Matus UHLAR - fantomas:
> On 17.02.22 10:56, Noel Jones wrote:
> >This could be better documented, but basically when receiving mail
> >postfix does not do a full expansion of the recipient address. So the
> >first time an address is accepted by canonical, virtual, local, relay,
> >... whatever maap, the address is considered as valid. Consequently,
> >avoid using wildcard rewrites for recipient addresses.
> >
> >This is a result of distributed nature of postfix. Incoming mail
> >recipients are checked by cleanup(8) and trivial-rewrite(8). To do a
> >full expansion, the functionality of the various delivery agents would
> >also need to be folded into those programs, or a new recipient
> >expansion checker program would need to be bolted on. This is not an
> >easy problem to solve without causing other problems.
> >
> >This is not an exhaustive answer, but should be close enough. This
> >subject has been discussed in the archives several times, but might be
> >hard to track down.
>
> This explains much, thanks.
>
> I'm still curious when it's decided if the address is local or relayed, to
> match in respective _recipient_maps.
>
> I guess that this is skipped in case the address matches canonical_maps.
Indeed. The result of table lookup is not validated in the SMTP
daemon. Some tables can return multiple values (virtual_alias_maps,
alias_maps), and lookups are recursive. Validating those expansions
in the SMTP daemon would be tricky.
Fortunately, there is a way to validate address expansions exactly,
and that is with reject_unverified_recipient. The result is cached
(under both the RCPT TO address and the result of map lookup) so
reject_unverified_recipient is usually fast.
Starting to wonder if reject_unverified_recipient should be given
more publicity.
Wietse
