Michael Blessenohl:
> The security issue is, as far as I understand, that a backup MX uses an
> @ in the local part for internal purposes. Which, in theory, can be
> exploited to use the server as open relay. As long as I don't use a
> backup MX, I don't have an open relay and everything is fine, isn't it?
Come on, don't be so naive. The backup MX scenario is an EXAMPLE
of how @ in local-part can result in trouble. The same problem may
happen in ANY piece of software that decisions based on the content
of an email address.
Wietse
