Hi Wietse, I just got around to testing these parameters this evening. They work as you suggested but I'm concerned about the potential security implications. So I'll do some more research in this area and see whether this is still worth pursuing further.
Thanks for your help, Paul On Wed, Mar 24, 2021 at 2:21 PM Wietse Venema <wie...@porcupine.org> wrote: > Paul Fowler: > > Thanks Wietse, > > I've been reading up and I'll start testing with the parameter > > allow_untrusted_routing and I'll let you know how I get on. > > You will need both of these: > > allow_untrusted_routing = no > swap_bangpath = no > > Wietse > > > On Wed, Mar 24, 2021 at 12:44 PM Wietse Venema <wie...@porcupine.org> > wrote: > > > > > Paul Fowler: > > > > Hi Jaroslaw, > > > > > > > > Yes I think your correct. > > > > > > > > Just some further into, if I add the sender's IP to mynetworks then > it > > > will > > > > accept the email with a special character "!" in the local part. > > > > So it seems postfix can accept special characters, I'm just not sure > how > > > to > > > > allow this for every sender. > > > > > > allow_untrusted_routing (default: no) > > > Forward mail with sender-specified routing > > > (user[@%!]remote[@%!]site) > > > from untrusted clients to destinations matching $relay_domains. > > > > > > By default, this feature is turned off. This closes a nasty > open > > > relay > > > loophole where a backup MX host can be tricked into > forwarding > > > junk > > > mail to a primary MX host which then spams it out to the world. > > > > > > This parameter also controls if non-local addresses with > > > sender-speci- > > > fied routing can match Postfix access tables. By > default, > > > such > > > addresses cannot match Postfix access tables, because the > > > address is > > > ambiguous. > > > > > > Wietse > > > >
