Viktor Dukhovni via Postfix-users:
> On Wed, Nov 05, 2025 at 08:10:15AM -0500, Wietse Venema via Postfix-users
> wrote:
> > Viktor Dukhovni via Postfix-users:
> > > On Wed, Nov 05, 2025 at 08:55:15AM +0100, Edgar Fu? via Postfix-users
> > > wrote:
> > > > > It is very likely that the OP is testing with an address that is
> > > > > subject
> > > > > to rewriting.
> > > >
> > > > It must be something else.
> > >
> > > Why? What is the evidence that the recipient address is not listed in
> > > any canonical_maps, recipient_canonical_maps or virtual_alias_maps?
> > >
> > > > Even if I use the static: table example
> > >
> > > What static table?
> >
> > transport_maps = static:{retry:ydaddayadda}
> >
> > I would be very surprised if there is a way to accept RCPT TO without
> > involving the trivial-rewrite resolver, because that is needed to
> > prevent unauthorized relaying, user%remote@local attacks, and more.
>
> Sure, but the check that responds with 4XX or 5XX for the "retry" and
> "error" transport channels, is (corectly) conditional on the address not
> being subject to rewrite. Otherwise, only the address class matters.
Address rewriting does not make a difference. The trivial-rewrite
cherck still happens, and the result is still used.
# postconf 'transport_maps = static:{retry:migration in progress}'
# postconf 'canonical_maps=static:any@where'
# telnet 127.0.0.1 smtp
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 wzv.porcupine.org ESMTP Postfix
mail from:<>
250 2.1.0 Ok
rcpt to:<some@where>
450 4.1.1 <some@where>: Recipient address rejected: migration in progress
That is a security feature, not bug.
Wietse
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
