Actually, I truncated the secondary restrictions list, and forget to add
the "...". The original list (wrapped for readability) for the
secondary is:
reject_unlisted_recipient,permit_mynetworks,
reject_unauth_destination,
reject_unauth_pipelining,
reject_multi_recipient_bounce,
reject_non_fqdn_recipient,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unlisted_sender,
reject_unverified_recipient,
reject_unverified_sender,
permit
Although I may drop a couple of them, like "reject_unverified_sender".
As for your idea to reject all wrong domains via a hash table, Great
Minds Think Alike. I has already decided to do that after reading the
comments on trivial rewrite. I don't need to reject the secondaries off
the primary, though, it's harmless if someone disobeys the MX records.
The rejecting primaries off the secondary is needed to prevent skipping
security checks the secondary will omit for the selected domains if MX
records are disobeyed.
