On 3 May 2002, Nick Simicich <njsscifi.squawk.com> wrote:
> If I have a domain in the virtual map,
>
> virtual_maps = hash:/etc/postfix/virtual
>
> and it does not have a
>
> example.com anything
>
> line, but instead only has
>
> userexample.com userexample.com, otheruserexample.com
> user2example.com user2local.domain
>
> (It is not a mistake that the two domains are the same in the first
> line.)

    I believe that kind of loop works only as a result of a quirk you
shouldn't depend on, and only if example.com is in $mydestination. The
safer way to do that is with an alias.

> And then I have an entry like
>
> example.com :mail.example.com
>
> In transports, where mail is a host that will process most of the mail
> for mail.example.com, will my machine accept mail from untrusted hosts
> for userexample.com and relay it using the transports entry?

    No. Any address that doesn't explicitly match $relay_domains is
seen as an unauthorized destination. Transport maps don't grant relay,
they only handle routing.

> I have $virtual_maps in relay_domains. The man page is not clear on
> whether or not I need to have the "anything" line for it to relay for
> untrusted origins.

    You're hitting on another quirk here. relay_domains only knows
about domains, not full addresses (or IPs, for that matter). If you
list a map in relay_domains, what happens is that the domain part
("example.com" in your case) is looked up against the map, and if it's
found the relay is allowed (regardless of the value produced by the
map). So, if you don't have "example.com" in $virtual_maps, the relay
is denied.

> The point is that I need to "cherrypick" some mailing addresses out
> of this domain and process them (for mailing list processing), while
> relaying most on. If I have the
>
> example.com anything
>
> line, then it rejects userexample.com as "status=bounced (unknown
> user: "userexample.com")" even with the entry in transports.

    Yup, it looks like you have "example.com" in $mydestination.
Naughty, naughty.

> If I don't have it, it does the right thing with locally originated
> mail - it looks it up in transports (which is what I want since I will
> be the terminal MX) and sends it out. The problem is that I am having
> trouble setting up a test case since I do not have a good domain that
> I can cripple mail delivery for.
>
> There is a third party that is going to make my servers the
> destination for their DNS, and I don't have any control on when this
> happens, so I have to be ready.
>
> Without the "anything" in the virtual map, do I need to add the domain
> to relay_domains to make this work?

    Yes. Add "example.com" to $relay_domains, remove it from
$mydestination, and let the owner of "userexample.com" handle CC-ing
the other address.

    As a side effect, you'll relay messages to "example.com" even if
they are addressed to any other users, but AFAICT there's no way to
avoid that. Deciding what users at "example.com" can receive mail is
their own business anyway; you can only decide to relay messages to
their domain, or not.

    Regards,

    Liviu Daia

-- 
Dr. Liviu Daia               e-mail:   Liviu.Daiaimar.ro
Institute of Mathematics     web page: http://www.imar.ro/~daia
of the Romanian Academy      PGP key:  http://www.imar.ro/~daia/daia.asc
-
To unsubscribe, send mail to majordomopostfix.org with content
(not subject): unsubscribe postfix-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]