(1) the control "check_relay_domains" is not documented.
I had this:
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
reject_unauth_destination permit_auth_destination
If I remove "reject_unauth_destination" to see if it would fix a problem:
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
permit_auth_destination
Then smptd "crashes" by complaining with each use and exiting. The
complaint is
"smtpd_relay_restrictions or smtpd_recipient_restrictions, specify at
least one working instance of: reject_unauth_destination,
defer_unauth_destination, reject, defer, defer_if_permit or
check_relay_domains"
To make smtpd stop crashing I add the check parameter:
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
permit_auth_destination check_relay_domains
What does "*check_relay_domains*" do? The parameter is not documented in
the main.cf parameters list or anywhere else I could see.
I did find it in the code and it is a routine, and so long as it remains
it should be documented. It's deprecated and to go away,
but until it is gone I'd suggest it be listed (as deprecated) along with
the other parameters.
(2)
It seems that if an email is sent to a Bcc: list, postfix resends the
email to /all/ the recipients again, each time it tries to flush
any deferred Bcc list recipient emails that did not go out first try.
Each time the queue is retried !! {ouch.}
The system keeps sending the same message to people who have already
received it, and it seems it would just keep on doing so
until all the deferred Bcc messages are delivered or expire, so those
deferred messages have to be deleted manually from the queue
to stop it (and the deferred recipients have to be tried again manually.)
If this applies to Cc: as well, I have no idea yet.
(3)
error_notice_recipient has the bug that if it is specified explicitly to
be blank
error_notice_recipient =
smtpd crashes (dies) and horribly enough that the mail being processed
is forgotten.
If you don't want it to be blank, you can tell the user it's mandatory
and what default was forced because it was blank,
rather than dying with "error_notice_recipient: string length 0 < 1
*crash*".
The user should not be able to crash postfix with simple config mistakes
that are detectable (missing parameter value, for example.)
I would check all that family of symbols.
