Proposal from Andrzej Filip:
Alternatively: This example ruleset restricts local users from sending mail to external recipients. It uses class w to detect local senders/recipients. Attention: this protection is only based on the address information given in the envelope of the e-mail which can be easily forged.
List those aliases (which are local) in a file:
LOCAL_CONFIG F{Internal}/etc/mail/intern.onlyThen the rules work like this:
LOCAL_RULESETS SLocal_check_rcpt # get sender address and canonify it R$* $: $1 $| $>3 $&f R$* $| <> $@ OK <> is always ok R$* $| $={Internal} <@$=w.> $: $1 luser@local.host? R$* $| $={Internal} $: $1 luser? R$* $| $* $@ OK someone else R$* $: $>3 $1 check recipient R$+<@$=w.> $@ OK local? ok R$+<@$+> $#error $@ 5.1.8 $: "551 sorry luser your boss does not like you"
Before 8.9, you have to use Scheck_rcpt instead of SLocal_check_rcpt.
The ruleset works like this:
If you want to use several SLocal_check_rcpt rulesets, see Combining Rulesets.