> The Postfix internal design is more intricate than your mental model > of it.
In the 10+ years I've used postfix, there has yet to be anything I've wanted it to do that it's been unable to do. Almost by definition, it must be more clever than I. :) > If possible, don't use LDAP for the transport table. 'twould be nice, but unlikely to happen soon---we would have to create a strategy for distributing and incorporating updates, which becomes another point of failure. > And do use "proxy:ldap:" rather than "ldap:" for virtual_alias_maps, > and other tables that are used by smtpd and cleanup. Maintain a > simple (indexed file) transport table that routes domains, not users. Fortunately, the transport map is the only thing for which we use LDAP. Am I right in assuming that since there's only ever one trivial-rewrite process, using proxy:ldap is just adding an extra layer to no avail, or are there other benefits that would still suggest using it for this purpose? > If you must use LDAP for transport lookups, consult a highly available > low latency LDAP service, a dedicated replica if necessary. Yeah, we do this. I'm actually surprised by the timeouts, because we have local replicas on every box, and they're not even breathing hard when this happens. Anyway, thank you to both yourself and Wietse for your patience in pointing out my misconception, and your suggestions. I think right now I'm going to look at a multi-instance setup for this. Mike.
