Thank you for the reply!
My system is built from the "bare metal" for this Zimbra installation. The only software installed beyond CentOS and Zimbra is Webmin version 1.300-minimal (with no mail or postfix related modules installed).
I don't think I have opened any undesired access to Postfix, but, of course I could be mistaken, that's what I'm concerned about.
The only changes to Postfix config are as directed in the Zimbra Wiki for "Outgoing SMTP Authentication" details here.
These changes only affect outgoing smtp authentication, as near as I can tell...
First check what auth mechanism postfix is configured to use - by default,
you will see:
$ postconf smtp_sasl_security_options
smtp_sasl_security_options = noplaintext, noanonymous
Since noplaintext is present, postfix will refuse to use a mechanism that sends
passwords in the clear. If your upstream relay host only supports PLAIN or
LOGIN mechanisms (both of which send password in the clear), you have to
remove noplaintext from smtp_sasl_security_options:
$ postconf -e smtp_sasl_security_options=noanonymous
$ postfix reload
As for fetchmail setup, fetchmail is configured to retrieve mail for individual pop accounts with user and password for each (no multi-drop). All users I am retrieving for are on my domain, hosted by my ISP. fetchmail config is strictly under my control, so I'm pretty sure I'm not retrieving unexpected mail.
Your comments have given me the idea that "Senders" and "Recipients" are not the _real_ or absolute sender or recipient, but the stated or _listed_ sender and recipient.
To clarify, my understanding of your reply is that if a user on my domain email@example.com sends a message from my private LAN via my Zimbra server and configures his mail client so as to report his sending address as his home email account firstname.lastname@example.org, I would then see email@example.com listed in my senders report.
If that is correct, would it also be true that if my user firstname.lastname@example.org receives a message addressed to email@example.com bcc: firstname.lastname@example.org, that I would see email@example.com in my recipients list?
If the above examples are reasonable, then I presume I can safely disregard the detail in these reports, and look only for large changes in volume as indicators of problems.
Please correct my assumptions if needed, and thanks again for your reply, it was helpful.