On Mon, Dec 20, 2010 at 04:17:08PM -0200, Lauro Costa G. Borges wrote:
> I'm using Postfix 2.7.0.
Good, this is a reasonably recent release. You may want to consider
updating to 2.7.2:
20100515
Bugfix (introduced Postfix 2.6): the Postfix SMTP client
XFORWARD implementation did not skip "unknown" SMTP client
attributes, causing a syntax error when sending a PORT
attribute. Reported by Victor Duchovni. File: smtp/smtp_proto.c.
20100526
Cleanup: a unit-test driver (for stand-alone tests) was not
updated after an internal API change. Vesa-Matti J Kari
File: milter/milter.c.
20100529
Portability: OpenSSL 1.0.0 changes the priority of anonymous
cyphers. Victor Duchovni. Files: postconf.proto,
global/mail_params.h, tls/tls_certkey.c, tls/tls_client.c,
tls/tls_dh.c, tls/tls_server.c.
Portability: Mac OS 10.6.3 requires <arpa/nameser_compat.h>
instead of <nameser8_compat.h>. Files: makedefs, util/sys_defs.h,
dns/dns.h.
20100531
Robustness: skip LDAP queries with non-ASCII search strings.
The LDAP library requires well-formed UTF-8. Victor Duchovni.
File: global/dict_ldap.c.
20100601
Safety: Postfix processes log a warning when a matchlist
has a #comment at the end of a line (for example mynetworks
or relay_domains). File: util/match_list.c.
Portability: Berkeley DB 5.x has the same API as Berkeley
DB 4.1 and later. File: util/dict_db.c.
20100610
Bugfix (introduced Postfix 2.2): Postfix no longer appends
the system default CA certificates to the lists specified
with *_tls_CAfile or with *_tls_CApath. This prevents
third-party certificates from getting mail relay permission
with the permit_tls_all_clientcerts feature. Unfortunately
this may cause compatibility problems with configurations
that rely on certificate verification for other purposes.
To get the old behavior, specify "tls_append_default_CA =
yes". Files: tls/tls_certkey.c, tls/tls_misc.c,
global/mail_params.h. proto/postconf.proto, mantools/postlink.
20100714
Compatibility with Postfix < 2.3: fix 20061207 was incomplete
(undoing the change to bounce instead of defer after
pipe-to-command delivery fails with a signal). Fix by Thomas
Arnett. File: global/pipe_command.c.
20100727
Bugfix: the milter_header_checks parser provided only the
actions that change the message flow (reject, filter,
discard, redirect) but disabled the non-flow actions (warn,
replace, prepend, ignore, dunno, ok). File:
cleanup/cleanup_milter.c.
20100827
Performance: fix for poor smtpd_proxy_filter TCP performance
over loopback (127.0.0.1) connections. Problem reported by
Mark Martinec. Files: smtpd/smtpd_proxy.c.
20101023
Cleanup: don't apply reject_rhsbl_helo to non-domain forms
such as network addresses. This would cause false positives
with dbl.spamhaus.org. File: smtpd/smtpd_check.c.
20101117
Bugfix: the "421" reply after Milter error was overruled
by Postfix 1.1 code that replied with "503" for RFC 2821
compliance. We now make an exception for "final" replies,
as permitted by RFC. Solution by Victor Duchovni. File:
smtpd/smtpd.c.
> I use LDAP do manage/list domains that I relay for.
Make sure you have a robust, low-latency LDAP infrastructure. The
trivial-rewrite service will query LDAP to determine the address class of
each domain, and qmgr(8) uses trivial-rewrite to resolve every recipient,
so LDAP becomes performance critical.
> Suppose I relay for both domain1.org and domain2.org.
>
> Mail arrives to [email protected] (and [email protected] has an alias to
> [email protected]).
What do you mean by "has an alias"?
> I would like the result to the query to be the domain I searched, AND the
> other domains, since, in the case I have an alias, domain2.org also needs
> to be listed as a domain a relay for.
You are confused. Transport lookups are single valued. The lookup result
in relay_domains is entirely ignored, ony the existence of the lookup
key in the table is signficant.
If you want to relay for a domain, make sure that a lookup for that
domain returns a result when queried against the table that implements
relay_domains.
> I think when Postfix notices it also has to deliver to
> [email protected], it does NOT make another search, and the only transport
> it knows about at that moment, is "domain1.org relay:[1.2.3.10]". It seems
> Postfix doesn't know about the transport to domain2.org
This is completely wrong. First, you have to explain what you mean by
an "alias", where you want the mail to be delivered, what actually
happens (detailed unmangled logs) and show your configuration.
http://www.postfix.org/DEBUG_README.html#mail
--
Viktor.
