Wietse:
Postfix looks for @, % or ! in the address localpart, for example,
user%not-your-domain@your-domain.
There is no special resolver.
I believe, this is what I wrote.
If Postfix finds any, like it would in user%not-your-domain@your-domain,
and "allow_untrusted_routing = yes" is configured, then Postfix
will forward the recipient user%not-your-domain@your-domain.
Where will Postfix forward to? In the case of
transport_maps = inline:{ your-domain=transport:nexthop }
, I would expect Postfix to invoke transport:nexthop. So if transport ==
discard, it shouldn't forward anywhere.
---
Viktor:
So one way in which untrusted routing could cause problems is
when:
* The destination "your-domain" also Postfix
Why "also"? In my scenario, there is only one Postfix I am in control
of, and this Postfix is responsible for "your-domain".
* It lists "your-domain" in $mydestination
In my scenario, it doesn't.
* It lists the sending Postfix server in $mynetworks,
or otherwise allows it to submit mail to remote
recipients.
In my scenario, it doesn't.
My advice is to redesign the system to avoid the need for messing around
with the untrusted routing safety net. If you need to turn that knob,
you're asking for trouble, and probably doing something wrong.
I want Postfix to accept email for your-domain, regardless of whether
the recipient local-part looks like an email-address (*). In both cases
(looks-like-email-address and does-not-look-like-email-address), Postfix
should invoke the same transport resolver mechanisms. If I explicitly
chose to forward *@your-domain towards transport:nexthop via
transport_maps, including user@not-your-domain@your-domain, then this is
OK by choice. If transport:nexthop then tries to forward to
user@not-your-domain, I define it to be transport:nexthop's fault.
If I can achieve above goal (*) without touching
allow_untrusted_routing, I'll do it, but how?