Thanks for the reply!
Here's the headers from the spam that got through. I specifically reject emails sent to "001930512.17852335868475@example.com", note the leading "00":
(note: replaced hostname with "zimbra.example.com", IP to 10.1.2.3, my domain with "example.com", and catchall to "catchall@example.com".)
Code:
Return-Path: personagesz@perfectgarden.es
Received: from zimbra.example.com (LHLO zimbra.example.com) (10.1.2.3)
by zimbra.example.com with LMTP; Mon, 27 Apr 2009 08:58:38 +0900 (JST)
Received: from localhost (localhost.localdomain [127.0.0.1])
by zimbra.example.com (Postfix) with ESMTP id C9F08118000F
for <catchall@example.com>; Mon, 27 Apr 2009 08:58:38 +0900 (JST)
X-Virus-Scanned: amavisd-new at zimbra.example.com
X-Spam-Flag: NO
X-Spam-Score: 4.517
X-Spam-Level: ****
X-Spam-Status: No, score=4.517 tagged_above=-10 required=6.6
tests=[BAYES_50=0.001, DYN_RDNS_AND_INLINE_IMAGE=0.001,
DYN_RDNS_SHORT_HELO_HTML=0.499, DYN_RDNS_SHORT_HELO_IMAGE=0.001,
HTML_MESSAGE=0.001, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877,
RDNS_DYNAMIC=0.1, SHORT_HELO_AND_INLINE_IMAGE=0.781,
TVD_RCVD_SINGLE=1.351]
Received: from zimbra.example.com ([127.0.0.1])
by localhost (zimbra.example.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id fVLfb8IZV1f1 for <catchall@example.com>;
Mon, 27 Apr 2009 08:58:34 +0900 (JST)
Received: from DMNNSUNZ (9-89-223-201.adsl.terra.cl [201.223.89.9])
by zimbra.example.com (Postfix) with ESMTP id 638AA1170010
for <01930512.17852335868475@example.com>; Mon, 27 Apr 2009 08:58:32 +0900 (JST)
Received: from 201.223.89.9 by mx01.dns-servicios.com; Sun, 26 Apr 2009 19:58:09 -0400
Message-ID: <000d01c9c6ca$d968fe80$6400a8c0@personagesz>
From: "Lolita Isaac" <personagesz@perfectgarden.es>
To: <001930512.17852335868475@example.com>
Subject: boost your sweet night event
Date: Sun, 26 Apr 2009 19:58:09 -0400
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0075_01C9C6CA.D968FE80"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Windows Mail 6.0.6001.18000
X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18049
This is a multi-part message in MIME format.
------=_NextPart_000_0075_01C9C6CA.D968FE80
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_0076_01C9C6CA.D968FE80"
------=_NextPart_001_0076_01C9C6CA.D968FE80
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<...snipped out the spam body...>
After examining those headers, I noticed that these 2 lines don't match!
Code:
for <01930512.17852335868475@example.com>; Mon, 27 Apr 2009
and
Code:
To: <001930512.17852335868475@example.com>
The first one in the header is missing a leading "0"! I put in rejection for "001930512.17852335868475@example.com", not the first one "01930512.17852335868475@example.com".
So I checked other spams that got through. And the same result!
I specifically rejected "alanrqh@example.com", but this spam got through:
Code:
Received: from cust-10-121.on5.ontelecoms.gr (unknown [79.107.67.137])
by zimbra.example.com (Postfix) with ESMTP id 37DF21170010
for <catchall@example.com>; Sun, 26 Apr 2009 21:31:32 +0900 (JST)
Received: from 79.107.67.137 by mail5.frk.com; Sun, 26 Apr 2009 15:30:23 +0200
...
To: <alanrqh@example.com>
So I have 2 guesses at what's might be happening:
#1 Zimbra is somehow ignoring the To: field and looking at something else.
#2 Wild guess: Is Zimbra (or Postfix) ignoring rejections because the email format in the "To:" field has angle brackets <>? All the spam that got through had the addresses in angle brackets:
To: <alanrqh@example.com>
To: <dimoj@example.com>
To: <001930512.17852335868475@example.com>
Spam without brackets gets rejected:
To:
alanrqh@example.com (gets rejected).
To:
dimoj@example.com (gets rejected).
etc.
Bugzilla
Wiki
Source
SPAM getting through check_recipient_access after upgrading 5.0.7->5.0.13 
Linear Mode
