Open Relay testing based on recipient domain? Disable?

[email builder]

>>  I'm seeing this in my logs when mail is being delivered to a recipient 

> in a
>>  virtual domain (but not when delivering to the main domain of the
>>  machine):
>> 
>>  Open relay? Nonlocal recips but not originating: test at example.com
>>  (email address obscured)
>> 
>>  I understand that this can be caused by the originating flag not being set
>>  in a policy bank, but I *do* have it set.
> 
> Apparently you don't have it set, otherwise you would not get the
> 'Nonlocal recips but not originating' warning.

Hmm, then can you tell me what is wrong with this?

postfix/main.cf

content_filter = amavis:[127.0.0.1]:10024

postfix/master.cf

amavis    unix  -       -       n       -       10      smtp
        -o smtp_send_xforward_command=yes
        -o disable_dns_lookups=yes

amavis.conf

@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
                  10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );

$policy_bank{'MYNETS'} = {   # mail originating from @mynetworks
  originating => 1,  # is true in MYNETS by default, but let's make it explicit
  os_fingerprint_method => undef,  # don't query p0f for internal clients
};

Is amavis checking against who is handing off the mail (local postfix) or the real sending MTA?  It would make sense to do the latter, but in that case, how is it that the originating flag can override this at all?

>>  How can I stop amavis from doing this without having to add all my virtual
>>  domains to @local_domains_maps?
> 
> You can declare that any domain is local:
> 
    >   @local_domains_maps = ( 1 );
> 
> This way amavis will consider all mail to be either incoming (originating off)
> or internal-to-internal (originating on). No outbound mail.
> 
> Depends on whether you care or not, but this will disable bounce killer,
> penpals scoring, will be adding X-Spam-* AND Authentication-Results
> to outbound mail too, and affect logging and statistics (SNMP) counters.

With the exception of adding headers (I add x-virus-scanned to outgoing anyway - will this add something else?), I don't know what half these things are.  Where can I read about them?  As I only use amavis to pass messages through a virus scanner, I probably don't use these things(??).

>>  However, I don't care to maintain all my domains in the amavis
>>  configuration file.
> 
> You have the list of your domains already maintained somewhere
> for the sake of an MTA. You may be able to access the same data,
> perhaps through SQL or LDAP or an occasional fetch/update script.

Yes....  is there documentation somewhere on how to make @local_domains_maps a lookup instead of an array?

Again, thanks for the good software and all the hard work.