PGNet Dev:
> On 11/22/20 11:58 AM, Wietse Venema wrote:
>
> > This would be good fit for virtual_alias_maps (and maybe adding
> > domains to virtual_alias_domains, see note below). virtual_alias_maps
> > replaces the envelope recipient without replacing header addresses,
> > and it works for single-recipient mail equally well as multi-recipient
> > mail.
>
> I'm trying this 'temporary redirect' approach for several configs.
>
> For one working setup/config, mail to "us...@example.com" is
> normally accepted by my postfix frontend, & flows through to my
> backend(s).
>
> Adding the intercepting virtual_alias_* redirect "early" in the
> frontend config
>
> master.cf
>
> [mx1.example.net]:25 inet n - n - 1 postscreen
> -o postscreen_tls_security_level=may
> -o
> smtpd_authorized_xforward_hosts=127.0.0.0/8,$var_MX1/32,$var_MX2/32
> -o smtpd_service_name=postscreen-internal
> postscreen-internal pass - - n - - smtpd
> -o syslog_name=postfix/postscreen-internal
> + -o
> virtual_alias_domains=lmdb:/etc/postfix/TEMP_virtual_alias_domains
> + -o virtual_alias_maps=lmdb:/etc/postfix/TEMP_virtual_alias_maps
> -o smtpd_tls_ask_ccert=no
> -o smtpd_tls_security_level=may
> -o smtpd_tls_loglevel=1
> -o smtpd_tls_received_header=yes
> -o
> address_verify_transport_maps=lmdb:/etc/postfix/adress_verify_transport_map
> -o
> smtpd_relay_restrictions=permit_mynetworks,reject_unauth_destination,permit
> -o
> smtpd_authorized_xforward_hosts=127.0.0.0/8,$var_MX1/32,$var_MX2/32
> -o smtpd_client_connection_count_limit=25
> -o smtpd_client_connection_rate_limit=0
> -o anvil_rate_time_unit=60s
> -o smtpd_proxy_timeout=300s
> -o smtpd_proxy_options=speed_adjust
> -o smtpd_proxy_filter=[127.0.0.1]:21030
Note that smtpd does not implement the virtual alias mapping. It
merely determines if the recipient address should be accepted or
rejected.
The virtual alias mapping happens on the other end of the
smtpd_proxy_filter (presumably, another smtpd process that feeds
into a cleanup process that does the virtual alias expansion).
Wietse
