OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Michael Tokarev (mjttls.msk.ru)
Date: Mon Jul 02 2001 - 16:13:11 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Victor Duchovni wrote:
    >
    [sorry me for long lines and unreadable text. Wrapped now]
    > > Again, something strange (from my point) sits here. Where
    > > postfix should deliver message destined to uservirt.dom.ain
    > > if this address resolves to itself in virtual_maps? Do you
    > > refer to my statements about virtual delivery agent and one
    > > failed attempt to reject (bounce) messages to users not listed
    > > in $virtual_mailbox_maps using kludge with $virtual_maps?
    > > If yes, then this will not work either, since transport_maps
    > > will not be used for postfix-style virtual domains anyway,
    > > qmgr needs to be patched.
    >
    > Actually what works is having the "Sendmail-style" virtual
    > domain directed somewhere else via the transport table. This requires
    > no queue manager patches. The corresponding Postfix-style domain is a
    > synthetic byproduct of the stacked virtual map, that only manifests
    > itself for unknown users.
    >
    > Specifically mail sent to Usermorganstanley.com is either
    > rewritten to Userdivision.com (with morganstanley.com being one of the
    > valid divisions!). Mail for none of the domains in question is
    > delivered locally, they all have transport entries to forward the mail
    > to the appropriate division mail hubs. In fact mailbox_transport is set
    > to "error:Mailbox unavailable".
    >
    > Again, this is just a technique that at the cost of delayed
    > bounces, creates a hybrid Sendmail-style/Postfix-style domain where
    > unknown users are bounced, but known users can resolve into the virtual
    > domain.

    Ok, it seems that now I understand what happened here. Uhh, how that
    ugly, that is! :( -- the only words comes to mind...

    So, the real solution here is just to consult $transport_maps for
    virtual domains too, right? And probably allow "mixed-style"
    virtual maps that have OK on right side (and REJECT, [45]xx etc),
    to be usable in conjunction with check_recipient_access.
    Interesting point... Well, can all the above be made using
    check_recipient_access? I.e. instead of having *virtual* domains
    (either postfix or sendmail style), list all valid addresses in
    every domain in check_recipient_access map with OK result, and
    have catch-all entries for whole domain with "554 User unknown"
    result. And have usual *address* mapping via virtual_maps when
    needed and have appropriate transport_maps. Ohoh, that will be
    difficult for large addresslist, esp. if stored in ldap (only
    way here is to "cache" data in appropriate form in local hash:
    or whatether files -- again, somewhat ugly.)

    Regards,
     Michael.
    -
    To unsubscribe, send mail to majordomopostfix.org with content
    (not subject): unsubscribe postfix-users