* Wietse Venema:
> Actually, drain caches and queues BEFORE updating LDAP, so that
> LDAP is not changing while Postfix is still processing email.
The maintenance service and Postfix only intersect in LDAP, and moving
an account between servers can happen at any time. That's why I can only
rely on the LDAP query results.
I have gone through many tests based on Viktor's and your suggestions,
and found the following combination promising:
virtual_alias_maps = ldap:/etc/postfix/virtual_alias.cf
smtpd_recipient_restrictions = [... reject_* here ...]
check_recipient_access ldap:/etc/postfix/recipient_access.cf
The lookups of course use different result attributes with matching
result data: An email address for virtual alias, and DEFER_IF_PERMIT for
access while an account is undergoing maintenance.
-Ralph
