Perform the alias resolution and address validation solely on the MX:es.

We can therefore spare some lookups on the MDA, and use static:all
instead.

6 files changed, 21 insertions, 43 deletions

diff --git a/roles/IMAP/files/etc/postfix/transport b/roles/IMAP/files/etc/postfix/transport
new file mode 100644
index 0000000..d40ac5d
--- /dev/null
+++ b/roles/IMAP/files/etc/postfix/transport
@@ -0,0 +1 @@
+filter.mda.fripost.org  amavisfeed:[127.0.0.1]:10041
diff --git a/roles/IMAP/files/etc/postfix/virtual/mailbox.cf b/roles/IMAP/files/etc/postfix/virtual/mailbox.cf
deleted file mode 100644
index e69343b..0000000
--- a/roles/IMAP/files/etc/postfix/virtual/mailbox.cf
+++ /dev/null
@@ -1,9 +0,0 @@
-server_host      = ldapi://%2Fprivate%2Fldapi/
-version          = 3
-search_base      = fvl=%u,fvd=%d,ou=virtual,dc=fripost,dc=org
-domain           = static:all
-scope            = base
-bind             = none
-query_filter     = (&(objectClass=FripostVirtualUser)(fvl=%u))
-result_attribute = fvl
-result_format    = OK
diff --git a/roles/IMAP/files/etc/postfix/virtual/mailbox_domains.cf b/roles/IMAP/files/etc/postfix/virtual/mailbox_domains.cf
deleted file mode 120000
index 05f7ed9..0000000
--- a/roles/IMAP/files/etc/postfix/virtual/mailbox_domains.cf
+++ /dev/null
@@ -1 +0,0 @@
-../../../../../MX/templates/etc/postfix/virtual/mailbox_domains.cf.j2
\ No newline at end of file
diff --git a/roles/IMAP/files/etc/postfix/virtual/transport_content_filter.cf b/roles/IMAP/files/etc/postfix/virtual/transport_content_filter.cf
deleted file mode 100644
index 642b722..0000000
--- a/roles/IMAP/files/etc/postfix/virtual/transport_content_filter.cf
+++ /dev/null
@@ -1,9 +0,0 @@
-server_host      = ldapi://%2Fprivate%2Fldapi/
-version          = 3
-search_base      = fvl=%u,fvd=%d,ou=virtual,dc=fripost,dc=org
-domain           = static:all
-scope            = base
-bind             = none
-query_filter     = (&(objectClass=FripostVirtualUser)(objectClass=AmavisAccount)(fvl=%u))
-result_attribute = fvl
-result_format    = amavisfeed:[127.0.0.1]:10041
diff --git a/roles/IMAP/tasks/mda.yml b/roles/IMAP/tasks/mda.yml
index 698fd4f..897a61d 100644
--- a/roles/IMAP/tasks/mda.yml
+++ b/roles/IMAP/tasks/mda.yml
@@ -12,28 +12,15 @@
   notify:
     - Reload Postfix
 
-- name: Create directory /etc/postfix-.../virtual
-  file: path=/etc/postfix-{{ postfix_instance[inst].name }}/virtual
-        state=directory
-        owner=root group=root
-        mode=0755
-
-- name: Copy lookup tables
-  copy: src=etc/postfix/virtual/{{ item }}
-        dest=/etc/postfix-{{ postfix_instance[inst].name }}/virtual/{{ item }}
+- name: Copy the transport and recipient canonical maps
+  copy: src=etc/postfix/{{ item }}
+        dest=/etc/postfix-{{ postfix_instance[inst].name }}/{{ item }}
         owner=root group=root
         mode=0644
   with_items:
-    - mailbox_domains.cf
-    - mailbox.cf
-    - transport_content_filter.cf
-
-- name: Copy recipient canonical
-  # no need to reload upon change, as cleanup(8) is short-running
-  copy: src=etc/postfix/recipient_canonical.pcre
-        dest=/etc/postfix-{{ postfix_instance[inst].name }}/recipient_canonical.pcre
-        owner=root group=root
-        mode=0644
+    # no need to reload upon change, as cleanup(8) is short-running
+    - recipient_canonical.pcre
+    - transport
 
 - name: Build the Postfix relay clientcerts map
   sudo: False
@@ -60,6 +47,14 @@
   tags:
     - tls_policy
 
+- name: Compile the Postfix transport maps
+  # trivial-rewrite(8) is a long-running process, so it's safer to reload
+  postmap: cmd=postmap src=/etc/postfix-{{ postfix_instance[inst].name }}/transport db=cdb
+           owner=root group=root
+           mode=0644
+  notify:
+    - Reload Postfix
+
 - meta: flush_handlers
 
 - name: Start Postfix
diff --git a/roles/IMAP/templates/etc/postfix/main.cf.j2 b/roles/IMAP/templates/etc/postfix/main.cf.j2
index 5758146..5a17fe2 100644
--- a/roles/IMAP/templates/etc/postfix/main.cf.j2
+++ b/roles/IMAP/templates/etc/postfix/main.cf.j2
@@ -45,15 +45,16 @@ recipient_delimiter = +
 relay_transport   = error:5.1.1 Relay unavailable
 default_transport = error:5.1.1 Transport unavailable
 
-# Virtual transport (the alias resolution is already done by the MX:es)
+# Virtual transport (the alias resolution and address validation is
+# performed on the MX:es only)
 virtual_transport       = lmtp:unix:private/dovecot-lmtpd
 lmtp_bind_address       = 127.0.0.1
-virtual_mailbox_domains = ldap:$config_directory/virtual/mailbox_domains.cf
-virtual_mailbox_maps    = ldap:$config_directory/virtual/mailbox.cf
-transport_maps          = ldap:$config_directory/virtual/transport_content_filter.cf
+virtual_mailbox_domains = static:all
+virtual_mailbox_maps    = static:all
+#transport_maps          = cdb:$config_directory/transport
 
 # Restore the original envelope recipient
-relay_domains               = $myhostname
+relay_domains               =
 recipient_canonical_classes = envelope_recipient
 recipient_canonical_maps    = pcre:$config_directory/recipient_canonical.pcre