On Wed, Sep 19, 2012 at 07:13:49PM +0200, Michael Storz wrote:
> Am 2012-09-19 18:50, schrieb Wietse Venema:
> >Coming back to the original problem, if you don't want to reject
> >mail with "user unknown" when a user might still be in the process
> >of being created, how are you going to deal with really unknown
> >addresses, like a sender who mistyped something?
> >
> > Wietse
>
> The consistency check requires that a user object is first
> (correctly) defined in OpenLDAP. Only then the second check looks
> for the correct definition in Active Directory. If it is not then we
> defer the email (we do not reject the recipient like I specified in
> the example) until the event queue for the driver is empty (manual
> check) or a resync of the object in meta directory is needed (there
> seems to be some software errors in the driver, which are not fixed
> yet). We are running with this check for some months now and it has
> helped a lot to find the entries which have not been correctly
> synced to Exchange.
>
> If a new user is created the user object appears instantly in the
> OpenLDAP directory. The transport of the event from the application
> over the meta directory to the directory is fast and without any
> problem. Therefore if the user/address is not in the OpenLDAP
> directory I can savely reject such an address.
This is an account provisioning problem, not an MTA routing problem.
The best solution is to not send email to the user until the
provisioning is complete.
You could simply route all mail for recently added users to an MTA
with soft_bounce=yes. Then when provisioning is complete, remove
the transport override.
This not a good case for making complex changes to Postfix tables.
--
Viktor.
