Wietse:
There. And to repeat myself, it depends on the destination
MTA how it delvers user%not-your-domain@your-domain.
Viktor:
You'll ideally let go of the goal, but if not, you'll need to allow
untrusted routing, and regularly test carefully to make sure that it
does not create open relay leaks. If you ever hand off the system in
question to someone else to manage, they will not be happy with such a
choice.
Is such assessment justifiable without knowing the purpose of the system? Wietse's answer suggests that a "leak test" can be
trivial: Don't let any transport:nexthop point towards an MTA. So this should be safe:
mydestination =
relay_domains = inline:{your-domain=1}
transport_maps = static:discard
But no, one has to allow untrusted routing.
