On Tue, Jun 22, 2010 at 06:04:37PM +0200, Mariusz Kie?pi?ski wrote:
> Victor Duchovni wrote:
> > On Tue, Jun 22, 2010 at 11:53:37AM +0200, Mariusz Kie?pi?ski wrote:
> >
> >> allow_mail_to_commands and allow_mail_to_files according to
> >> http://www.postfix.org/postconf.5.html are global for all users. I have a
> >> need do disallow processing of .forward for most user (default
> behavior)
> >> however some of them should still have a possibility of usage .forward
> file. In the other words is this possible to block processing .forward
> file for some users ?
> >
> > Yes, by using multiple copies of the local transport in master.cf, and
> using transport_maps to route mail for selected users to an alternate
> local transport, (with -o foo=bar overrides in master.cf).
> >
> > local2 unix - n n - - local
> > -o ...
> >
> Ok. So I added in master.cf
> local_no_forward unix - n n - - local
> -o allow_mail_to_commands=alias
> -o allow_mail_to_files=alias
>
> I also created
> transport_maps
> /u...@.*/ local_no_forward:
>
> and postmap-ed it
You don't postmap regexp tables. More importantly you are aliasing this
address local-part in all remote domains to be local. That's wrong.
You must list the local domains one by one in the transport table
u...@a.example.com local_no_forward
u...@b.example.com local_no_forward
u...@c.example.com local_no_forward
and use a non-regexp transport table.
> To main.cf
> I added
> transport_maps = pcre:/etc/postfix/transport_maps
>
> It seems that maps works because
> DF82C8B2E8: to=<u...@xxxxxxx>, relay=local_no_forward, delay=0.12,
> delays=0.06/0.01/0/0.05, dsn=2.0.0, status=sent (forwarded as EFDC48B2E6)
>
> However .forward file in home directory of user still works
The mail did not get piped to a command, it got forwarded to an address
listed in .forward, the "allow_mail_to..." disable command processing.
--
Viktor.
