User unknown in relay recipient table

[Robert Schuster]

Playing around with efa since a couple of days.
Quite nice so far and doing most things I've expected very well

Unfortunately in some situations I get a User unknown in relay recipient table and I've no idea how to solve this.

In general my mail-flow is:
internet -> efa -> decryption/encryption-box (postfix) -> ms-exchange (2013)
For recipient validation I've put a relay_recipient_maps = ldap:/etc/postfix/ldap_relay_recipient_map.cf in main.cf which works very well.

For some special cases I have an other mailflow:
internet -> efa -> decryption/encryption-box (postfix) -> mailbox-server (postfix)
What do I have to change to get the recipient addresses validated against the mailbox-server (or at least against the decryption-box which asks the mailbox-server)?
Even if I leave the decryption-box out of the traffic like: internet -> efa -> mailbox-server (postfix) I get the User unknown in relay recipient table.

Any help is welcome
regards
Robert

[Robert Schuster]

short update:

In the meantime I fifured out that ist has to do with the added relay_recipient_maps for verifying the exchange-server users.
Postfix thinks this map is for to verify ALL recipients no matter behind which gateway there are located.

So - the new question is:
How to make a relay_recipient_map valid for the target domain (based on the domain name in i.e. transport) and how to make a "normal" smtp-callout for all other domains (also based on the domain name in i.e. transport).

[shawniverson]

Can you add a wildcard to your relay_recipient_maps for the other domains?

@example.com x

?

[Robert Schuster]

of course I can:-)
But this is not what I want. You can add multiple relay_recipient_maps and beside the ldap one I could add an another hash one.

The Linux-host is a test system on which are users script generated and deletd high frequently.
Wildcard means always accepting everything - this is what I don't want. And I also don't want (can not) take care of the permanent changing user list.

[shawniverson]

I'm not sure I can answer your question since I have never done that. Have you tried asking this question on freenode in #postfix, by chance?

[Robert Schuster]

I've posted the question to the postfix mailing list.
This is definitiv a Postfix "problem".
I also never thought about that relay_recipient_maps switch off all other recipient verifications.
We will see what's going on. I'll post the result here - may somebody else can use it.

At the meantime I've extended the user generation/deletion script. It creates and delets now dummy useres in a OU=test at the ms-ldap. So the ldap query works for them too. Dirty but it works.

regards
Robert

[Robert Schuster]

more or less solved...
If you use relay_recipient_maps than this overrules all other recipient address checks.
You can add more of this tables (i.e. for different domains), different sources (ldap, hash-table etc.) but the recipient address has to be resolved in one of these.