Wietse:
Postfix looks for @, % or ! in the address localpart, for example,
user%not-your-domain@your-domain.

There is no special resolver.
I believe, this is what I wrote.
If Postfix finds any, like it would in user%not-your-domain@your-domain,
and "allow_untrusted_routing = yes" is configured, then Postfix
will forward the recipient user%not-your-domain@your-domain.

Where will Postfix forward to? In the case of

transport_maps = inline:{ your-domain=transport:nexthop }

, I would expect Postfix to invoke transport:nexthop. So if transport == discard, it shouldn't forward anywhere.

---

Viktor:

So one way in which untrusted routing could cause problems is
when:

    * The destination "your-domain" also Postfix
Why "also"? In my scenario, there is only one Postfix I am in control of, and this Postfix is responsible for "your-domain".
    * It lists "your-domain" in $mydestination
In my scenario, it doesn't.
    * It lists the sending Postfix server in $mynetworks,
      or otherwise allows it to submit mail to remote
      recipients.
In my scenario, it doesn't.
My advice is to redesign the system to avoid the need for messing around
with the untrusted routing safety net.  If you need to turn that knob,
you're asking for trouble, and probably doing something wrong.
I want Postfix to accept email for your-domain, regardless of whether the recipient local-part looks like an email-address (*). In both cases (looks-like-email-address and does-not-look-like-email-address), Postfix should invoke the same transport resolver mechanisms. If I explicitly chose to forward *@your-domain towards transport:nexthop via transport_maps, including user@not-your-domain@your-domain, then this is OK by choice. If transport:nexthop then tries to forward to user@not-your-domain, I define it to be transport:nexthop's fault.

If I can achieve above goal (*) without touching allow_untrusted_routing, I'll do it, but how?

Reply via email to