On Thu, Feb 18, 2021 at 11:53:56AM -0500, Wietse Venema wrote:
> Viktor Dukhovni:
> > Bottom line, use the transport(5) table for routing, and access(5) for
> > access control.
>
> These are queried at different points in time. Is this race-condition
> safe, i.e. can LDAP reponses change while an email message is in
> flight inside Postfix?
There's no specific issue here. There's never a guarantee that an
address accepted initially is still valid by the time the message lands
in the active queue (possibly after being deferred).
If there are access(5) rules they run in real time to reject some email
that is deemed invalid at that time.
Perhaps later, the accepted and rewritten via virtual(5) recipients are
mapped to transports, and the delivery agent may discover that the
recipient is no longer valid (not in /etc/passwd, rejected by a remote
SMTP or LMTP server, ...). That's normal, some may bounce.
--
Viktor.
