I have a postfix service configured on a linux server to successfully send/receive email, with SPF/DKIM/DMARC all working, however I don't want email kept on the server. Instead I would like email addressed to any local account (e.g. root@domain.com, daemon@domain.com) whether it is generated locally by something like cron, or whether it is received externally (e.g. by someone replying to a locally generated email from a system account), to be routed to one or more external addresses - someuser1@gmail.com, someuser2@gmail.com. This is complicated by not wanting a catchall - I have to continue to reject mail received for invalid local addresses (e.g. sales@domain.com).
regexp alias_maps of /.+/ and luser_relay don't achieve the outcome, as they forward on emails addressed to non-existent accounts. I still need to verify local_recipient_maps via proxy:unix:passwd.byname to determine it is a local account and bounce if it is not, but at that point, I'm struggling to figure out how to tell postfix to just send to a fixed external address. I suspect the answer lies in master.cf but haven't been able to find a way to do it. Any help/advice appreciated.
Update #1
I currently have it doing what I need by replacing the "local" entry in /etc/postfix/master.cf with the following:
local unix - n n - - pipe
flags=R user=nobody argv=/usr/sbin/sendmail externaluser@someserver.com
however this feels like an inelegant hack as it leaves and then re-enters the mail system. I know using "nobody" as the account is flawed, and if I stick with this I'll create a custom "owns no files" account for it, but I'm hoping there's a postfix expert out there with a more efficient solution.
Anything that requires maintaining a duplicate list of local users (e.g. maintaining a shadow of all accounts in /etc/passwd in the /etc/aliases file) isn't going to be acceptable as it duplicates data and requires an ongoing maintenance activity to resync the list whenever operating system accounts are added/deleted.
