On Thu, Sep 20, 2012 at 10:48:15AM +0200, Michael Storz wrote:
> >This is an account provisioning problem, not an MTA routing problem.
> >The best solution is to not send email to the user until the
> >provisioning is complete.
>
> Unfortunately we can't tackle the account provisioning problem
> (interworking of Microsoft software with Novell software), which makes
> it a MTA routing problem, which I have to resolve.
>
> Waiting to send the email until the user is fully provisioned is not
> possible. The sending application has no knowledge about the status of the
> provisioning. There is an organizational boundary and a meta directory
> between 2 IDMs in between.
Postfix accepts mail, and then it delivers it. Accept all mail for
recipients listed in the master directory. Almost always these
users are already valid in the child directories. Do not check
the child directories.
Route all mail to a second Postfix instance on the mailhub (can be
a post-filter instance if you're already doing content filtering).
The second instance should tempfail all recipients that are not
defined in the destination directories.
Source --->
Input ---> Null or actual content filter ---> Output --->
Destination
The input instance only checks the master directory, the output
instance checks the destination directory (e.g. Exchange)
that handles mail for the user.
Similar results can be obtained with soft-bounce delivery agents, ...
and various other designs less convoluted than if then else logic
in tables.
And it may still be possible to provision accounts a day (or a few
hours) in advance of all attempts to send email to that account,
in which case all the downstream directories should be ready.
--
Viktor.
