> Hi guys, > > I still need to accept mail for the email addresses we host on our > machine from the net, so blocking port 25 or mynetworks as local host > would seem to prevent that. we still have users on the domain that > get mail to the address, except now we forward that mail to gmail > using the virtual table
Accepting email for your domain and setting mynetworks to local host still work. When my networks is set to remote addresses, you are given those remote addresses permission to relay through you. That's bad. The short course is that you need to setup postfix to accept email for your domain, then set my networks to be your local network (or loopback). When you do that, external email will still be allowed to flow to your server, and your server will accept that email, as it knows it is the endpoint. Once this is done any email coming across the internet to your box will be rejected if it's not the proper destination. Though you say your not an open relay, it still sounds like you are.
