Thanks for that information! It pointed me to the right direction. Yes, I was using "accounts" and "addresses" interchangeably because I wanted to be able to control both. In other words, there are both actual accounts (virtual and UNIX) and addresses (aliases) that either need to be accessible publicly, or restricted to internal/mynetworks use only.
I added restriction classes to main.cf: smtpd_restriction_classes = internal, public internal = permit_mynetworks, reject public = permit Then included a lookup as a part of the smtpd_recipient_restrictions: smtpd_recipient_restrictions = reject_non_fqdn_recipient reject_unknown_recipient_domain permit_sasl_authenticated check_recipient_access pcre:$config_directory/tables/protected_destinations.pcre reject_unlisted_recipient reject_unauth_destination And finally created a pcre lookup table: if !/^(someaddress|someaccount|someotheraccount)@mydomain\.com$/ /^/ internal endif -- Because there are really just handful of addresses/accounts that should be publicly accessible it was easier to blanket all others as "internal". Ville
