I'd like to disable any mail from 'my.domain' from external networks
Do you mean this literally? Stopping me from sending an email using my
mail server that claims to be from 'your.domain'?
You can't, you can only publish SPF records and hope the receiving mail
server of the spoofed email rejects it based on those records.
Or do you mean just preventing users on your mail server from sending a
spoofed from address? In that case reject_sender_login_mismatch does
this completely on its own.
But this setting works for existing addresses only. That means that
mail from:
qwertyuiop1234567890@my.domain still won't be rejected here.
Unless i misunderstand what you mean, this is not true.
reject_sender_login_mismatch can be setup to only allow emails being
sent out where the from, not just the envelope-from, has to match the
users login credentials. Meaning no email can be sent that doesn't have
a user/password associated with it.
