Viktor Dukhovni:
> > # /etc/postfix/sender_canonical.regexp (excerpt)
> > # rewrite all addresses to any variant of (*.|)mydomain.com(|.*) to
> > realuser+user%internal_f...@mydomain.com
> > /^(.*)@(.+\.mydomain\.com(\.[^\.]*)?)$/
> > realuser+${1}%${2}@mydomain.com
>
> Boldly claiming your domain in all current and future TLDs. That
> may be reasonable, however, user%example....@example.com is not
> a good SPF rewriting strategy. You need a proper SPF/SRS rewrite
> content filter or milter.
In particular, you MUST sign the return address with a secret key,
otherwise your server becomes an exploitable open relay.
That is besides the problems with using '%' as hinted at by Viktor.
Wietse
