> On Jan 9, 2018, at 7:30 AM, Stuart Archer <s...@nashs.net> wrote:
>
> I had assumed this would be a built in function to Postfix but sounds like
> anything will be a hack of sorts. will take a look at postfwd. thanks for the
> help.
Wietse's answer is correct and sufficient. Put the machines that
can send to everyone in "mynetworks". Exclude the rest. Then
add any destination domains or addresses that everyone can send
to in a recipient access table before "reject_unauth_destination".
indexed = ${default_database_type}:${config_directory}/
smtpd_relay_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
check_recipient_access ${indexed}global-recipients,
reject_unauth_destination
The global-recipients table can just be:
some-addr...@example.com OK
if your MTA port 25 is not reachable via the public Internet, or
else can be:
some-addr...@example.com allow-internal
where "allow-internal" is a suitable "restriction class" that
permits more machines from your network than does "mynetworks".
See RESTRICTION_CLASS_README and cidr_table(5).
--
Viktor.
