relay_recipient_maps before canonical

[Proft, Michael]

Hi!

I got following problem, or maybe I just don't understand ;-)
If I do address rewriting via canonical map, the addresses won't be
checked for being valid addresses for my relay domains. As far as I know
this is normal postfix behaviour.
All valid addresses of my relay domains are collected to a relay
recipient map. In canonical I do rewriting for one domain:
@subdomain1.mydomain.tld @subdomain2.mydomain.tld
How could I check these for being valid recipients?

(Environment: Postfix 2.1.1, used as a mail relay in front of other mail
servers)

Michael

[Noel Jones]

Yes, this is normal postfix behavior - wildcard rewrites in
canonical maps causes all recipients matching the wildcard
to be considered valid.

Two solutions are offered
- don't use wildcards. Use your favorite scripting
language and make(1) to generate an accurate list to use in
canonical_maps. This is the preferred solution and should
be easy if you already have a list of valid recipients in
"subdomain2". Your canonical_maps entries would then look like:
us...@subdomain1.example.tld us...@subdomain2.example.tld
us...@subdomain1.example.tld us...@subdomain2.example.tld
us...@subdomain1.example.tld us...@subdomain2.example.tld

- use active recipient address verification to query the
downstream mail server which recipients are valid. This
requires that the downstream server reject invalid users
during the SMTP transaction.
http://www.postfix.org/ADDRESS_VERIFICATION_README.html
http://www.postfix.org/ADDRESS_VERIFICATION_README.html#recipient

--
Noel Jones