Damian:
> > Damian:
> >> I am trying to understand "allow_untrusted_routing = yes" and the
> >> circumstances where it is (un)safe. The documentation mentions an open
> >> relay loophole in the context of backup MXes. Is untrusted routing safe,
> >> if Postfix has no explicit *_mx_* configuration?
> > This is about email addresses that contain @, % or ! in their
> > localpart. For example, user%not-your-domain@your-domain.
> >
> > WHETHER ALLOWING SUCH CHARCTERS IS SAFE DEPENDS ON THE MTA THAT
> > POSTFIX IS FORWARDING SUCH EMAIL TO.
> >
> > BY DEFAULT, POSTFIX ASUMES THAT THE MTA WILL FORWARD THE EMAIL TO
> > USER@NOT-YOUR-DOMAIN, AS SOME SENDMAIL CONFIGURATIONS DID LONG AGO.
> 
> I interpret your answer such that <"[email protected]"@mydomain.tld> does 
> not invoke some special trivial-rewrite resolve algorithm that is 
> dedicated to the case in which the local-part looks like an email 
> address. For example, there is no reason to assume that Postfix would 
> perform an MX lookup for third.tld and deliver there itself. Is this 
> correct?

It is not correct at all.

Postfix looks for @, % or ! in the address localpart, for example,
user%not-your-domain@your-domain.

There is no special resolver.

If Postfix finds any, like it would in user%not-your-domain@your-domain,
and "allow_untrusted_routing = yes" is configured, then Postfix
will forward the recipient user%not-your-domain@your-domain.

There is no MX lookup for user@not-your-domain.

        Wietse

Reply via email to