mouss wrote:
> Bob Proulx wrote:
> >I don't think that any of those should match and therefore is safe by
> >default.

> the trouble comes from the default (compatibility) value of
> relay_domains and relay_recipient_maps. For this reason, it is
> recommended to set
> parent_domain_matches_subdomains =
> This parameter is deprecated and setting it to an empty value is now
> recommended.

But the default values for those are:

relay_domains = $mydestination
relay_recipient_maps =

Again, both of those should be safe enough. Of course those come into
play when configuring virtual host domains and mx relays. Certainly
at the point that someone sets that up then they would need specific
configuration along with it. But by default it looks okay to me.

> It is also recommended to set relay_domains explictely. and if you have
> the list of relay recipients, set relay_recipient_maps. otherwise, use
> reject_unverified_recipient in access checks (only for relay domains,
> not for every domain).

Unfortunately this is probably about as much drift off-topic onto mta
configuration that we should have on this list.
But thanks for the hints anyway. It gives me a trail to follow.