mouss wrote: > Bob Proulx wrote: > >I don't think that any of those should match and therefore is safe by > >default. > > the trouble comes from the default (compatibility) value of > relay_domains and relay_recipient_maps. For this reason, it is > recommended to set > parent_domain_matches_subdomains = > This parameter is deprecated and setting it to an empty value is now > recommended.
But the default values for those are: relay_domains = $mydestination relay_recipient_maps = Again, both of those should be safe enough. Of course those come into play when configuring virtual host domains and mx relays. Certainly at the point that someone sets that up then they would need specific configuration along with it. But by default it looks okay to me. > It is also recommended to set relay_domains explictely. and if you have > the list of relay recipients, set relay_recipient_maps. otherwise, use > reject_unverified_recipient in access checks (only for relay domains, > not for every domain). Unfortunately this is probably about as much drift off-topic onto mta configuration that we should have on this list. But thanks for the hints anyway. It gives me a trail to follow. Bob
