I have a postfix server configured to relay for either mynetworks or sasl_authenticated clients. I would like to limit a sasl_autenticated client to send to a single domain. It looks like I might be able to do this with restriction classes, but I am not sure how this would be applied to relay restrictions. https://www.postfix.org/RESTRICTION_CLASS_README.html
Here is what I currently have in place. This allows only authenticated and mynetworks to relay. Ideally I want the authenticated user to be restricted to just a single relay domain and not be able to send to gmail etc.
smtp_tls_security_level = encrypt
smtp_tls_note_starttls_offer = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject
