On Thu, Dec 20, 2012 at 04:05:26PM +0100, Ignacio Vazquez wrote:
> 2012/12/20 Viktor Dukhovni <postfix-us...@dukhovni.org>:
>
> > Instead of resolving an unmodified rfc822 address to a different
> > transport:nexthop, rewrite the rfc822 address (via virtual_alias_maps)
> > to a domain which is routed (via MX records or per-nexthop transport
> > table entries) to that transport:nexthop.
>
> So, the virtual_alias_maps should look like:
> foo...@example.com foo...@internal.example.com
Yes.
> [...] the machine will start to receive mails
> foo...@internal.example.com.
> Is there a way to re-convert foo...@internal.example.com to
> foo...@example.com?
Yes, with smtp_generic_maps, but this is not a good idea, because
at some point you may want to use virtual_alias_maps to rewrite
multiple users (various system accounts that have a common responsible
person, ...) to the same underlying mailbox, and then the inverse
mapping from maildrop to mail becomes impractical without a
substantially more complex schema.
If you have a sensible mechanism for generating a mapping from
internal maildrop to public address that is always single-valued
and correct, you can plug it into $smtp_generic_maps. I would
encourage you to instead configure the receiving system to support
the destination-specific address.
> > It is generally a good idea to add the users in question to ldap.
> > For each user define a "maildrop" attribute which routes their
> > mail to the appropriate destination address (often the same
> > as the lookup key).
>
> My LDAP server is Windows AD so I haven't the flexibility to do that. :(
Actually you do. You can add custom LDAP attributes and populate them
as part of your user-provisioning process. You can use the relevant
parts of the Sendmail schema for example:
https://www.sendmail.com/sm/open_source/docs/m4/laser.txt
so instead of mailalternateaddress, use:
( 2.16.840.1.113730.3.1.13
NAME 'mailLocalAddress'
DESC 'RFC 822 email address of this recipient'
EQUALITY caseIgnoreIA5Match
SYNTAX '1.3.6.1.4.1.1466.115.121.1.26{256}' )
[with active directory the syntax is just "case-insensitive string",
rather than the OID '1.3.6.1.4.1.1466.115.121.1.26{256}' which is
a case-insensitive IA5 String with a length limit of 256.]
and instead of "maildrop" use:
( 2.16.840.1.113730.3.1.47
NAME 'mailRoutingAddress'
DESC 'RFC 822 address to use when routing messages to
the SMTP MTA of this recipient'
EQUALITY caseIgnoreIA5Match
SYNTAX '1.3.6.1.4.1.1466.115.121.1.26{256}'
SINGLE-VALUE )
It is a good practice to clone the primary address as one of the
values of either "mailAlternateAddress" or "mailLocalAddress" (
same attribute by a better name) so that your query is just for
"mailLocalAddress" without also matching "mail", which is only
used to select the optimal address by MUAs and in canonical
mappings.
> If I use the rewriting method you explained above, would I need
> including all users in local_recipient_maps?
No.
--
Viktor.
