# A simple anti-relay only example. Make sure you don't get used as a third
# party relay to spam other unfortunate people and grind your server
# to a halt dealing with the complaints. 

# this file goes into /var/spool/smtpd/etc/smtpd_check_rules once you 
# have made the appropriate modifications to it.

# assumes we are "my.domain". - edit for your own use.

# Don't allow people to %hack relay off of me.
noto:ALL:ALL:*%*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T.
noto:ALL:ALL:*!*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T.
noto:ALL:ALL:*@*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T.

# we can allow outbound mail from our own hosts by allowing
# outbound from hosts that have dns.my.domain as one of
# their nameservers. this might be useful if we sit in front of a 
# lot of domains. but will be slower than below.
#allow:NS=dns.my.domain:ALL:ALL
# alternatively, if we don't want to bother with a name lookup,
# we can simply allow all hosts ending in my.domain to relay through me.
allow:*my.domain:ALL:ALL

# Again, for inbound mail we can match on the nameserver
# accepting mail for any address where the RHS uses us as a nameserver.
#allow:ALL:ALL:NS=dns.my.domain
# alternatively, allow anything ending in my.domain.
allow:ALL:ALL:*my.domain

#
# punt anything else, we won't relay for people we don't know.
#
noto:ALL:ALL:ALL:551 Sorry %H(%I), I don't allow unauthorized relaying. Please
use another SMTP host to mail from %F to %T