If you all would be so kind, I need a "pointer" in the general direction. I think I'm on the right track, but here's the situation.
I have a Postfix server that performs SMTP relay services ONLY. It relays for about six domain names. Final delivery of these six domains is handled by three SMTP servers behind our firewall. I want to prevent Internet based SMTP servers from forging messages to my users from addresses set to be one our domains. In otherwords, the ONLY sending server that should EVER send messages from mydomain.com is 1.2.3.4 (or perhaps 1.2.3.0/24). I want to prevent any other host from sending a message having an envelope sender other than 1.2.3.0/24. However, I NEED for 1.2.3.4 to be able to send messages from all other envelope senders. This particular internal host in question is a IBM Mainframe and I'm afraid I'm not terribly knowledgeable on its SMTP server at the moment. I was able to get this working by using restriction classes, but it had the unfortunate side effect of blocking mail forwarded from our internal SMTP servers (particularly the mainframe) which preserve the envelope sender of outside SMTP addresses. The vast majority of our users forward their mail to external accounts and all of the forwarded messages have an envelope sender of the original sender (of course). I need for our internal servers to be able to send messages with ANY envelope sender to the relay, but I need for the relay to block messages from unauthorized external servers trying to forge our domain names in SMTP addresses. I had a brief look over the backscatter HOWTO, and it seemed like it might help in this problem, but I think the solution is via proper manipulation/configuration of restriction classes, but you all have been good at steering me in the right direction and any advice you can give me is greatly appreciated. Thanks in advance. ... Kev