> On Jan 15, 2017, at 1:12 PM, Viktor Dukhovni <postfix-us...@dukhovni.org>
> wrote:
>
> I recommend against masquerading, because it breaks recipient
> validation. Instead, construct a table of all the valid addresses
> for each user, and use canonical_maps.
To be more precise, it is not that masquerading directly breaks
recipient validation, but rather that accepting mail for
an arbitrary sub-domain of a domain, as well as the domain itself,
means requires recipient validation to take place after rewriting,
but the Postfix smtpd(8) server performs validation on the original
input address prior to rewriting (which happens in cleanup(8)).
If the goal is just to map user@a.example to user@b.example without
also accepting mail for user@foo.a.example, then masquerading is
entirely the wrong tool for the job (it is perhaps unfortunate
that Postfix and Sendmail use the same name for noticeably different
mechanisms).
Mapping of secondary domains to primary domains is best accomplished
with canonical_maps, and wildcards need to be avoided in order to
retain recipient validation and not become a backscatter source.
Therefore, build tables of explicit user@a.example -> user@b.example
canonical mappings. In Microsoft Exchange environments this is
accomplished by using LDAP to resolve "proxyAddresses = smtp:%s"
(each secondary address) to "mail" (the primary address).
--
Viktor.
