On 5/25/2010 10:23 AM, Phil Howard wrote:
On Tue, May 25, 2010 at 10:36, Wietse Venema<wie...@porcupine.org> wrote:Postfix supports wildcards via regexp/pcre tables. 1) You can use them for all the tables that define Postfix address classes: mydestination + aliases, virtual_alias_domains + virtual_alias_maps, virtual_mailbox_domains + virtual_mailbox_maps, relay_domains + relay_recipient_maps. Simply replacing one domain name by another does not produce the expected result.That's what I'm afraid of ... particularly if it can result in backscatter or open relay. I need to get the test of the valid user done at RCPT time, obviously. But the addressed domain could be foobar.example.com or xyzzy.example.com or anything else in front of the domain, without me knowing what these could be in advance. So I can't just have a table of all possible valid u...@hostpart.domain. I can have all valid u...@domain even though RCPT can name u...@hostpart.domain. If there is no way to do that as-is, maybe a possible source hack would be to make RCPT repeat the lookup, if it fails for u...@hostpart.domain, with u...@*.domain (where the * is literal) on the same table. More generally, it would strip off each part of the hostname, leaving one instance of *. in front, until nothing is left (maybe looking up u...@* or maybe not). But, of course, I really don't know the overall impact of this considering all parts. It would have to be done at RCPT time to avoid being a backscatter source, and also done at rewriting to get it delivered to the right place.
If these are local domains listed in $mydestination, you can us a regexp mydestination table to accept *.example.com and the bare username lookup will take care of itself. All system users and aliases would be valid in any subdomain; all unlisted recipients would be rejected during SMTP. Exceptions can be rejected by a check_recipient_access map. This is standard postfix behavior, no hacks or awkward config gyrations needed.
With other address classes, it gets considerably more complicated as Wietse outlined. I suppose if you were using *sql tables a clever query could strip off the subdomain when validating recipients.
-- Noel Jones
2) Postfix 2.7 supports SMTP command rewriting (smtpd_command_filter) However this would produce an incorrect error message: RCPT TO:<u...@foo.example.com> smtpd_command_filter strips this to ``RCPT TO:<u...@example.com>'' The Postfix SMTP server then responds with: 550 5.1.1<u...@example.com> User unknownEven if u...@example.com really exists (and is the intended destination for u...@anything.example.com)?
