On 2010-04-21 Vegard Svanberg wrote: > my mailserver usually rejects unknown recipients in the SMTP session. > > However, when an account or domain is forwarded, Postfix does not > reject, but accepts and sends an NDR when it discovers that the > recipient does not exist. > > Example 1: Domain @example.invalid is forwarded to domain > @example2.invalid. There are no matching accounts or aliases on > example2.invalid. > > SMTP session: > > rcpt to: <whate...@example.invalid> > 250 2.1.5 Ok
If you have a mapping "@example.invalid @example2.invalid" in your $virtual_alias_maps this is expected behavior. Postfix' checks aren't transitive, i.e. it only checks the left-hand side of the map for matches. Which makes @example.invalid a catch-all for that domain. > Example 2: u...@example.invalid is forwarded to r...@example2.invalid. > r...@example2.invalid does not exist; neither as an alias nor a mailbox. > > SMTP dialog: > > rcpt to: <u...@example.invalid> > 250 2.1.5 Ok This is expected behavior as well. Postfix only checks the left-hand side of $virtual_alias_maps. If it finds a match there, then it will accept the mail for further delivery. It is your job as a mail server admin to ensure that your MTA does not have invalid mappings. Regards Ansgar Wiechers -- "Abstractions save us time working, but they don't save us time learning." --Joel Spolsky
