> On 23 Nov 2022, at 10:58 am, Juan Smitt Jr <juan.smitt...@proton.me> wrote:
>
> I'm just wondering, what's the risk in adding
> 'reject_unknown_recipient_domain'
> and 'reject_unverified_recipient' to the config.
That's generally the wrong question. You should be asking how to simplify
your configuration, not add bells and whistles for no clear purpose.
> Is that because of the packager just didn't want to add them or is there a
> good
> reason I can't figure out?
These restrictions only make (modest) sense on an outbound relay MTA when
internal
hosts are generating bounces to unreachable sender addresses, and you don't want
to accept and queue mail for unreachable external recipients. Otherwise, they
are not very useful. Perhaps another scenario (misconfiguration) is if you
relay mail for arbitrary subdomains of an internal domain (don't do that):
# Ideally empty, but for backwards compatible access(5) tables
# Allow dot-prefixless subdomain matching there.
#
parent_domain_matches_subdomains = smtpd_access_maps
# Do not list ".xyz.example" subtree wildcards.
#
relay_domains = foo.example, bar.example
--
Viktor.
