Question about recipient canonical rewrite and smtp recipient restrictions

4 msg	Rewriting To: field for outbound messages
13 msg	My server send e-mails that are considered SPAM
6 msg	Web Based Front End - Update
2 msg	mailman subdomain not recognized by some mail s...
14 msg	Trying to feed an script with an email
5 msg	Q: smtpd_recipient_restrictions w/reject_unlist...

Question about recipient canonical rewrite and ...
\ Ray Edwards ZREDWARD (28 Mar 2008)
. \ mouss (28 Mar 2008)

3 msg	QQ regarding server performance impact when doi...
1 msg	Re: qshape and greylisting
4 msg	Address Verification Question
8 msg	Distributed mailbombing on one address
2 msg	Trouble with postmaster alias
5 msg	Parent domains confusion?
2 msg	Anti-virus scanning with Postfix & Mac OS X
2 msg	Folder Structure help
8 msg	qmgr_active_corrupt
3 msg	retiring a mail server
2 msg	SMTP verification
9 msg	Multiple IPs
2 msg	Controlling out going messages

Subject:	Question about recipient canonical rewrite and smtp recipient restrictions
Group:	Postfix-users
From:	Ray Edwards ZREDWARD
Date:	28 Mar 2008

Hi,

I need some help please with an issue I found while working on
implementing recipient validation.

We have some old domains and a test domain that we still use. I rewrite
the recipient address for these domains using a canonical map. That seems
to work fine. When I was testing recipient validation, I discovered that
email that is addressed to these domains bypass my recipient table
look-up. My thinking was that postfix would rewrite the recipient address
per the canonical table and then check the recipient access table using
the rewritten address. It appears that it doesn't check at all, as any
address that I use for these rewritten domains passes through.

How can validate the addresses for these domain names that are rewritten?

My recipient canonical map and postconf -n output is below

============ recipient canonical map ==================

@office.uncg.edu @uncg.edu
@uncg.net @lotus.uncg.net

=============== postconf -n
===================================================

alias_database = dbm:/opt/pmx/postfix/etc/aliases
alias_maps = dbm:/opt/pmx/postfix/etc/aliases
bounce_queue_lifetime = 2d
command_directory = /opt/pmx/postfix/sbin
config_directory = /opt/pmx/postfix/etc
content_filter = pmx:127.0.0.1:10025
daemon_directory = /opt/pmx/postfix/libexec
debug_peer_level = 2
html_directory = no
local_recipient_maps = dbm:/opt/pmx/postfix/etc/local_recipient_map
mail_owner = postfix
mailbox_size_limit = 102400000
mailq_path = /opt/pmx/postfix/bin/mailq
manpage_directory = /opt/pmx/postfix/man
maximal_queue_lifetime = 2d
message_size_limit = 102400000
mydestination = tstpmx1.uncg.edu, uncg.edu, lists.uncg.edu,
uncg.net, office.uncg.edu, uncg.info,
spartan.uncg.edu, dcl.uncg.edu, lotus.uncg.net
myhostname = tstpmx1.uncg.edu
mynetworks = 127.0.0.0/8, 152.13.0.0/16, 10.0.14.10
myorigin = $mydomain
newaliases_path = /opt/pmx/postfix/bin/newaliases
queue_directory = /opt/pmx/postfix/var/spool/mqueue
readme_directory = /opt/pmx/postfix/doc
recipient_canonical_maps =
dbm:/opt/pmx/postfix/etc/recipient-canonical-map
recipient_delimiter = +
relay_domains =
relayhost =
sample_directory = /opt/pmx/postfix/doc/samples
sender_bcc_maps = dbm:/opt/pmx/postfix/etc/sender_bcc
sendmail_path = /opt/pmx/postfix/sbin/sendmail
setgid_group = postdrop
smtpd_client_connection_count_limit = 25
smtpd_client_connection_rate_limit = 30
smtpd_client_event_limit_exceptions = $mynetworks,216.57.200.38
smtpd_client_restrictions = ignore_policy_error,check_policy_service
inet:localhost:4466
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_recipient_restrictions = reject_invalid_hostname,
reject_unknown_recipient_domain, reject_unauth_destination,
check_helo_access dbm:/opt/pmx/postfix/etc/helo_restrictions,
check_recipient_access dbm:/opt/pmx/postfix/etc/local_recipient_map
transport_maps = dbm:/opt/pmx/postfix/etc/transport
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 550