Postfix relay control

The default installation allows any system on the same subnet as yours to relay mail through
your mail server. If you want to override the default, you can set the parameter mynetworks
to be a list of hosts or networks that you trust to relay mail through your system. You can
specify a list of IP addresses or network/netmask patterns, and any connecting SMTP client
that matches will be allowed to relay mail. You can list network or IP addresses that reside
anywhere. So, for example, if you want to be able to relay mail through your home Postfix
system from your work machine, you can specify the IP address of your machine at work in
your home Postfix configuration.
Here's an example that allows mail from the local subnet (192.168.75.0/28) and a single host
located elsewhere:
mynetworks = 192.168.75.0/28 10.150.134.15
If you want to allow relaying for mobile users that do not have static IP addresses, you have to
use some kind of SMTP authentication mechanism. Postfix can work with SASL
Authentication (which requires that Postfix be compiled with additional libraries, and that
users' client software be specially configured) and pop-before-smtp (which requires a POP
server running on the same system to first authenticate users).
It is important not to open relay access to anyone except users you trust. In the early days of
the Internet, open relays were commonplace. Unfortunately the current prevalence of spam
has precluded that kind of freedom. If your MTA is not protected, you leave yourself and
other Internet systems vulnerable to abuse. Spammers constantly scan for open relays, and if
you place one on the network, it is only a matter of time before it will be found. Fortunately,
the default Postfix installation behaves correctly. However, if you make lots of changes to
your Postfix configuration (especially in setting up antispam controls, ironically), you may
inadvertently open yourself up to relay abusers.
If you want your own Postfix installation to relay mail through another MTA, specify the IP
address of the relay server using the relayhost parameter. Postfix normally figures out
where to deliver messages on its own, based on the destination address. However, if your
system is behind a firewall, for example, you may want Postfix to hand off all messages to
another mail server to make the actual delivery. When you specify a relay server, Postfix
normally performs a DNS query to obtain the mail exchanger (MX) address for that system.
You can override this DNS lookup by putting the hostname in square brackets:
relayhost = [mail.example.org]