Hi,
I have always_bcc set on my postfix-3.1.4 system on fedora25 and it's
working fine for incoming email, but not outgoing.
Outgoing mail is sent via submission. I see there are other systems
within our domain which do not use submission and are properly bcc'd.
submission inet n - n - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
-o receive_override_options=$submission_overrides
-o syslog_name=postfix/submission
-o cleanup_service_name=auth-cleanup
-o smtpd_relay_restrictions=$mua_relay_restrictions
I've included my postconf below. This server only receives mail from
our external relay (and a few other local systems). This configuration
originated from the configuration of that external relay, so some of
it like the postscreen stuff probably isn't necessary.
Also, is always_bcc what some companies use to provide "always on"
email service to their clients/users? In other words, is there a way
to store a copy of the email on one system and allow users to somehow
access that when their primary system is unavailable? Considering
always_bcc stores to a single mbox, some kind of mailbox management
would be necessary?
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_mail_to_files = alias,forward
always_bcc = bcc-user
biff = no
bounce_queue_lifetime = 2d
command_directory = /usr/sbin
compatibility_level = 2
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
default_process_limit = 100
delay_warning_time = 4h
disable_mime_input_processing = no
disable_vrfy_command = yes
header_checks = pcre:/etc/postfix/header_checks.pcre
html_directory = no
inet_protocols = ipv4
mail_owner = postfix
mailbox_command = /usr/bin/procmail
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maximal_queue_lifetime = 2d
message_size_limit = 50240000
meta_directory = /etc/postfix
milter_default_action = accept
milter_protocol = 2
mydestination = $myhostname, localhost.$mydomain, example.com
mydomain = example.com
myhostname = orion.example.com
mynetworks = 127.0.0.0/8, 192.168.1.0/24, 68.123.193.40/29
newaliases_path = /usr/bin/newaliases
non_smtpd_milters = $smtpd_milters
postscreen_access_list = permit_mynetworks,
cidr:/etc/postfix/postscreen_access.cidr
postscreen_blacklist_action = enforce
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = mykey.zen.dq.spamhaus.net*2 b.barracudacentral.org*1
postscreen_dnsbl_threshold = 1
postscreen_greet_action = enforce
queue_directory = /var/spool/postfix
rbl_reply_maps = ${stress?hash:/etc/postfix/rbl_reply_maps}
readme_directory = /usr/share/doc/postfix/README_FILES
relay_domains = $mydestination, $transport_maps, example.com
sample_directory = /usr/share/doc/postfix/samples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
shlib_directory = no
smtp_send_xforward_command = yes
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_authorized_xforward_hosts = $mynetworks
smtpd_client_restrictions = check_client_access
cidr:/etc/postfix/sinokorea.cidr, check_client_access
cidr:/etc/postfix/asian-ip5.txt
smtpd_helo_required = yes
smtpd_milters = inet:127.0.0.1:8891
smtpd_recipient_restrictions = reject_non_fqdn_recipient,
check_client_access hash:/etc/postfix/client_checks_special,
check_sender_access hash:/etc/postfix/sender_checks_special,
reject_non_fqdn_sender, permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination, reject_unknown_sender_domain,
reject_unknown_recipient_domain, reject_invalid_helo_hostname,
reject_rhsbl_reverse_client mykey.dbl.dq.spamhaus.net,
reject_rhsbl_sender mykey.dbl.dq.spamhaus.net, reject_rhsbl_helo
mykey.dbl.dq.spamhaus.net check_client_access
hash:/etc/postfix/client_checks, check_sender_access
hash:/etc/postfix/sender_checks, check_recipient_access
pcre:/etc/postfix/relay_recips_access, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_ask_ccert = yes
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_req_ccert = no
smtpd_tls_security_level = may
smtpd_tls_session_cache_database =
btree:/var/lib/postfix/smtpd_tls_session_cache
submission_overrides = no_unknown_recipient_checks,
no_address_mappings, no_header_body_checks
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
virtual_alias_maps = hash:/etc/postfix/virtual
