Micolas Kowalski wrote /Tue Mar 6 01:39:49 EST 2012 ==================================== / On Mon, Mar 05, 2012 at 11:50:21PM -0500, Bob Hoffman wrote: >/ What I would like is to just tell postfix to only allow incoming mail />/ for user1 and user2 and reject all...but only from external sources, not />/ locally sent mail. / You may use local_recipient_maps. On my home server, I have this in the postfix main.cf file: mydestination = $myhostname, localhost local_recipient_maps = hash:/etc/postfix/local_recipients, $alias_maps /etc/postfix/local_recipients contains the list of the users allowed to get mail from the external, one by line: user1 OK user2 OK ... Fill it with the values needed, then run "postmap /etc/postfix/local_recipients", and reload/restart postfix. ======================================= For anyone reading and wanting to know, this is for centos 6, stock install of postfix. This appears to be the winning solution. I was looking at that but could not see how to make it work. However, I think with your note on local_rec I had a working example to play with. My server is internet facing so this example had to be modified. I will be testing for a few days, but here is what I did, and it seems to work. main.cf mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain (I had to add all 4 or mail had issues or were completely rebuffed) /etc/postfix/myusers added two users, user1 OK user2 OK (have to put something after each user..a space then 'something'. Postfix ignores the right side.) Adding @domain caused all to be rejected or all to be allowed, depending on the things I tried. putting just the local user down without the @ worked good. postmap /etc/postfix/myusers service postfix restart Here is the thing that made it work...getting rid of $alias_maps in the local_recipient_maps = hash:/etc/postfix/myusers, $alias_maps by adding alias_maps, it will accept anything listed in there, which includes all the unix users like apache, root, etc. ran newaliases.... seems to work. Seems like all incoming mail bounce correctly, adding 'unknown user'. I was able to command line from my root account, sending a mail to my root account and received it. I thought the local maps file was needed as is to allow proper authentication to send/receive mail obviously not... perfect solution so far Nicolas Now my question is.... why is the default to allow all these mails?