Use $virtual_alias_domains not $virtual_mailbox_domains.

Quoting postconf(5):

    smtpd_reject_unlisted_recipient (default: yes)
        Request that the Postfix SMTP server rejects mail for unknown recipient
        addresses, even when no explicit reject_unlisted_recipient access
        restriction is specified. This prevents the Postfix queue from filling
        up with undeliverable MAILER-DAEMON messages.

        An address is always considered "known" when it matches a virtual(5)
        alias or a canonical(5) mapping.
        […]
        * The recipient domain matches $virtual_alias_domains but the recipient
          is not listed in $virtual_alias_maps.
        * The recipient domain matches $virtual_mailbox_domains but the
          recipient is not listed in $virtual_mailbox_maps, and
          $virtual_mailbox_maps is not null.

Since we alias everything under special, "invalid", domains (mda.f.o and
mailman.f.o), our $virtual_mailbox_maps was null, which led to
reject_unlisted_recipient not being triggered for say, "noone@fripost.org".
However, replacing $virtual_mailbox_domains with $virtual_alias_domains fits
into the second point above.

1 files changed, 10 insertions, 0 deletions

diff --git a/roles/MX/templates/etc/postfix/virtual/domains.cf.j2 b/roles/MX/templates/etc/postfix/virtual/domains.cf.j2
new file mode 100644
index 0000000..1cb8add
--- /dev/null
+++ b/roles/MX/templates/etc/postfix/virtual/domains.cf.j2
@@ -0,0 +1,10 @@
+server_host      = ldapi://%2Fprivate%2Fldapi/
+version          = 3
+search_base      = ou=virtual,dc=fripost,dc=org
+scope            = one
+bind             = yes
+bind_dn          = cn=postfix,ou=services,dc=fripost,dc=org
+bind_pw          = FIXME
+query_filter     = (&(objectClass=FripostVirtualDomain)(!(objectClass=FripostPendingEntry))(fvd=%s)(fripostIsStatusActive=TRUE))
+result_attribute = fvd
+result_format    = OK