Damian:
> I am trying to understand "allow_untrusted_routing = yes" and the
> circumstances where it is (un)safe. The documentation mentions an open
> relay loophole in the context of backup MXes. Is untrusted routing safe,
> if Postfix has no explicit *_mx_* configuration?
This is about email addresses that contain @, % or ! in their
localpart. For example, user%not-your-domain@your-domain.
Whether allowing such charcters is safe depends on the MTA that
Postfix is forwarding such email to.
By default, Postfix asumes that the MTA will forward the email to
user@not-your-domain, as some Sendmail configurations did long ago.
Wietse