Viktor Dukhovni via Postfix-users <[email protected]> wrote:
> On Mon, Feb 09, 2026 at 09:14:41AM -0500, Wietse Venema via Postfix-users
> wrote:
>> Michael Grimm via Postfix-users:
>>> /^(.*)@ellael\.lan$/ ${1}@ellael.lan ${1}@dbmail.ellael.lan
>> That will accept mail for non-existent recipientrs, and hopefully
>> gets you denylisted as a backscatterer.
> Actually, no, because the "allael.lan" domain is I think a purely
> internal fiction (I use "virtual.invalid" for this).
Yes, *.ellael.lan is part of an 10.0.0.0/8 address space. That's why I believed
it to be safe.
> This domain would not be listed in any of the address classes,
> and would be rejected for external senders by
> "reject_unauth_destination".
This local domain is a member of virtual_mailbox_domains, only, and the address
space is part of mynetworks.
I hope that this isn't an issue?
> It would have transport table entries, but these don't imply
> access permissions:
>
> ellael.lan lmtp:...
> dbmail.ellael.lan lmtp:...
Does that mean:
(1) no need for virtual_transport = lmtp:unix:private/dovecot-lmtp in main.cf
(2) both transports in transport_maps instead?
If that is correct: I have to admit that will never gain the knowledge of 10+%
of postfix' functionality in my remaining lifetime ;-)
> So the OP's proposed approach works fine.
Give that *.ellael.lan is member of virtual_mailbox_domains and mynetworks is
*not* an issue, thanks.
If it is an issue I will stick to "explicit per-user 1-to-2 virtual alias
rewrites" as you phrased it in your other mail.
Thanks and regards,
Michael
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
