Hi Sidney,
You write:
If you don't specify a "for ..." clause at all, then the default is "for
local", according to the man
page of smtpd.conf.
Indeed I now see the "this is the default, and may be omitted" wording in
the man page. To me (as an opensmtpd newbie) this is super easy to miss;
the general description of the "match" clause suggests that the options are
essentially predicates that are ANDed. the fact that the absence of a
predicate can cause a non-match (due them them being implicitly present
with a default, but invisible) is a bit of a footgun, I think.
I agree with you that this is a bit confusing.
But from a security perspective, I think that "local" is a saner default
than "any", because in this way it's much harder to accidentally create
an open relay. Accepting mail for any domain is less common than
accepting mail only for specific domains, so if one really wants to
accept mail for *every* domain in the world, its IMHO safer if this
needs to be explicitly specified in the configuration file. As others
have already suggested, also in your case it would probably be better to
explicitly specify the domains served by your mail server in the
configuration file instead of using "for any" (why should you accept
mails for e.g. @outlook.com on your mail server?).
Best regards,
Matthias
