On Wed, Mar 25, 2015 at 07:25:12PM -0500, Jonathan Vaughn wrote:
> It seems like we should be able to say instead "use MX record for entire
> domain" as a default, and then override just the accounts that should be on
> the Postfix server to be locally delivered. Alternatively, have some way in
> which if it doesn't exist locally it tries to deliver via MX, making even
> simpler configuration?
Indeed you can, but first it is important to know whether for this
domain your Postfix server is an MX host, or only handles mail sent
to you by Google Apps and mail sent out to Google Apps.
If you're the MX host, to avoid backscatter you need to know the
full set of valid addresses for the domain, whether hosted by you
or by Google. Otherwise, you can deny inboud mail for the domain
accept from inside your network, and punt all unknown addresses to
Google, but this is problematic if Google sends you mail for
addresses they don't know about (you get a loop).
Someone needs to know the full address list!
In more complex environments, you may need multipe Postfix instances
with different rules for the "default" case of an unknown user.
For example, mail from the inside hits a Postfix instance that
routes the domain out to Google by default. While mail from
Google hits an instance that delivers local (and rejects
unknown users) by default.
In even more complex cases, you may need to rewrite outbound Google
recipients to a different domain so they leave your internal
environment out towards Google, only to be rewritten back to the
primary address form via smtp_generic_maps in transport that
hands the email off to Google.
In places that are fancier still, the primary First.Last addresses
of users vary over time (some people change last names when they
marry, or shorten their first name, ...), but their underlying
mailbox address is fixed. Google does (did) not support such things
last I checked, so one might always present the stable internal
mailbox name to Google as the envelope recipient for outbound mail.
Email routing can get arbitrarily complex the more fancy your
environment gets.
As for "+extension" address suffixes, in most configurations those
should just work, provided you set "recipient_delimiter = +".
So you need to explain your use-case in more detail.
--
Viktor.
