Loading ...
Sorry, an error occurred while loading the content.
 

Re: Domain alias rewriting

Expand Messages
  • Kristof Bajnok
    ... Unfortunately it does not fit to our ISP scenario, where there are hundreds of served domains and each domain possibly has some alias domains. ... I think
    Message 1 of 10 , Jan 4, 2013
      On 01/04/2013 04:13 AM, Viktor Dukhovni wrote:
      >>> from the alias form to the canonical form. This will also validate
      >>> > > the alias form as a valid address in RCPT TO commands.
      >> >
      >> > Unfortunately, I can not accomplish this with a single query.
      > Actually, you can:
      >
      > domain = example.com example.org ...
      > query_filter = mail=%u@...
      > result_attribute = mail
      >
      > Just list all the domains whose namespace is identical to example.com
      > after example.com in the "domain = " list, then query for the user
      > in the canonical domain.

      Unfortunately it does not fit to our ISP scenario, where there are
      hundreds of served domains and each domain possibly has some alias domains.

      >
      > This said, it is far better to list all the valid of each user in
      > a suitable multi-valued attribute and skip the domain alias hack.

      I think it's not scalable with LDAP.

      Many years ago I developed the same functionality to qmail-ldap, but
      that project seems to be dead now. Eventually I may find some time to
      implement this in Postfix. I'm wondering about adding some kind of
      argument attribute(s?) to ldap-table, which can look up other tables and
      its result can be expanded to query_filter, etc. Would it fit to Postfix?

      Kristof
    • Viktor Dukhovni
      ... Yes, for that case, provision all LDAP users with a full list of their valid addresses. Receiving the same spam at an ever growing list of domains is not a
      Message 2 of 10 , Jan 4, 2013
        On Fri, Jan 04, 2013 at 10:09:44AM +0100, Kristof Bajnok wrote:

        > On 01/04/2013 04:13 AM, Viktor Dukhovni wrote:
        > >>> from the alias form to the canonical form. This will also validate
        > >>> > > the alias form as a valid address in RCPT TO commands.
        > >> >
        > >> > Unfortunately, I can not accomplish this with a single query.
        > >
        > > Actually, you can:
        > >
        > > domain = example.com example.org ...
        > > query_filter = mail=%u@...
        > > result_attribute = mail
        > >
        > > Just list all the domains whose namespace is identical to example.com
        > > after example.com in the "domain = " list, then query for the user
        > > in the canonical domain.
        >
        > Unfortunately it does not fit to our ISP scenario, where there are
        > hundreds of served domains and each domain possibly has some alias domains.

        Yes, for that case, provision all LDAP users with a full list of
        their valid addresses. Receiving the same spam at an ever growing
        list of domains is not a win for most users, domain-level aliasing
        is over-rated. Receiving mail at a large list of domains is only
        useful for a handful of contact addresses, my experience is that
        real users are sufficiently happy with one or two email domains
        (some users use disposable addresses, but that's a separate
        issue fro domain aliasing).

        > > This said, it is far better to list all the valid of each user in
        > > a suitable multi-valued attribute and skip the domain alias hack.
        >
        > I think it's not scalable with LDAP.

        Multi-valued LDAP attributes scale just fine. Each user has a set
        of valid addresses that is never too large for a single LDAP entry.
        The totality of all domains across all users is not a scaling limit.

        > Would it fit to Postfix?

        Much complexity for not a lot of gain IMHO. Perhaps if the address
        rewriting engine is made generally more configurable, with new
        optional 1-to-1 rewriting performed in smtpd(8) before recipient
        validation, then you get your domain aliasing as just one possible
        application.

        This should be a point feature, rather if there is a Postfix 3.0,
        with a new address rewriting engine, that would be the place to
        consider this.

        --
        Viktor.
      Your message has been successfully submitted and would be delivered to recipients shortly.