Update podop access and mail restrictions

core/postfix/conf/main.cf

@@ -56,13 +56,14 @@ smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
 
 # The alias map actually returns both aliases and local mailboxes, which is
 # required for reject_unlisted_sender to work properly
-virtual_alias_maps = ${podop}alias/domain
-virtual_mailbox_domains = ${podop}mailbox/domain
-virtual_mailbox_maps = ${podop}mailbox/map
+virtual_alias_domains =
+virtual_alias_maps = ${podop}alias
+virtual_mailbox_domains = ${podop}domain
+virtual_mailbox_maps = ${podop}mailbox
 
 # Mails are transported if required, then forwarded to Dovecot for delivery
-relay_domains = ${podop}transport
-transport_maps = ${podop}transport
+# relay_domains = ${podop}transport
+# transport_maps = ${podop}transport
 virtual_transport = lmtp:inet:{{ HOST_LMTP }}
 
 # In order to prevent Postfix from running DNS query, enforce the use of the
@@ -82,15 +83,20 @@ smtpd_sender_login_maps = $virtual_alias_maps
 # Restrictions for incoming SMTP, other restrictions are applied in master.cf
 smtpd_helo_required = yes
 
-smtpd_recipient_restrictions =
+smtpd_client_restrictions =
   permit_mynetworks,
-  check_sender_access ${podop}spoofed
+  reject_unauth_destination,
   reject_non_fqdn_sender,
   reject_unknown_sender_domain,
   reject_unknown_recipient_domain,
   reject_unverified_recipient,
   permit
 
+smtpd_relay_restrictions =
+  permit_mynetworks,
+  permit_sasl_authenticated,
+  reject
+
 unverified_recipient_reject_reason = Address lookup failure
 
 ###############