On Fri, Jan 04, 2013 at 10:09:44AM +0100, Kristof Bajnok wrote:
> On 01/04/2013 04:13 AM, Viktor Dukhovni wrote:
> >>> from the alias form to the canonical form. This will also validate
> >>> > > the alias form as a valid address in RCPT TO commands.
> >> >
> >> > Unfortunately, I can not accomplish this with a single query.
> >
> > Actually, you can:
> >
> > domain = example.com example.org ...
> > query_filter = mail=%u...@example.com
> > result_attribute = mail
> >
> > Just list all the domains whose namespace is identical to example.com
> > after example.com in the "domain = " list, then query for the user
> > in the canonical domain.
>
> Unfortunately it does not fit to our ISP scenario, where there are
> hundreds of served domains and each domain possibly has some alias domains.
Yes, for that case, provision all LDAP users with a full list of
their valid addresses. Receiving the same spam at an ever growing
list of domains is not a win for most users, domain-level aliasing
is over-rated. Receiving mail at a large list of domains is only
useful for a handful of contact addresses, my experience is that
real users are sufficiently happy with one or two email domains
(some users use disposable addresses, but that's a separate
issue fro domain aliasing).
> > This said, it is far better to list all the valid of each user in
> > a suitable multi-valued attribute and skip the domain alias hack.
>
> I think it's not scalable with LDAP.
Multi-valued LDAP attributes scale just fine. Each user has a set
of valid addresses that is never too large for a single LDAP entry.
The totality of all domains across all users is not a scaling limit.
> Would it fit to Postfix?
Much complexity for not a lot of gain IMHO. Perhaps if the address
rewriting engine is made generally more configurable, with new
optional 1-to-1 rewriting performed in smtpd(8) before recipient
validation, then you get your domain aliasing as just one possible
application.
This should be a point feature, rather if there is a Postfix 3.0,
with a new address rewriting engine, that would be the place to
consider this.
--
Viktor.
