On Sun, Mar 10, 2024 at 09:49:14AM +0000, Julian Bradfield via Exim-users wrote:
> That would be a configuration problem for that site - not a reason to
> stop your users replying to perfectly valid addresses.
>
> > And by the way, by default Postfix still supports % and ! addresses:
> >
> > https://www.postfix.org/postconf.5.html#allow_percent_hack
> > https://www.postfix.org/postconf.5.html#swap_bangpath
>
> But it doesn't route them.
>
> https://www.postfix.org/postconf.5.html#allow_untrusted_routing
You missed an important qualifier "from untrusted clients", if the
forwarded messages is from a peer system listed in $mynetworks, then
the message will be (source) routed.
- The edge system adccepts <user%remote@internal>.
- The internal MTA does not restrict relaying by the edge system.
- The message is ultimately forwarded to <user@remote>.
This is why "allow_untrusted_routing" is set to no, Postfix does rely on
the internal (relay destination) system to not be an open relay for
messages it forwards.
And to detect that this could be an issue, the parsing of "%" and "!"
addresses as potential source routes needs to remain enabled.
I understood the topic under discussion to be enforcement of similar
rules in Exim. Apologies if I got the wrong end of the stick.
--
Viktor.
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
