postfix is configured as relay server. Other systems relay with postfix. Here i want to allow for a specific group of hosts, when they use a specific mail from address only a few specific destination domains. Other hosts should not be bothered. This is only a need to limit a group of hosts to not accidentally send out mails to other domains.
Restriction classes get very confusing with 3 or more criteria. Take a look at the policy delegation protocol at http://www.postfix.org/SMTPD_POLICY_README.html or use a service like postfwd (http://postfwd.org). In your case you would create a rule like
id=ALLOW01 client_address = 192.168.1.0/24 sender==foo@bar.local recipient_domain==somewhere.remote action=permit id=REJECT01 client_address = 192.168.1.0/24 action=REJECT not allowed
