Recipient address rejected: undeliverable address: unknown user: "nigel"

[kez]

do you see the correct queries coming in? - as far as I can tell - after you said, that using an external record makes everything work correctly - it seems that postfix gets a wrong answer when looking up the A/AAAA record for mail.example.co.uk (or it makes the error of doing an MX lookup- which I think is even more unlikely as all domains are configured equally)

carefully going through the verbose logs of postfix might also help

as would a complete comparison of the configs of node1 and one of your other nodes ....

I appreciate your continued support.

> do you see the correct queries coming in?

I'm not too familiar with Unbond, however, this is what I see in debug mode.

If I 1) do a (dig mx mail.example.com @Localhost) I see this in the Unbond logs;

example.co.uk.    IN    MX
example.co.uk.    3600    IN    MX    0 example-co-uk.mail.protection.outlook.com.

And I see the correct output from dig:

root@node4:~# dig mx example.co.uk @127.0.0.1

; <<>> DiG 9.16.48-Debian <<>> mx example.co.uk @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14997
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1


;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;example.co.uk.        IN    MX


;; ANSWER SECTION:
example.co.uk.    2636    IN    MX    0 example-co-uk.mail.protection.outlook.com.


;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Feb 20 18:41:04 GMT 2024
;; MSG SIZE  rcvd: 111

If I 2) tail to Unbond longs and grep for the domain I see this:

[1708447440] unbound[56973:0] info: subnet operate: query example.co.uk. MX IN
[1708447440] unbound[56973:0] info: validator operate: query example.co.uk. MX IN
[1708447440] unbound[56973:0] info: resolving example.co.uk. MX IN
[1708447440] unbound[56973:0] info: resolving (init part 2):  example.co.uk. MX IN
[1708447440] unbound[56973:0] info: resolving (init part 3):  example.co.uk. MX IN
[1708447440] unbound[56973:0] info: processQueryTargets: example.co.uk. MX IN
[1708447440] unbound[56973:0] info: processQueryTargets: example.co.uk. MX IN
[1708447440] unbound[56973:0] info: sending query: example.co.uk. A IN
[1708447440] unbound[56973:0] info: 0RDd mod2 rep example.co.uk. MX IN
[1708447440] unbound[56973:0] debug: try edns1xx0 <example.co.uk.> 2401:fd80:400::1#53
[1708447441] unbound[56973:0] info: iterator operate: query example.co.uk. MX IN
[1708447441] unbound[56973:0] info: processQueryTargets: example.co.uk. MX IN
[1708447441] unbound[56973:0] info: sending query: example.co.uk. A IN
[1708447440] unbound[56973:0] info: 127.0.0.1 example.co.uk. MX IN
[1708447440] unbound[56973:0] info: subnet operate: query example.co.uk. MX IN
[1708447440] unbound[56973:0] info: validator operate: query example.co.uk. MX IN
[1708447440] unbound[56973:0] info: resolving example.co.uk. MX IN
[1708447440] unbound[56973:0] info: resolving (init part 2):  example.co.uk. MX IN
[1708447440] unbound[56973:0] info: resolving (init part 3):  example.co.uk. MX IN
[1708447440] unbound[56973:0] info: processQueryTargets: example.co.uk. MX IN
[1708447440] unbound[56973:0] info: processQueryTargets: example.co.uk. MX IN
[1708447440] unbound[56973:0] info: sending query: example.co.uk. A IN
[1708447440] unbound[56973:0] info: 0RDd mod2 rep example.co.uk. MX IN
[1708447440] unbound[56973:0] debug: try edns1xx0 <example.co.uk.> 2401:fd80:400::1#53
[1708447441] unbound[56973:0] info: iterator operate: query example.co.uk. MX IN
[1708447441] unbound[56973:0] info: processQueryTargets: example.co.uk. MX IN
[1708447441] unbound[56973:0] info: sending query: example.co.uk. A IN
[1708447441] unbound[56973:0] info: 0RDd mod2 rep example.co.uk. MX IN
[1708447441] unbound[56973:0] debug: try edns1xx0 <example.co.uk.> 2610:a1:1009::3#53
[1708447441] unbound[56973:0] info: iterator operate: query example.co.uk. MX IN
[1708447441] unbound[56973:0] info: processQueryTargets: example.co.uk. MX IN
[1708447441] unbound[56973:0] info: sending query: example.co.uk. A IN
[1708447441] unbound[56973:0] info: 0RDd mod2 rep example.co.uk. MX IN
[1708447441] unbound[56973:0] info: iterator operate: query example.co.uk. MX IN
[1708447441] unbound[56973:0] info: response for example.co.uk. MX IN
example.co.uk.    IN      A
example.co.uk.    86400   IN      NS      ns1.phase8.net.
example.co.uk.    86400   IN      NS      ns2.phase8.net.
example.co.uk.    86400   IN      NS      ns0.phase8.net.
[1708447441] unbound[56973:0] info: DelegationPoint<example.co.uk.>: 3 names (3 missing), 3 addrs (0 result, 3 avail) parentNS
[1708447441] unbound[56973:0] info: processQueryTargets: example.co.uk. MX IN
[1708447441] unbound[56973:0] info: DelegationPoint<example.co.uk.>: 3 names (3 missing), 3 addrs (0 result, 3 avail) parentNS
[1708447441] unbound[56973:0] info: sending query: example.co.uk. MX IN
[1708447441] unbound[56973:0] debug: sending to target: <example.co.uk.> 81.88.63.114#53
[1708447441] unbound[56973:0] info: processTargetResponse super example.co.uk. MX IN
[1708447441] unbound[56973:0] info: processTargetResponse super example.co.uk. MX IN
[1708447441] unbound[56973:0] info: iterator operate: query example.co.uk. MX IN
[1708447441] unbound[56973:0] info: processQueryTargets: example.co.uk. MX IN
[1708447441] unbound[56973:0] info: DelegationPoint<example.co.uk.>: 3 names (0 missing), 3 addrs (3 result, 0 avail) parentNS
[1708447441] unbound[56973:0] info: processTargetResponse super example.co.uk. MX IN
[1708447441] unbound[56973:0] info: iterator operate: query example.co.uk. MX IN
[1708447441] unbound[56973:0] info: processQueryTargets: example.co.uk. MX IN
[1708447441] unbound[56973:0] info: DelegationPoint<example.co.uk.>: 3 names (0 missing), 3 addrs (3 result, 0 avail) parentNS
[1708447441] unbound[56973:0] info: 0RDd mod2 rep example.co.uk. MX IN
[1708447441] unbound[56973:0] info: iterator operate: query example.co.uk. MX IN
[1708447441] unbound[56973:0] info: scrub for example.co.uk. NS IN
[1708447441] unbound[56973:0] info: response for example.co.uk. MX IN
[1708447441] unbound[56973:0] info: reply from <example.co.uk.> 81.88.63.114#53
example.co.uk.    IN      MX
example.co.uk.    3600    IN      MX      0 example-co-uk.mail.protection.outlook.com.
[1708447441] unbound[56973:0] info: finishing processing for example.co.uk. MX IN

I'm not really sure where to go with this.

> carefully going through the verbose logs of postfix might also help

Not found anything as yet

> as would a complete comparison of the configs of node1 and one of your other nodes ....

We did this earlier, I provided a sdiff from node1 and node2, they all stock apart from that one line.