Postfix Relay to or from the domain, but not to and from another domain

email-serverpostfix

I have a few postfix servers that I use to send email from webforms, I want to be able to send email from external domains to my domains, from my domains to my domains, and from my domains to external domains.

I do NOT want to be able to send from external domains to external domains.

mynetworks alone seems to make a full open-relay (from any to any), which I do NOT want.

internal domains = example.com,example.org
external domain = yahoo.com

From internal to any = Allow

Desired Result:

mail from: user@example.com < 2.1.0 OK
rcpt to: userA@example.com < 2.1.5 OK
rcpt to: userB@example.org < 2.1.5 OK
rcpt to: userC@yahoo.com < 2.1.5 OK

Actual Result:

rcpt to: userA@example.com < 2.1.5 OK
rcpt to: userB@example.org < 2.1.5 OK
rcpt to: userC@yahoo.com < 454 4.7.1 Relay Access Denied

From Any to Internal Only

Desired Result:

mail from: user@example.com < 2.1.0 OK
rcpt to: userA@example.com < 2.1.5 OK
rcpt to: userB@example.org < 2.1.5 OK
rcpt to: userC@yahoo.com < 454 4.7.1 Relay Access Denied

Actual Result:

mail from: userC@yahoo.com < 2.1.0 OK
rcpt to: userA@example.com < 2.1.5 OK
rcpt to: userB@example.org < 2.1.5 OK
rcpt to: userC@yahoo.com < 454 4.7.1 Relay Access Denied

Best Answer

As I was going though every scenario I figured it out!

/etc/postfix/main.cf

mynetworks = 127.0.0.0/8, 10.0.0.0/8
relay_domains = example.com, example.org
smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/sender_access,reject_unknown_sender_domain,reject_unknown_recipient_domain,permit
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access,check_recipient_access hash:/etc/postfix/sender_access,reject_unknown_sender_domain,reject_unknown_recipient_domain,reject

/etc/postfix/sender_access

example.com  OK
example.org  OK
Related Topic