To be more precise, with the temporary filter I've added, if a user has an address user@domainB, all his other aliases (mailAlternateAdress) will be ignored whatever the destination domain is. Hence I'm trying to make postfix dont do any virtual lookup if the email is destinated to @domainB.
Do you think it's possible ? On Wed, Jan 3, 2018 at 4:07 PM, huret deffgok <kada...@gmail.com> wrote: > > > On Wednesday, January 3, 2018, Viktor Dukhovni <postfix-us...@dukhovni.org> > wrote: > > > > > >> On Jan 3, 2018, at 8:28 AM, huret deffgok <kada...@gmail.com> wrote: > >> > >> My Postfix 3.2.4 server is not a MX for domainB. > >> domainB is not in virtual_mailbox_domains. > >> > >> it is a MX for domainA which is in virtual_mailbox_domains. > >> > >> I have in my ldap some users with: > >> mailAlternateAddress=user@domainB > > > > That setting means that the alternate address is a second address > > for the *same* mailbox. > > > >> my virtual_alias_maps ldap query filter is: > >> (|(mail=%s)(mailAlternateAddress=%s)) > >> And the result attribut is "mail" (always in @domainA). > > > > This is consistent with the above "mailAlternateAddress" semantics. > > > >> The problem is that if I send email to user@domainB from mynetworks > >> or being sasl_authenticated the email is locally delivered (in the > >> log: to=user@domainA , orig_to=user@domainB). > > > > This is correct behaviour. DO NOT set alternate addresses on local > > mailboxes that are foreign addresses to which mail should be delivered > > externally. In this example you would *delete* the mailAlternateAddress > > value "user@domainB" from the LDAP entry in question. What purpose does > > it serve other than to locally short-circuit mail delivery to the remote > > address (which you seem to not want)? > > Sorry for being imprecise. I'm in the process of being an MX for domainB, > so I've added those domainB adresses to the LDAP (and already used by other > apps than postfix) and while waiting for the definitive transition I need > to reject local delivery for this domain. I can hack my way by adding a > negative filtering at the virtual_alias_maps like > (&()(!(mailAlternateAddress=*@domainB))) but then mailAlternateAddress-es > on domainA get ignored :( > I would have hoped for a simple temporary hack to 'transport' away emails > for domainB. > > Kfx > > > > > -- > > Viktor. > >
