On Mon, Dec 28, 2009 at 12:00:34AM +0100, Christoph Anton Mitterer wrote:
> Hi.
>
> I'm still trying to understand some things, so perhaps some of you could
> help me.
>
> 1) As far as I understood the address rewriting manual, rewriting
> (including the app...@origin and append.domain) happens in
> cleanup/trivial-rewrite, right?
The trivial-rewrite service does the rewriting, and the cleanup service
updates the queue-file updating addresses in headers, ...
> But I have the impression that at least some rewriting (namely
> app...@origin and append.domain) already takes place in the smtpd, does it?
No, but smtpd(8) uses normalized (via trivial-rewrite) recipient
and sender addresses to make access decisions. The original addresses
are passed to cleanup(8).
> The reason to believe this is: As far as I understand it's the smtpd who
> verifies whether the domain part is in one of local, relay, virtual alias,
> virtual mailbox domains and whether the recipient exists for the
> corresponding domain, at least if:
No, it is trivial-rewrite that determines the address class of a
recipient, this data is consumed by smtpd.
> So if no rewriting is done at already the smtpd, just saying "RCPT
> TO:<root>" should not work, but if that is rewritten to r...@$myorigin it
> would (if that is e.g. in mydestination)
> Right so far?
Only partly. The SMTP server does no rewriting.
> 2) Further I assume, that already smtpd checks whether the envelope
> recipient address matches any of the configured domains, and I think this
> happens before most address rewritings (except app...@origin and
> append.domain).
The address class of a recipient is determined by trivial-rewrite after
basic normalization (analogous to Sendmail's ruleset 3 canonicalization).
> So if I send mail to f...@example.net this must already appear in one of the
> local/virtual_alias/virtual_mailbox/relay_domains.
Yes.
> It is not enough if e.g. virtual aliasing rewrites f...@exmaple.net to
> f...@localhost (which I assume to be part of mydestination).
Remote addresses are not accepted, even if the remote address happens
to be rewritten to a local mailbox.
> And this should be also the reason why one needs virtual_alias_domains, to
> accept those domains without having to list them in one of the other
> *_domains options?
This, and the ability to determine that all other addresses in the domain
are invalid, which gives recipient validation.
> So virtual aliasing allows in principle some kind of relaying as the
> rewritten address might be any remote address?!
No, not relaying, rather forwarding of mail from a domain you own and
control (the virtual domain) to a real mailbox associated with a user
in the virtual domain. The "pobox.com" folks come to mind.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majord...@postfix.org?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
