My postfix setup (running in the cloud) successfully prevents relaying, requiring authentication to send to a non-local domain.
However, spammers are sending to user@mydomain.com from someotheruser@mydomain.com and since the destination is on @mydomain.com the message is accepted. (They are sending fake emails to my users from administrator@mydomain.com).
Is there a way to force authentication if both source and destination are on mydomain?
Please note this is NOT a generic question about spam, it is Postfix specific in regards to requiring authentication, forcing Postfix to require authentication in the case that the FROM and TO fields are on the same domain, the local domain.