Thanks Viktor. Ok. I had to read this about ten times but see what you are saying :)
Can i use a wildcard in global-recipients ? Stu On 09/01/2018 14:34, Viktor Dukhovni wrote:
On Jan 9, 2018, at 7:30 AM, Stuart Archer <s...@nashs.net> wrote: I had assumed this would be a built in function to Postfix but sounds like anything will be a hack of sorts. will take a look at postfwd. thanks for the help.Wietse's answer is correct and sufficient. Put the machines that can send to everyone in "mynetworks". Exclude the rest. Then add any destination domains or addresses that everyone can send to in a recipient access table before "reject_unauth_destination". indexed = ${default_database_type}:${config_directory}/ smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access ${indexed}global-recipients, reject_unauth_destination The global-recipients table can just be: some-addr...@example.com OK if your MTA port 25 is not reachable via the public Internet, or else can be: some-addr...@example.com allow-internal where "allow-internal" is a suitable "restriction class" that permits more machines from your network than does "mynetworks". See RESTRICTION_CLASS_README and cidr_table(5).
