Postfix block internal communications

Question

I'd like to know how to block my users to send mail to each other but give them chance to send and receive external mail.

john@localdomain.com <---> julie@localdomain.com REJECT

john@localdomain.com <---> tom@gmail.com OK

julie@localdomain.com <---> tom@gmail.com OK

I've already tried to configure access restrictions rules like

    /etc/postfix/main.cf:
    smtpd_recipient_restrictions =
        ...
        check_recipient_access hash:/etc/postfix/protected_destinations
        ...the usual stuff...

    smtpd_restriction_classes = insiders_only
    insiders_only = check_sender_access hash:/etc/postfix/insiders, reject

/etc/postfix/protected_destinations:
    all@my.domain   insiders_only
    all@my.hostname insiders_only

/etc/postfix/insiders:
    my.domain       OK  matches my.domain and subdomains
    another.domain  OK  matches another.domain and subdomains

But that didn't help cause local sender blocked before local recipient checked and local recipient blocked before external one checked.

Answer 1

The configuration above (apparently from this page) is used to allow internal-only communication and block the email from outside to internal.

For your case, you need to modify it

# /etc/postfix/main.cf:
smtpd_recipient_restrictions =
    ...
    check_recipient_access hash:/etc/postfix/protected_destinations
    ...the usual stuff...

smtpd_restriction_classes = reject_insiders
reject_insiders = check_sender_access hash:/etc/postfix/insiders, permit

# /etc/postfix/protected_destinations:
localdomain1.example.com   reject_insiders
localdomain2.example.com   reject_insiders

# /etc/postfix/insiders:
localdomain1.example.com   REJECT local email isn't allowed
localdomain2.example.com   REJECT local email isn't allowed