Hi Viktor,
> These restrictions only make (modest) sense on an outbound relay MTA Yes, this is exactly the case. Tons of customers sending tons of emails to various addresses. Some are just entirely made up, some just contain typos. We are trying to fix this on different levels of the business (restricting the customers, etc. etc.) but one possible point is the relay server that sends out the emails at the end. So can we say that on a relay server such as ours it won't do any harm to enable these options? Cheers, jsjr Sent with Proton Mail secure email. ------- Original Message ------- On Wednesday, November 23rd, 2022 at 17:16, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote: > > On 23 Nov 2022, at 10:58 am, Juan Smitt Jr juan.smitt...@proton.me wrote: > > > > I'm just wondering, what's the risk in adding > > 'reject_unknown_recipient_domain' > > and 'reject_unverified_recipient' to the config. > > > That's generally the wrong question. You should be asking how to simplify > your configuration, not add bells and whistles for no clear purpose. > > > Is that because of the packager just didn't want to add them or is there a > > good > > reason I can't figure out? > > > These restrictions only make (modest) sense on an outbound relay MTA when > internal > hosts are generating bounces to unreachable sender addresses, and you don't > want > to accept and queue mail for unreachable external recipients. Otherwise, they > are not very useful. Perhaps another scenario (misconfiguration) is if you > relay mail for arbitrary subdomains of an internal domain (don't do that): > > # Ideally empty, but for backwards compatible access(5) tables > # Allow dot-prefixless subdomain matching there. > # > parent_domain_matches_subdomains = smtpd_access_maps > > # Do not list ".xyz.example" subtree wildcards. > # > relay_domains = foo.example, bar.example > > -- > Viktor.
