On 2022-01-19 at 08:23:45 UTC-0500 (Wed, 19 Jan 2022 08:23:45 -0500) Alex <[email protected]> is rumored to have said:
Hi, I'm using postfix-3.5.10 and would like to use it to front-end a domain currently being managed by Google Workspace to be able to send mail through our filters first. I know I'll need to redirect the MX, but how do I obtain a user list so I'm not just forwarding all email received for the domain through as a relay, and instead only to those users with current accounts?
Forward address verification works well for this. See the ADDRESS_VERIFICATION_README and the documentation of reject_unverified_recipient. Note that while doing sender (i.e. reverse-path) verification is a highly problematic tactic, forward recipient verification of users in domains you are the MX for is generally safe.
In the past, I believe it was using LDAP, but perhaps that's changed now?
In an environment with comprehensive LDAP (e.g. Windows AD realms) you can use it, but forward SMTP verification can be better as it is a 'ground truth' check of whether an address can accept mail. It also works in a broader range of circumstances without requiring anything other than working SMTP relay.
All references I currently see are using SASL and require the username/password combination of the user accounts.
It's not at all clear to me how/why one would use/need user authentication in this scenario...
-- Bill Cole [email protected] or [email protected] (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire
