Trying to NOT locally deliver emails

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Trying to NOT locally deliver emails

huret deffgok
Hi list,

My Postfix 3.2.4 server is not a MX for domainB.
domainB is not in virtual_mailbox_domains.

it is a MX for domainA which is in virtual_mailbox_domains.

I have in my ldap some users with:
mailAlternateAddress=user@domainB

my virtual_alias_maps ldap query filter is:
(|(mail=%s)(mailAlternateAddress=%s))
And the result attribut is "mail" (always in @domainA).

The problem is that if I send email to user@domainB from mynetworks or being sasl_authenticated the email is locally delivered (in the log: to=user@domainA , orig_to=user@domainB).

I've tried to add in transport:
domainB               relay:mx.domainB

But it's not working :(



Thanks for any help,
kfx


Reply | Threaded
Open this post in threaded view
|

Re: Trying to NOT locally deliver emails

Viktor Dukhovni


> On Jan 3, 2018, at 8:28 AM, huret deffgok <[hidden email]> wrote:
>
> My Postfix 3.2.4 server is not a MX for domainB.
> domainB is not in virtual_mailbox_domains.
>
> it is a MX for domainA which is in virtual_mailbox_domains.
>
> I have in my ldap some users with:
> mailAlternateAddress=user@domainB

That setting means that the alternate address is a second address
for the *same* mailbox.

> my virtual_alias_maps ldap query filter is:
> (|(mail=%s)(mailAlternateAddress=%s))
> And the result attribut is "mail" (always in @domainA).

This is consistent with the above "mailAlternateAddress" semantics.

> The problem is that if I send email to user@domainB from mynetworks
> or being sasl_authenticated the email is locally delivered (in the
> log: to=user@domainA , orig_to=user@domainB).

This is correct behaviour.  DO NOT set alternate addresses on local
mailboxes that are foreign addresses to which mail should be delivered
externally.  In this example you would *delete* the mailAlternateAddress
value "user@domainB" from the LDAP entry in question.  What purpose does
it serve other than to locally short-circuit mail delivery to the remote
address (which you seem to not want)?

--
        Viktor.
Reply | Threaded
Open this post in threaded view
|

Re: Trying to NOT locally deliver emails

huret deffgok


On Wednesday, January 3, 2018, Viktor Dukhovni <[hidden email]> wrote:

>
>
>> On Jan 3, 2018, at 8:28 AM, huret deffgok <[hidden email]> wrote:
>>
>> My Postfix 3.2.4 server is not a MX for domainB.
>> domainB is not in virtual_mailbox_domains.
>>
>> it is a MX for domainA which is in virtual_mailbox_domains.
>>
>> I have in my ldap some users with:
>> mailAlternateAddress=user@domainB
>
> That setting means that the alternate address is a second address
> for the *same* mailbox.
>
>> my virtual_alias_maps ldap query filter is:
>> (|(mail=%s)(mailAlternateAddress=%s))
>> And the result attribut is "mail" (always in @domainA).
>
> This is consistent with the above "mailAlternateAddress" semantics.
>
>> The problem is that if I send email to user@domainB from mynetworks
>> or being sasl_authenticated the email is locally delivered (in the
>> log: to=user@domainA , orig_to=user@domainB).
>
> This is correct behaviour.  DO NOT set alternate addresses on local
> mailboxes that are foreign addresses to which mail should be delivered
> externally.  In this example you would *delete* the mailAlternateAddress
> value "user@domainB" from the LDAP entry in question.  What purpose does
> it serve other than to locally short-circuit mail delivery to the remote
> address (which you seem to not want)?

Sorry for being imprecise. I'm in the process of being an MX for domainB, so I've added those domainB adresses to the LDAP (and already used by other apps than postfix) and while waiting for the definitive transition I need to reject local delivery for this domain. I can hack my way by adding a negative filtering at the virtual_alias_maps like (&()(!(mailAlternateAddress=*@domainB))) but then mailAlternateAddress-es on domainA get ignored :(
I would have hoped for a simple temporary hack to 'transport' away emails for domainB.

Kfx

>
> --
>         Viktor.
>
Reply | Threaded
Open this post in threaded view
|

Re: Trying to NOT locally deliver emails

Viktor Dukhovni


> On Jan 3, 2018, at 10:07 AM, huret deffgok <[hidden email]> wrote:
>
> Sorry for being imprecise. I'm in the process of being an MX for domainB,
> so I've added those domainB adresses to the LDAP (and already used by
> other apps than postfix) and while waiting for the definitive transition
> I need to reject local delivery for this domain.

The way you've added the addresses is incorrect.  Do NOT add them as
"mailAlternateAddress" values *until* mail for the domain is to be
delivered locally.

If the same underlying person has both an an internal and an external
address, with one address delivered inside, and the other outside,
and you want to store both in a single LDAP entry, use some other
attribute that is not mapped to the primary local address.

        externalAddress: user@domainB

or similar.  You could exclude domainB from virtual alias expansion,
by using the "domain" property of the LDAP table, but that's a hack.
The real issue is a mismatch between the LDAP schema and the desired
semantics.  Fix that.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: Trying to NOT locally deliver emails

huret deffgok
In reply to this post by huret deffgok
To be more precise, with the temporary filter I've added, if a user has an address user@domainB, all his other aliases (mailAlternateAdress) will be ignored whatever the destination domain is.
Hence I'm trying to make postfix dont do any virtual lookup if the email is destinated to @domainB.

Do you think it's possible ?

On Wed, Jan 3, 2018 at 4:07 PM, huret deffgok <[hidden email]> wrote:


On Wednesday, January 3, 2018, Viktor Dukhovni <[hidden email]> wrote:

>
>
>> On Jan 3, 2018, at 8:28 AM, huret deffgok <[hidden email]> wrote:
>>
>> My Postfix 3.2.4 server is not a MX for domainB.
>> domainB is not in virtual_mailbox_domains.
>>
>> it is a MX for domainA which is in virtual_mailbox_domains.
>>
>> I have in my ldap some users with:
>> mailAlternateAddress=user@domainB
>
> That setting means that the alternate address is a second address
> for the *same* mailbox.
>
>> my virtual_alias_maps ldap query filter is:
>> (|(mail=%s)(mailAlternateAddress=%s))
>> And the result attribut is "mail" (always in @domainA).
>
> This is consistent with the above "mailAlternateAddress" semantics.
>
>> The problem is that if I send email to user@domainB from mynetworks
>> or being sasl_authenticated the email is locally delivered (in the
>> log: to=user@domainA , orig_to=user@domainB).
>
> This is correct behaviour.  DO NOT set alternate addresses on local
> mailboxes that are foreign addresses to which mail should be delivered
> externally.  In this example you would *delete* the mailAlternateAddress
> value "user@domainB" from the LDAP entry in question.  What purpose does
> it serve other than to locally short-circuit mail delivery to the remote
> address (which you seem to not want)?

Sorry for being imprecise. I'm in the process of being an MX for domainB, so I've added those domainB adresses to the LDAP (and already used by other apps than postfix) and while waiting for the definitive transition I need to reject local delivery for this domain. I can hack my way by adding a negative filtering at the virtual_alias_maps like (&()(!(mailAlternateAddress=*@domainB))) but then mailAlternateAddress-es on domainA get ignored :(
I would have hoped for a simple temporary hack to 'transport' away emails for domainB.

Kfx

>
> --
>         Viktor.
>