On Tue, 2009-12-29 at 01:11 -0500, Victor Duchovni wrote: > No, it means that address *normalization* to standard form is done > at least three times: > > - smtpd resolve envelope addresses to > (transport, nexthop, standard form) > for access checks Why does smptd need (or for what does it use transport/nexthop? Or is this just the way to determine whether it (the system) is final destination or relay for that mail?
> Don't confuse transformation to normal form with real rewriting. ok ;) > > But... > > It seems that exactly this works for the recipient! > > What I tried was: > > mydestination = example.com remote.domain > Why did you add a remote domain to "mydestination"? In what sense is it > "remote" after that change? Purely for testing,.. I should have named it here perhaps hosted.domain (of course in a production setup I would not use the local domain address class for hosted domains). > > I'd have expected that this does not work, and only local users would be > > accepted as recipients. However, it worked (perhaps I should > > triple-check it ^^) > > Your expectation is most peculiar in this case. The "remote" domains > are exactly those that are not listed in one of the not "default" > address classes: > > http://www.postfix.org/ADDRESS_CLASS_README.html#classes Of course,... I think I've described my question not well enough. What I wonder is: When does recipient checking happen? Probably somewhere during the "receiving stage" (because we want smtpd to reject unknown recipients). But unlike when it checks the domain of the mail (where e.g. virtual aliases are not taken into account) it seems that when checking the user-part of the address virtual aliases are taken into account. Adding example.com (or remote.domain) to mydestination above should mean that ONLY <existing local user>@example.com (or @remote.domain or @<address literal> is accepted, right? But it seems that also <non-existent local user>@example.com domain is accepted _if_ it is rewritten to some existing local user with virtual_alias_maps (the domains were not part of virtual_alias_domains)! And I do not really understand why ;) Thanks, Chris.
smime.p7s
Description: S/MIME cryptographic signature
