LDAP lookups, /etc/aliases processing, MX on separate machine.

      My setup works, I just need to find if it's really a correct configuration.
      The issue:
      I don't have the machine with the organization's domain as MX for my domain.
      Mails are "person@..." and the MX is
      I want mails to "anyone" in the aliases file to be sent correctly (either to
      another account on my organization's domain or an outside email address).
      Please read the next part of my email to understand.


      I'm running postfix-2.3.2-28.
      I have a machine which acts as both MX and smtp-out for other machine, the
      machine with my organization's mail domain. I use LDAP for the user lookup
      tables. Everything works ok, I guess config makes sense (I'm reading
      http://www.postfix.org/postconf.5.html). On the MX machine, I don't run the
      IMAP server, it's also on a separate machine, and there I run another postfix.
      "Organization's domain" = city.organization.tld (there are no other
      *.organization.tld, city = the whole organization)
      MX machine = machinexyz.organization.tld
      IMAP machine = machinexyz2.organization.tld

      INTERNET --"(a)"--> MX_MACHINE --"(b)"--> IMAP_MACHINE

      (a) mail to someone_exists_on_ldap@.... arrives
      (a) Still on "a" MX machine finds user because he is looked up on LDAP
      (b) Message is delivered using transport "city.organization.tld relay
      [xx.xx.xx.xx]" where xx.xx.xx.xx is the ip address of the final machine,
      running IMAP/postfix. There I use Dovecot LDA as transport.

      So, to be clear, I want to have aliases for city.organization.tld, either to
      another account on city.organization.tld or to person@..., for instance
      to be correctly processed by: the first machine which sees the message (mx
      machine) and the final machine, the imap machine (there I run postfix, as I

      ------------ MX MACHINE -- MX MACHINE
      alias_maps = hash:/etc/aliases, ldap:ldaplocal, ldap:/etc/postfix/ldap-local.cf
      local_recipient_maps = hash:/etc/aliases, ldap:ldaplocal,
      virtual_alias_maps = hash:/etc/postfix/virtual
      virtual_alias_domains = hash:/etc/postfix/virtual
      virtual_maps = ldap:/etc/postfix/ldap-local.cf
      relay_recipient_maps = ldap:ldaplocal, ldap:/etc/postfix/ldap-local.cf
      (objectclass=inetlocalmailrecipient)) (objectclass=groupofuniquenames)
      transport_maps = hash:/etc/postfix/transport
      mydestination = $myhostname, localhost.$mydomain
      relay_domains = city.organization.tld ("organization's domain")
      smtpd_recipient_restrictions = permit_mynetworks, permit_auth_destination,
      reject_unauth_destination, reject_unverified_recipient, check_recipient_access
      unverified_recipient_reject_code = 559
      mynetworks =, xx.xx.0.0/16
      unknown_local_recipient_reject_code = 450
      myhostname = machinexyz.organization.tld (mx machine)
      ------------ MX MACHINE -- MX MACHINE

      ------------ MX MACHINE TRANSPORT
      city.organization.tld relay:[xx.xx.xx.xx] where xx.xx.xx.xx is the ip
      address with IMAP server
      ------------ MX MACHINE TRANSPORT


      Exact the same present on mx machine, except for:

      mydestination = $myhostname, localhost.$mydomain, city.organization.tld
      dovecot_destination_recipient_limit = 1
      mailbox_transport = dovecot
      mydestination = $myhostname, localhost.$mydomain, city.organization.tld

      Solution A)
      Should I configure mx machine to have the city.organization.tld domain as
      destination? That way /etc/aliases would be read, as of now, I think the mx
      machine looks first and only on the relay_recipient table which is LDAP.

      Solution B) (THIS IS WORKING)
      I add the desired alias to both "mx machine" /etc/aliases, and "imap
      machine" /etc/aliases...
      Does that make sense, is it a correct configuration? Or just a wrong
      configuration which happens to work, but is not really correct?

