On Tue, Oct 25, 2022 at 09:03:34AM -0400, Wietse Venema wrote:
> > I interpret your answer such that <"[email protected]"@mydomain.tld> does
> > not invoke some special trivial-rewrite resolve algorithm that is
> > dedicated to the case in which the local-part looks like an email
> > address. For example, there is no reason to assume that Postfix would
> > perform an MX lookup for third.tld and deliver there itself. Is this
> > correct?
>
> It is not correct at all.
>
> Postfix looks for @, % or ! in the address localpart, for example,
> user%not-your-domain@your-domain.
>
> There is no special resolver.
>
> If Postfix finds any, like it would in user%not-your-domain@your-domain,
> and "allow_untrusted_routing = yes" is configured, then Postfix
> will forward the recipient user%not-your-domain@your-domain.
>
> There is no MX lookup for user@not-your-domain.
However, if "your-domain" is listed in $mydestination, then
trivial-rewrite will transform "user%remote-domain@your-domain"
to "user@remote-domain" for purposes of determining the address
class and as a preliminary rewrite before cleanup performs its
various generally table-based rewrites.
So one way in which untrusted routing could cause problems is
when:
* The destination "your-domain" also Postfix
* It lists "your-domain" in $mydestination
* It lists the sending Postfix server in $mynetworks,
or otherwise allows it to submit mail to remote
recipients.
My advice is to redesign the system to avoid the need for messing around
with the untrusted routing safety net. If you need to turn that knob,
you're asking for trouble, and probably doing something wrong.
--
VIktor.