postfix: Extend automatic address tagging to non-*.scripts.mit.edu hosts

We previously delivered [email protected] ↦
[email protected].  Extend this to tag@any-domain ↦
[email protected], not because this is a particularly
important feature, but mostly because this reduces the amount of
special-case configuration.

Signed-off-by: Anders Kaseorg <[email protected]>

Author: andersk

server/fedora/config/etc/postfix/main.cf

@@ -29,8 +29,8 @@ newaliases_path = /usr/bin/newaliases
 mailq_path = /usr/bin/mailq
 queue_directory = /var/spool/postfix
 mail_owner = postfix
-virtual_alias_domains = texthash:/etc/postfix/virtual, regexp:/etc/postfix/virtual_re, ldap:/etc/postfix/virtual-alias-domains-ldap.cf
-virtual_alias_maps = texthash:/etc/postfix/virtual, regexp:/etc/postfix/virtual_re, ldap:/etc/postfix/virtual-alias-maps-ldap-reserved.cf, ldap:/etc/postfix/virtual-alias-maps-ldap.cf
+virtual_alias_domains = !scripts.mit.edu, !scripts, !$myhostname, !scripts-test.mit.edu, !scripts-test, !localhost, scripts-vhosts.mit.edu, scripts-vhosts-old.mit.edu, ldap:/etc/postfix/virtual-alias-domains-ldap.cf
+virtual_alias_maps = ldap:/etc/postfix/virtual-alias-maps-ldap-reserved.cf, ldap:/etc/postfix/virtual-alias-maps-ldap.cf
 data_directory = /var/lib/postfix
 authorized_flush_users = fail
 authorized_mailq_users = /etc/postfix/mailq_users

server/fedora/config/etc/postfix/virtual

@@ -1,2 +0,0 @@
-scripts-vhosts-old.mit.edu true
-scripts-vhosts.mit.edu true

server/fedora/config/etc/postfix/virtual-alias-maps-ldap.cf

@@ -1,22 +1,22 @@
-# Find any vhost with a name or alias matching the domain of the e-mail
-# address.  We're queried with an entire e-mail address, but are only
-# interested in checking whether the domain portion corresponds to a
-# vhost; we'll simply deliver any mail for the vhost to its owner, regardless
-# of the lefthand side of the address.  %d extracts only the domain.
-# We don't match the scripts.mit.edu vhost here because we don't want
-# to first resolve an arbitrary address to a scripts account, and then
-# end up sending their mail to the owners of the scripts.mit.edu vhost.
-# Once we've found the scriptsVhost object corresponding to the domain
-# the e-mail is for, we recursively search the suffix for the vhost's
-# scriptsVhostAccount, and take the uid from that object.  This uid is
-# the name of the locker that owns the vhost.  Protocol version 3 is
+# Find any vhost with a name or alias matching the domain of the
+# e-mail address.  We're queried with an entire e-mail address, but
+# are only interested in checking whether the domain portion
+# corresponds to a vhost; we'll simply deliver any mail for the vhost
+# to its owner, appending the original lefthand side of the address as
+# an extension.  %d extracts only the domain.  We don't match the
+# scripts.mit.edu vhost here because we don't want to first resolve an
+# arbitrary address to a scripts account, and then end up sending
+# their mail to the owners of the scripts.mit.edu vhost.  The uid
+# attribute, generated by the CoS template
+# cn=vhostOwnerCoS,ou=VirtualHosts,dc=scripts,dc=mit,dc=edu, is the
+# name of the locker that owns the vhost.  Protocol version 3 is
 # necessary to use ldapi.
 
 server_host = ldapi://%2fvar%2frun%2fslapd-scripts.socket/
 search_base = ou=VirtualHosts,dc=scripts,dc=mit,dc=edu
 query_filter = (&(objectClass=scriptsVhost)(|(scriptsVhostName=%d)(scriptsVhostAlias=%d))(!(scriptsVhostName=scripts.mit.edu)))
 result_attribute = uid
-special_result_attribute = scriptsVhostAccount
+result_format = %s+%U
 bind = no
 version = 3