On Tue, 2015-04-21 at 19:57 +0000, Viktor Dukhovni wrote: > On Tue, Apr 21, 2015 at 09:50:05PM +0200, josef radinger wrote: > > > a domain xy.org which has users on two servers: one exchange server (B) > > and one postfix(A). in front of that two systems is another portal-host, > > which cannot distinguish between mails for users on system A or on > > system B and therefor send everything to A. > > What software does this portal host run? Does the portal host do > any recipient validation, and if not why not?
its another third party software and does in fact recipient validation. > > users will get moved from exchange to postfix in batches > > Presumably (or ideally) Exchange has forwarding addresses configured > for the users who are moving, and therefore should have a complete > list of all valid users in LDAP. > > > and I would like to do the following: > > > > Postfix is the leading system and will receive all mails. > > Fine. > > > If a user is not already on postfix (and would generate a > > "User unknown in virtual alias table") then the mail should be sent to > > the exchange host. > > There is no need for "unknown" users, all users should be "known", and > appropriate rewriting and/or transport rules will direct their mail to > the right place. the complete system (and a least the portal host) knows all users, unknown here means unknown to system A or better "not living on system A". > > I know this is not ideal, because of the possibility of backscatter. > > It is sloppy, and unnecessary. If the domain is a virtual alias domain, > each user needs to be aliased to a real domain (u...@mailstore.example.com > where u...@example.com is the original virtual address, and "mailstore" > varies by user to route either to Exchange or local delivery). the full picture is as follows: a portal host which checks all recipients and splits into two groups: A: the new system running postfix B: the old system running exchange A and B exist in different DMZs and communicate via the portalhost. A consists of redundant hosts for incoming traffic (MXIN1+2) and different hosts for outgoing traffic (MXOUT1+2) with a relayhost targeted onto portal. MXIN has example.com configured as virtual domain (besides several other domains) and is final destination for a group of recipients. Our system works almost everytime fine: mails from external get routed to the correct destinations. mails from internal get routed via MXOUT and then via portal and from there correctly routed back in. The problem comes when an incoming mail generates a vacation via procmail and here via /usr/sbin/sendmail (the version from postfix). the procmailrc is generated via an template and i could modify parameters. this vacation is created/started on MXIN and if the original sender lifes on system A then everything is OK. if the original sender lifes on system B, then it never gets routed to MXOUT, because MXIN thinks it is final destination for example.com and therefore users living on system B dont get routed correctly. for my situation it would be OK (i think) if i could configure /usr/sbin/sendmail to use MXOUT as relay, at best on the commandline. the original /usr/sbin/sendmail would have an option for setting that. the compatibility version from postfix does not have such an option (at least i did not find that). The original szenario is somewhat broader than that. yours josef
