The "Allow untrusted routing" option controls if Postfix will forward mail with sender-specified routing (user[@%!]remote[@%!]site) from untrusted clients to destinations that are blessed by the relay_domains parameter.
By default, untrusted clients are not allowed to specify routing. This closes a nasty open relay loophole where a backup MX host can be tricked into forwarding junk mail to a primary MX host which then spams it out to the world. This option sets the "allow_untrusted_routing" postfix variable.
The "Maps rbls domains" option specifies an optional list of DNS domains that publish the network addresses of blacklisted hosts.
By default, RBL blacklist lookups are disabled. See the smtpd_client_restrictions parameter.
The real-time blackhole list works as follows: reverse the client network address, and reject service if it is listed below any of the following domains. This option sets the "maps_rbl_domains" postfix variable.
The "Relay domains" option restricts what client hostname domains (and subdomains thereof) this mail system will relay mail from, and restricts what destination domains (and subdomains thereof) this system will relay mail to.
By default, Postfix relays mail - from trusted clients whose IP address matches "Networks", - from trusted clients matching $relay_domains or subdomains thereof, - from untrusted clients to destinations that match "Relay domains" or subdomains thereof, except addresses with sender-specified routing. The default "Relay domains" value is $mydestination.
In addition to the above, the Postfix SMTP server by default accepts mail that Postfix is final destination for: - destinations that match "Network Interface", - destinations that match "Destination" - destinations that match "Virtual maps". These destinations do not need to be listed in "Relay domains option.
Specify a list of hosts or domains, /file/name patterns or type:name lookup tables, separated by commas and/or whitespace. A file name is replaced by its contents; a type:name table is matched when a (parent) domain appears as lookup key. This option sets the "relay_domains" postfix variable.
NOTE: Postfix will not automatically forward mail for domains that list this system as their primary or backup MX host. See the "permit mx backup" restriction, in the description of the "Smtpd recipient restrictions" option.
The "Relay host" option specifies the default host to send mail to when no entry is matched in the optional transport(5) table. When no relayhost is given, mail is routed directly to the destination.
On an intranet, specify the organizational domain name. If your internal DNS uses no MX records, specify the name of the intranet gateway host instead.
Specify a domain, host, host:port, [address] or [address:port]. Use the form [destination] to turn off MX lookups. See also the default_transport parameter if you're connected via UUCP. This option sets the "relayhost" postfix variable.