, dsn=4.4.1, status=deferred (connect to mxin1.gvt.com.br[200.139.127.5]:25: Connection timed out)

foobar.com is a domain alias to foo.com.

I also tested this myself and when I send to nosuchuser@foobar.com (alias) i get a non delivery report, but when i send to the real domain nosuchuser@foo.com I get a reject which is what we want. Isn't the policy daemon working correctly? Anyone know how to fix this or have same experiences?


Thanks in advance