I've a postfix frontend instance that
-- relays only for specific domains
-- uses remote address verification
to a postfix backend.
Frontend config includes
/main.cf
myhostname = mailhost.DDDD.com
mydomain = mail.DDDD.com
myorigin = $mydomain
mydestination = $myhostname localhost.$mydomain localhost
$mydomain
relay_domains = DDDD1.com
DDDD2.com
...
DDDDn.com
parent_domain_matches_subdomains = debug_peer_list
relay_recipient_maps =
reject_tempfail_action = defer_if_permit
unverified_recipient_tempfail_action = defer_if_permit
address_verify_map = lmdb:/var/lib/postfix/verify_cache
address_verify_transport_maps =
static:relay-vpn:[internal.DDDD.com]:25
transport_maps = static:relay-vpn:[internal.DDDD.com]:12345
...
Message relay is correctly restricted to the 'relay_domains' list.
OTOH, remote recipient verification probes are allowed/executed for both mail
sent to user@
-- the 'relay' domains list
-- the canonical domain, DDDD.com
DDDD.com is local-only; it's NOT hosted at the remote backend.
How do I correctly restrict/prevent remote address verification probes being
executed for the canonical domain?
