On Tue, May 25, 2010 at 15:59, Wietse Venema <wie...@porcupine.org> wrote: > Phil Howard: >> On Tue, May 25, 2010 at 12:37, Wietse Venema <wie...@porcupine.org> wrote: >> > Phil Howard: >> >> On Tue, May 25, 2010 at 10:36, Wietse Venema <wie...@porcupine.org> wrote: >> >> >> >> > Postfix supports wildcards via regexp/pcre tables. >> >> > >> >> > ?1) You can use them for all the tables that define Postfix address >> >> > ? ?classes: mydestination + aliases, virtual_alias_domains + >> >> > ? ?virtual_alias_maps, virtual_mailbox_domains + virtual_mailbox_maps, >> >> > ? ?relay_domains + relay_recipient_maps. >> >> > >> >> > ? ?Simply replacing one domain name by another does not produce the >> >> > ? ?expected result. >> >> >> >> That's what I'm afraid of ... particularly if it can result in >> >> backscatter or open relay. ?I need to get the test of the valid user >> >> done at RCPT time, obviously. ?But the addressed domain could be >> >> foobar.example.com or xyzzy.example.com or anything else in front of >> >> the domain, without me knowing what these could be in advance. ?So I >> >> can't just have a table of all possible valid u...@hostpart.domain. ?I >> >> can have all valid u...@domain even though RCPT can name >> >> u...@hostpart.domain. >> > >> > Postfix supports wildcards via regexp/pcre tables: >> > /^u...@.*\.example\.com$/ will match the user in any subdomain of >> > example.com. >> >> But this is still going to be a big table with individual entries >> for all users? > > You need one table entry per user somewhere, otherwise you can't > reject mail for users that don't exist.
I'm still trying to figure out your example. You gave this: /^u...@.*\.example\.com$/ But that includes actually coding the username, right? If so, that means I have to have such an entry in this file for each and every user. What if there are 131072 users ... 131072 entries? So I think what I need is a generic regexp that covers all users, and a DB for a list of legitimate users (indexed as u...@example.com, the domain the regexp maps to) ... e.g. two separate tables ... somewhere (but I don't know where in main.cf). My thinking is: /^(.*)@.*\.example\.com$/ $...@example.com then the result of that would be looked up in the u...@domain table (and if not successful, reject the RCPT).
