On Mon, Mar 01, 2021 at 11:14:57AM +0100, Jaap Gordijn wrote: > relayhost = aaa.bbb.ccc:25 > virtual_mailbox_domains = xxx.yyy.zzz > virtual_transport = lmtp:unix:private/dovecot-lmtp > > I would like to achieve the following > - mail of all subnets in my LAN is relayed if nesessary (so not for the > virtual domain). To accomplish this, I have listed all my subnets under > mynetworks. This works > - restrict the delivery of a particular subnet, 192.168.80.0/24 only to the > virtual domain so forbid further relay via the relayhost > > How to accomplish this? I can not remove the 192.168.80.0/24 from mynetworks > because then the email is not delivered to the virtual domain too.
Postfix *by default* allows delivery to your domains from any source, *without* listing that source in mynetworks. # This denies access to send outbound mail to remote domains # unless the client is in mynetworks. # It does not deny inbound mail to your own domains! # smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, # # The default setting is a cautious "defer_unauth_destination", # but a production configuration should promptly change this to # the below: # reject_unauth_destionation If not listing a subnet in mynetworks blocks delivery to a domain listed in any of: - mydestination - virtual_alias_doamins - virtual_mailbox_domains - relay_domains then you have a configuration error. -- Viktor.