On Tue, Oct 25, 2022 at 05:23:31PM +0200, Damian wrote:
> > My advice is to redesign the system to avoid the need for messing around
> > with the untrusted routing safety net. If you need to turn that knob,
> > you're asking for trouble, and probably doing something wrong.
>
> I want Postfix to accept email for your-domain, regardless of whether
> the recipient local-part looks like an email-address (*).
My advice is to let go of that goal, however lofty it might be.
> In both cases (looks-like-email-address and
> does-not-look-like-email-address), Postfix should invoke the same
> transport resolver mechanisms. If I explicitly chose to forward
> *@your-domain towards transport:nexthop via transport_maps, including
> user@not-your-domain@your-domain, then this is OK by choice. If
> transport:nexthop then tries to forward to
> user@not-your-domain, I define it to be transport:nexthop's fault.
>
> If I can achieve above goal (*) without touching
> allow_untrusted_routing, I'll do it, but how?
You'll ideally let go of the goal, but if not, you'll need to allow
untrusted routing, and regulardly test carefully to make sure that it
does not create open relay leaks. If you ever hand off the system in
question to someone else to manage, they will not be happy with such a
choice.
--
Viktor.