To be clear, having the nonexistant in both systems users just disappear is fine with me. "Fixing" that is not a priority, but making the split domain setup be less of a pain to manage (having to add Google accounts in both places, with Postfix transport map set to force them to Google via MX if it receives mail for them) is.
On Thu, Mar 26, 2015 at 8:17 PM, Jonathan Vaughn <jonat...@creatuity.com> wrote: > MX only points to Google on this domain that we want to set up this split > domain handling. The other domains' we have configured in Postfix, their MX > only point to Postfix. In all cases, MX only goes to one or the other. > > Google DOES accept mail for invalid recipients, and then relays them to > Postfix. I was hoping they'd be smart enough to "If not in GApps, check if > valid recipient at next mail server, fail if not" but apparently accounts > that exist in neither just disappear? > > I sent a test message to a non existant user and Postfix logs this but I > never receive a bounceback from Google (email/domain changed to @ > example.com) : > Mar 26 20:12:00 prod postfix/smtpd[30547]: connect from > mail-qc0-f174.google.com[209.85.216.174] > Mar 26 20:12:00 prod postfix/smtpd[30547]: NOQUEUE: reject: RCPT from > mail-qc0-f174.google.com[209.85.216.174]: 550 5.1.1 < > doesnotexistt...@example.com>: Recipient address rejected: User unknown > in virtual mailbox table; from=<t...@example.com> to=< > doesnotexistt...@example.com> proto=ESMTP helo=<mail-qc0-f174.google.com> > Mar 26 20:12:00 prod postfix/smtpd[30547]: disconnect from > mail-qc0-f174.google.com[209.85.216.174] > > No rejected mail bounceback (Google appears to eat it), it just disappears > from existence, if it doesn't exist in Postfix's virtual mailbox table. > > On Thu, Mar 26, 2015 at 6:18 PM, Wietse Venema <wie...@porcupine.org> > wrote: > >> Jonathan Vaughn: >> > We receive mail directly from the internet, but not for this particular >> > domain. >> > >> > This postfix also handles virtual mail for domains that aren't on Google >> > apps, this is the only time it's listed as the MX. The only time it >> > receives mail from outside our networks on this domain is if Google >> Apps is >> > relaying it to us because it didn't have a match there. >> >> The MX records for this domain point to Google only, and NOT to >> your server? This is crucial. I would not support a solution that >> lists both Google and your server as MX hosts. There is too much >> risk of mail going into a loop. >> >> > As for looping, can we somehow configure it so that while we relay via >> MX >> > for unknown addresses from internal network, attempts to relay to >> unknown >> > address from external fails (thus causing Google to see a bounce >> instead of >> > looping) ? >> >> Google MUST NOT accept mail for invalid recipients in this domain. >> That would result in backscatter mail. >> >> Again, this is crucial. I would not support a solution where Google, >> as the primary MX host for this domain, can send invalid recipients >> to your server. >> >> Wietse >> > >
