|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: virtual_alias_maps: rewriting outbound
From: Chris McKeever (techjedi
gmail.com)
Date: Sun Jul 02 2006 - 10:24:03 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 7/2/06, mouss <usebsdfree.fr> wrote:
> Chris McKeever wrote:
> > first.lastexample.com -> flastexample.com
> >
> > /(.)[^\.]*\.(.*)(.*)$/ $1$2$3
> >
> Two notes here:
>
> 1- you are rewriting all the adresses in the world, not just yours. so
> the first thing is to only specify aliases for your domains. as
> suggested by Magnus. You can use IF as suggested by Rob.
thanks for the suggestions, I will try these both to see which one works cleaner
> 2- you are breaking recipient validation: you are making all addresses
> valid. This is only acceptable if you have a catchall. In no case should
> later bounce a message if you finally don't find its mailbox.
> Outscatters will be block listed.
I have another chain in the virtual_alias_maps whcih comes after that
rewrite which in a LDAP lookup. If I am understanding
virtual_alias_maps coorectly, it repeats the mapping lookup after each
rewrite -- so:
first.lastexample.com -> flastexample.com (iteration 1) ->
valid//invalid against LDAP (iteration 2)
so I think recipient validation is working correctly - I do get
bounces when I send invalid address, let me know if I am still
overlokoing something
> To fix this, either:
> *) use a script to only generate aliases for valid addresses. That
> script would parse your valid mailbox addresses and generate a
> virtual_alias_map (as hash or whatever), and reload postfix. the script
> may be run manually, periodically (from a cron) or automatically
> depending on your setup, your OS (possibility to wait for an event on a
> file) and your programming skills.
>
> *) use mysql, pgsql or ldap and write the statements so that the
> virtual alias is only returned if the "target" address exists. Some
> examples have been posted to the list in the past.
>
> *) implement recipient validation using a policy service.
>
>
> >
> >
> >
>
>
--
----------------------------------
please respond to the list .. if you need to contact me direct
cgmckeever is the account
prupref.com is the domain
<A href="http://www.prupref.com">Simply Chicago Real Estate</A>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]