Policyd activated but Server still receiving nonexistent user

[sugiggs]

Hi.

this is my setup

MX (Zimbra MTA+AS) ---> Ext. Anti Virus ---> MTA --> Mailbox

I modified postfix transport on MX so it sends to only one IP address all the time.

The question is, even I activated policyd, my MX is still accepting nonexistent users and they will be rejected only at MTA level, which means I'm wasting AV scan resources.

Is there any extra step after activate policyd+restart services?

Any clue/hint how to troubleshoot this?

[y@w]

After you enabled policyd did you add the mta restriction? Check out:

Zimbra MTA

and search for "policyd".

[sugiggs]

Hi y@w,

That restriction was already added

Quote:

reject_non_fqdn_recipient
permit_sasl_authenticated
permit_mynetworks
reject_unauth_destination
reject_unlisted_recipient
check_policy_service inet:127.0.0.1:60000
%%contains VAR:zimbraMtaRestriction reject_invalid_hostname%%
%%contains VAR:zimbraMtaRestriction reject_non_fqdn_hostname%%
%%contains VAR:zimbraMtaRestriction reject_non_fqdn_sender%%
%%contains VAR:zimbraMtaRestriction reject_unknown_client%%
%%contains VAR:zimbraMtaRestriction reject_unknown_hostname%%
%%contains VAR:zimbraMtaRestriction reject_unknown_sender_domain%%
%%explode reject_rbl_client VAR:zimbraMtaRestrictionRBLs%%
%%contains VAR:zimbraMtaRestriction check_policy_service unixrivate/policy%%
permit

[borki]

Hi

I also try to get this running.. zmpostfixpolicyd is enabled and running - i added several debug output statements.

My conclusion so far: After the first LDAP query, it does not get a result (where it searches for (&(zimbraDomainName=$domain)(objectClass=zimbraDomai n)) )

Because of the empty result, the script answers with dunno..

- Yes, we have alias domains that should match the query..

Anyone else?