Re: Nullclient with root aliased and user accounts masqueraded...

Robert Nickel wrote:
> I don't insist on it, it's just an artifact of the services running on the
> system.  I have been reading the docs on myorigin and just about everything
> else I can.  I would not dream of bothering the list if I hadn't.
>
> A note of the scale of the problem.  I have thousands of machines spread over
> two separate domain names (the foo.com and bar.com above).  One domain
> (bar.com above) has valid email addresses user <at> bar.com for all of the users
> that would be using the system (save service accounts).
>
> I want alias maps to work so that the service accounts created by packages
> will actually forward to the correct email account (usually root).  I want
> root email to be subject to local alias expansion as well so that the alias
> file can forward the mail to the appropriate person.
>   

if you want to use alias_maps, then you must make the mail go via local. 
if you only want this for root for example, just use a virtual alias:

root <at> example.com      root <at> localhost.example.com

where localhost.example.com is delivered via local (which is the case if 
it is listed in mydestination).
> The core issue is that different users on different machines running cron
> jobs.  If the user (robert in the example above) has a cron job without
> setting MAILTO (or forgets to redirect stderr to stdout), cron will send email
> to the unqualified address robert.  I would like this email to forward to
> robert <at> bar.com without having to enumerate all of the users in my domain on
> each machine. 
>   
and how would you deliver mail for robert <at> example.com if you don't 
enumerate your users?

anyway, you can rely on myorigin to qualify the address (but this will 
not make an address valid if it is unlisted).
> If I use nullclient as defined in the Standar Configs document, these emails
> are dropped or masqueraded to a domain other than the sending machines fqdn.
> Yes, I can read mail headers and see where the mail came from but I honestly
> don't want to have to teach hundreds of people how to do so.  This is
> undesirable because it will mask configuration issues that the user in
> question should repair or send email that will be useless to the user. [0]
>
> If I setup a basic listener on loopback, these emails are delivered to the
> local mail spool.  This is undesirable because the user then has to go ferret
> the email off of the system.  See scale note above.
>
> Setting myorigin will force all the headers to be @$myorigin instead of
> @$myhostname which won't allow for real diagnosis of where the mail came from.
>
> I hope that clears it up some.  If not, can you tell me what's missing?
>   

If I understand you, you want per client rewrite. but this is not simple 
to do.

you can however set myorigin on each client machine so that it uses its 
own qualified addresses. I mean, on each client machine, set
myorigin = $myhostname

then the client machine will use foo <at> host.example.com before contacting 
the mail server.
> --Robert
>
> [0] To further complicate this issue, this email frequently gets delivered to
> a mail system that strips mail headers out of the mail, effectively masking
> the origin even further.
>