Thank you, Viktor. We will try your recommended configuration.
One question from your email:
- We're not sure what you mean by a list of valid recipients so I'll state - In
our scenario, the Postfix server is an intermediary server, and not accessible
from outside of our IP space. Mail that it processes will have already been
screened and any emails it receives should be for valid recipients within the
the domains it configured to process. It only needs to determine the final
delivery point for those messages and deliver them. (Which is what is uses the
LDAP queries for.) I believe, based on that, we will be using the static:all
config option that you stated below. (This will be tested before trying with
moving real mail.)
- No worries on letting this fester.. this is truly just a stop gap to find the
edge case LDAP entries and correct them. We will only run this long enough to
get a feel that we've caught any glaring issues. Then we'll return the Postfix
configuration to the proper config and shutdown the old server.
=lc
________________________________
From: owner-postfix-us...@postfix.org <owner-postfix-us...@postfix.org> on
behalf of Viktor Dukhovni <postfix-us...@dukhovni.org>
Sent: Wednesday, December 27, 2017 11:00 PM
To: Postfix users
Subject: Re: question on fallback transport usage
> On Dec 27, 2017, at 8:42 PM, l carr <pandorasbo...@outlook.com> wrote:
>
> The domains are not defined under mydestination, they are defined under
> virtual_alias_domains. So it sounds like the fallback_transport may not
> work for us. Is there any other way to accomplish that same scenario?
Just change move the domains from virtual_alias_domains to relay_domains:
main.cf:
indexed = ${default_database_type}:${config_directory}/
parent_domain_matches_subdomains = smtpd_access_maps
relay_domains = ldap-complete.example
relay_transport = relay:[legacy-server.example]
virtual_alias_domains = ldap-incomplete.example
virtual_alias_maps = ldap:${config_directory}/ldap-valias.cf
# If you have no list of valid recipients, as a last resort
# accept all relay recipients
#
relay_recipient_maps = static:all
# Otherwise deploy some suitable table that lists all valid
# recipients.
#
# relay_recipient_maps = ...
This works because virtual alias domains always rewrite into some
underlying domain for delivery, which works already. So any remaining
recipients that don't get rewritten can be handled via relay_transport
after changing the problem domains to relay_domains. After all the
problem recipients are resolved, move them back to the virtual alias
domains list.
You might end up with a bit of a backscatter problem if you can't
enumerate valid recipients. Don't let this fester.
--
Viktor.
