So, mail to efa addressed to "
to@example.com" gets sent to your exchange server as "
you@example.com".
Can you tell me what the "me" and "you" parts are? Just curious to see if that gives me an additional hint.
The answers should all be in /var/log/maillog. You should see the mail come in, and then go out to your exchange server. For example, I just sent a mail to one of my accounts and here is how the log looks like:
message received and accepted from upstream provider (they filter my messages first before EFA does for additional protection)
Code: Select all
Aug 29 12:59:18 efa postfix/smtpd[19810]: Anonymous TLS connection established from mail6.bemta12.messagelabs.com[216.82.250.247]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Aug 29 12:59:19 efa sqlgrey: whitelist: pdwalker@from.domain, 216.82.250.247(mail6.bemta12.messagelabs.com) -> pdwalker@to.domain
Aug 29 12:59:19 efa postfix/smtpd[19810]: 62189180061: client=mail6.bemta12.messagelabs.com[216.82.250.247]
Aug 29 12:59:19 efa postfix/cleanup[19814]: 62189180061: hold: header Received: from mail6.bemta12.messagelabs.com (mail6.bemta12.messagelabs.com [216.82.250.247])??(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))??(No client certificate requested) from mail6.bemta12.messagelabs.com[216.82.250.247]; from=<pdwalker@from.domain> to=<pdwalker@to.domain> proto=ESMTP helo=<mail6.bemta12.messagelabs.com>
Aug 29 12:59:19 efa postfix/cleanup[19814]: 62189180061: message-id=<CANT6AS8Ks5ko7SuZbweEkeS6ifPdUm_CVhc6u-odgCOYn_ZnuQ@mail.gmail.com>
Aug 29 12:59:19 efa opendkim[2005]: 62189180061: mail6.bemta12.messagelabs.com [216.82.250.247] not internal
Aug 29 12:59:19 efa opendkim[2005]: 62189180061: not authenticated
Aug 29 12:59:20 efa opendkim[2005]: 62189180061: DKIM verification successful
Aug 29 12:59:21 efa MailScanner[13809]: New Batch: Scanning 1 messages, 5658 bytes
Aug 29 12:59:21 efa MailScanner[13809]: Virus and Content Scanning: Starting
Aug 29 12:59:25 efa postfix/smtpd[19810]: disconnect from mail6.bemta12.messagelabs.com[216.82.250.247] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
And here is where EFA passes the message on to my exchange server
Code: Select all
Aug 29 12:59:38 efa MailScanner[13809]: Requeue: 62189180061.A9764 to C93C2180490
Aug 29 12:59:38 efa postfix/qmgr[2589]: C93C2180490: from=<pdwalker@from.domain>, size=4557, nrcpt=1 (queue active)
Aug 29 12:59:38 efa MailScanner[13809]: Uninfected: Delivered 1 messages
Aug 29 12:59:38 efa MailScanner[13809]: Deleted 1 messages from processing-database
Aug 29 12:59:38 efa MailScanner[13809]: MailWatch: Logging message 62189180061.A9764 to SQL
Aug 29 12:59:38 efa MailScanner[13813]: MailWatch: 62189180061.A9764: Logged to MailWatch SQL
Aug 29 12:59:38 efa postfix/smtp[20076]: C93C2180490: to=<pdwalker@to.domain>, relay=exchange.server.local[192.168.1.1]:25, delay=20, delays=20/0/0/0.37, dsn=2.6.0, status=sent (250 2.6.0 <CANT6AS8Ks5ko7SuZbweEkeS6ifPdUm_CVhc6u-odgCOYn_ZnuQ@mail.gmail.com> Queued mail for delivery)
Aug 29 12:59:38 efa postfix/qmgr[2589]: C93C2180490: removed
So, I can see the received message was given an ID of
62189180061, and postfix requeued it as
C93C2180490.
Perhaps if you find your message ids, you can track what happens in the log files and see what postfix is sending to your exchange server.
Also, you might want look at /etc/aliases to see if there is anything weird in that file.