How do the domains specified in "virtual_mailbox_domains" in main.cf and the "domain" parameter in an LDAP table configuration differ and interact? For a virtual w/LDAP mailbox, is one, the other, or both necessary?
To a relative novice reader, the documentation http://www.postfix.org/postconf.5.html http://www.postfix.org/ldap_table.5.html seem to indicate that they both restrict the domain portion of email addresses that should be accepted. The examples at http://www.postfix.org/VIRTUAL_README.html and http://www.postfix.org/LDAP_README.html don't seem to have the "domain" parameter in the specific configuration for the virtual or LDAP lookup table, so from the examples, the "domain" parameter didn't seem obviously necessary. I wanted to setup a "Postfix virtual mailbox, non-UNIX accounts" similar to http://www.postfix.org/VIRTUAL_README.html, but with the slightly different context of being the same domain as my localhost. (this is using package postfix-2.6.5-ldap.tgz on OpenBSD 4.7 i386) I read http://www.postfix.org/postconf.5.html and first put into my main.cf file: virtual_mailbox_maps = ldap:/etc/postfix/virtual_ldap.cf virtual_mailbox_domains = example.org (and virtual_mailbox_base, virtual_xid_maps, ...) and in /etc/postfix/virtual_ldap.cf: server_host = localhost search_base = ou=accounts,dc=example,dc=org query_filter = (&(objectClass=posixAccount)(uid=%u) result_attribute = uid This worked as I expected, accepting mail for an LDAP entry of j...@example.org, but also accepted email for j...@foreign.org and tried to relay it, which I obviously don't want at all. When I added to /etc/postfix/virtual_ldap.cf domain = example.org then it restricted to just j...@example.org, and denied j...@foreign.org now working correctly, and not relaying. What I'd like to understand is the nuance of what the main.cf parameter "virtual_mailbox_domains" really means, and why it didn't restrict the domain for virtual lookups. Thanks
