Thank you for the input. Our virtual alias files are script generated and updated periodically. I had considered adding a map for each user for each of the domains. However, we have about 80 domains. That times our 30k users and we'd have almost 2.5 million aliases. Seems like a very large list that could cause performance issues under load. Would you agree?
I had also considered using validation, but one of the mail systems we are delivering to is behind yet another relay that does not reject unknown users. We could potentially set up a validation transport to work around it, but internal political concerns would make that solution difficult. Doing more research yesterday I came up with another possible solution I'd like to get your opinion of. What do you think of using smtpd_command_filter to dynamically update the recipients. Something like: /^RCPT\s+TO:\s*(.*)@example\.\b(in|cn|us)\b(>*)/ RCPT TO:$1...@example.com$3 This seems to work form my initial testing. Would there be any issues that I'm not seeing using this solution? Any corner cases that the regex would not handle well? ________________________________ From: owner-postfix-us...@postfix.org <owner-postfix-us...@postfix.org> on behalf of Wietse Venema <wie...@porcupine.org> Sent: Tuesday, February 18, 2020 12:59 PM To: Postfix users <postfix-users@postfix.org> Subject: [External] Re: Virtual mapping without classifying ewilkison: > Virtual mapping without classifying > We're working on a project that will use Postfix as gateway servers from the > Internet to a couple a couple of internal mail systems.? We've got it setup > with hash tables to map about 30K virtual users to their destination > address.? Mail to non existing users should be rejected. > One of the requirements is to map also map several countries?domains back to > the main .com domain.? For example, b...@example.com can also receive mail as > b...@example.in, b...@example.uk, etc.? To accomplish this we used regex > virtual mapping: > /(.*)@example.uk/ $1...@example.com > /(.*)@example.in/ $1...@example.com > > This system works well for known users, but does not reject mail for non > existing?country domain users. For example badu...@example.uk is accepted > then a bounce message is generated because there is no virtual mapping for > badu...@example.com. When badu...@exampe.in is mapped to basu...@example.com > via the regex mapping it is also classified as an authorized destination.? > Is there a way to have postfix perform this first level of mapping without > classifying the recipient?as authorized?? No. The virtual alias map does not verify that the user really exists. > Is there a better way to work around this issue? 1) Periodically, populate your virtual aliases with real data. 2) Use reject_unverified_recipient, as described in http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient Wietse
