I'm trying to get the following to work:
We have a postfix relay on the edge of our network, accepting all mail from our internal LAN & DMZ. What we are trying to get to work is limiting the maildomains a specific subnet (test & dev) can send mail to. Basically, this:
production-subnet -> relay:25 -> outbound mail all domains = OK
test-subnet -> relay:25 -> outbound mail all domains = NOK
test-subnet -> relay:25 -> outbound mail to allowed domain = OK
I've tried check_send_access maps, but they can only allow or disallow mail from a sender, and can't filter based on recipient domain. In an ideal world where developers check their output, this wouldn't be necessary at all, but we've had a few occasions where dev was copied from production and suddenly people got rogue-mailed by the dev-environment and we want to stop that from happening again whilst still retaining the ability to be able to send mail to our own domain (for cronmail, et al)
I have toyed with the idea of setting up a second relay specific for this purpose, but due to a large (mostly unmanaged by ansible) environment, that would be significantly more work to get this to work, which is why I would prefer to do it on the existing relay on the standard smtp port.
