remote_header_rewrite_domain ignored

[Ed W]

Hi, I'm using postfix 2.5.7 and having some trouble with the server 
domain being appended to incomplete sender addresses.  I have set

# postconf|grep -e rewrite -e append -e myorigin -e mydomain -e local_header
append_at_myorigin = yes
append_dot_mydomain = no
local_header_rewrite_clients =
mydomain = nippynetworks.com
myorigin = $mydomain
remote_header_rewrite_domain =
rewrite_service_name = rewrite

I have amavisd-new installed, but having bumped up the logging I believe 
this is happening on initial submission and not on the re-injection.  
Log files show the client connecting, checking the FROM address and then:

Dec  4 15:33:54 mail1 postfix/smtpd[22858]: < 
office.mydomain.com[X.X.X.X]: RCPT TO: <asdf>
Dec  4 15:33:54 mail1 postfix/smtpd[22858]: extract_addr: input: <asdf>
Dec  4 15:33:54 mail1 postfix/smtpd[22858]: smtpd_check_addr: addr=asdf
Dec  4 15:33:54 mail1 postfix/smtpd[22858]: send attr request = rewrite
Dec  4 15:33:54 mail1 postfix/smtpd[22858]: send attr rule = local
Dec  4 15:33:54 mail1 postfix/smtpd[22858]: send attr address = asdf
Dec  4 15:33:54 mail1 postfix/smtpd[22858]: private/rewrite socket: 
wanted attribute: flags
Dec  4 15:33:54 mail1 postfix/smtpd[22858]: input attribute name: flags
Dec  4 15:33:54 mail1 postfix/smtpd[22858]: input attribute value: 0
Dec  4 15:33:54 mail1 postfix/smtpd[22858]: private/rewrite socket: 
wanted attribute: address
Dec  4 15:33:54 mail1 postfix/smtpd[22858]: input attribute name: address
Dec  4 15:33:54 mail1 postfix/smtpd[22858]: input attribute value: 
a...@mydomain.com
Dec  4 15:33:54 mail1 postfix/smtpd[22858]: private/rewrite socket: 
wanted attribute: (list terminator)
Dec  4 15:33:54 mail1 postfix/smtpd[22858]: input attribute name: (end)
Dec  4 15:33:54 mail1 postfix/smtpd[22858]: rewrite_clnt: local: asdf -> 
a...@mydomain.com
Dec  4 15:33:54 mail1 postfix/smtpd[22858]: send attr request = resolve
Dec  4 15:33:54 mail1 postfix/smtpd[22858]: send attr sender =
Dec  4 15:33:54 mail1 postfix/smtpd[22858]: send attr address = 
a...@mydomain.com
Dec  4 15:33:54 mail1 postfix/smtpd[22858]: private/rewrite socket: 
wanted attribute: flags
Dec  4 15:33:54 mail1 postfix/smtpd[22858]: input attribute name: flags
Dec  4 15:33:54 mail1 postfix/smtpd[22858]: input attribute value: 0


I guess it must be a reasonably common situation to have a blackbox 
mailserver with no local accounts and only virtual users? What do others 
use in this config to ensure emails pass through unchanged (and then 
bounced since of course the address is invalid).  Note for various 
reasons this mailserver needs to accept such incorrect emails and bounce 
them later - (actually we have two configurations, most emails are 
refused unless they have fully qualified addresses, the other 
configuration is used for a subset of clients where we need to accept 
all emails and bounce errors later)

Can anyone show me what I need to change please?


postconf -n:

address_verify_map = btree:/var/mta/verify
alias_database = hash:/etc/mail/aliases
alias_maps = hash:/etc/mail/aliases
append_dot_mydomain = no
body_checks = regexp:/etc/postfix/body_checks
bounce_queue_lifetime = 2d
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = lmtp-amavis:[127.0.2.1]:10024
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
default_destination_concurrency_limit = 2
default_recipient_limit = 500
disable_vrfy_command = yes
empty_address_recipient = MAILER-DAEMON
home_mailbox = mbox
html_directory = /usr/share/doc/postfix-2.5.7/html
local_destination_concurrency_limit = 2
local_header_rewrite_clients =
local_recipient_maps =
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maximal_queue_lifetime = 2d
message_size_limit = 30240000
mydestination =
mydomain = mydomain.com
myhostname = mail1.mydomain.com
mynetworks = 127.0.2.1/32, X.X.X.X/32
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
owner_request_special = no
parent_domain_matches_subdomains =
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.5.7/readme
recipient_delimiter = +
sample_directory = /etc/postfix
sender_bcc_maps = hash:/etc/postfix/sender_bcc
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
show_user_unknown_table_name = no
smtp_helo_timeout = 90
smtpd_client_connection_count_limit = 20
smtpd_data_restrictions = check_policy_service unix:private/my_policy
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_recipient_restrictions = check_recipient_access 
regexp:/etc/postfix/test.regexp,  reject_non_fqdn_sender,  
reject_non_fqdn_recipient,  reject_unknown_sender_domain,  
reject_unknown_recipient_domain,  check_sender_access   
hash:/etc/postfix/relay_from_bodge,  reject_unlisted_recipient,  
reject_unlisted_sender,  check_policy_service unix:private/my_policy,  
permit_mynetworks,  permit_sasl_authenticated,  
reject_unauth_destination,  check_helo_access 
hash:/etc/postfix/helo_access,  check_recipient_access 
regexp:/etc/postfix/recipient_checks.regexp,  check_sender_access    
hash:/etc/postfix/sender_checks,  check_sender_access    
pcre:/etc/postfix/sender_checks.pcre,  check_client_access    
hash:/etc/postfix/client_checks,  check_client_access    
pcre:/etc/postfix/client_checks.pcre,  reject_unauth_pipelining,  
reject_invalid_helo_hostname,  check_sender_access    
hash:/etc/postfix/rhsbl_sender_domain_exceptions,  
reject_rhsbl_sender    dsn.rfc-ignorant.org,  reject_rhsbl_sender    
rhsbl.sorbs.net,  check_client_access    
cidr:/etc/postfix/dnswl/postfix-dnswl-header-x,  check_client_access    
cidr:/etc/postfix/dnswl/postfix-dnswl-permit,  
reject_unknown_reverse_client_hostname,  check_sender_access 
hash:/etc/postfix/disallow_internal_mail_from_external  warn_if_reject 
check_sender_mx_access hash:/etc/postfix/mx_access,  reject_rbl_client 
zen.spamhaus.org,  reject_rbl_client psbl.surriel.com,  
reject_rbl_client web.dnsbl.sorbs.net,  reject_rbl_client 
dnsbl.njabl.org,  reject_rbl_client dnsbl-1.uceprotect.net,  
warn_if_reject reject_rhsbl_sender    bogusmx.rfc-ignorant.org,  
check_policy_service inet:127.0.2.1:10030,  permit
smtpd_reject_unlisted_recipient = no
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_cert_file = /etc/ssl/dovecot/server.pem
smtpd_tls_exclude_ciphers = aNULL
smtpd_tls_key_file = /etc/ssl/dovecot/server.key
smtpd_tls_security_level = may
soft_bounce = no
transport_maps = 
proxy:mysql:/etc/postfix/mysql_mailbox_routing_transport.cf, 
pcre:/etc/postfix/transport.pcre, 
proxy:mysql:/etc/postfix/mysql_transport.cf
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 550
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:2000
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = 
proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 51200000
virtual_mailbox_maps = 
proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 1000
virtual_transport = maildrop
virtual_uid_maps = static:2000


The email is then accepted over a limited configuration defined here:

11027 inet n        -       n     -       -  smtpd
 -o smtpd_reject_unlisted_recipient=no
 -o smtpd_error_sleep_time=0
 -o smtpd_soft_error_limit=1001
 -o smtpd_hard_error_limit=1000
 -o smtpd_recipient_restrictions=$smtpd_recipient_restrictions_proxy
 -o 
receive_override_options=no_header_body_checks,no_unknown_recipient_checks
 -o smtpd_sasl_authenticated_header=yes