Restrictions on recipient addresses
smtpd_recipient_restrictions
This parameter specifies restrictions on recipient addresses that SMTP clients can send in RCPT TO commands.

By default, Postfix relays mail:

    * from trusted clients whose IP address matches $mynetworks,
    * from trusted clients matching $relay_domains or subdomains thereof,
    * from untrusted clients to destinations that match $relay_domains or subdomains thereof, except addresses with sender-specified routing.

The default relay_domains value is $mydestination.

In addition to the above, the Postfix SMTP server by default accepts mail that Postfix is final destination for:

    * destinations that match $inet_interfaces,
    * destinations that match $mydestination,
    * destinations that match $virtual_maps.

These destinations do not need to be listed in $relay_domains.

The following restrictions are available (* is part of default setting):

    * *permit_mynetworks: permit if the client address matches $mynetworks.
    * reject_unknown_client: reject the request if the client hostname is unknown.
    * reject_maps_rbl: reject if the client is listed under $maps_rbl_domains.
    * reject_invalid_hostname: reject HELO hostname with bad syntax.
    * reject_unknown_hostname: reject HELO hostname without DNS A or MX record.
    * reject_unknown_sender_domain: reject sender domain without A or MX record.
    * *check_relay_domains: permit only mail:
          o to destinations matching $inet_interfaces, $mydestination, or $virtual_maps,
          o from trusted clients matching $relay_domains or subdomain thereof,
          o from untrusted clients to destinations matching $relay_domains or subdomain thereof (except addresses with sender-specified routing).
      Reject anything else.
    * permit_auth_destination: permit mail:
          o to destinations matching $inet_interfaces, $mydestination, or $virtual_maps,
          o to destinations matching   $relay_domains or subdomain thereof, except for addresses with sender-specified routing.
    * reject_unauth_destination: reject mail unless it is sent
          o to destinations matching $inet_interfaces, $mydestination, or $virtual_maps,
          o to destinations matching $relay_domains or subdomain thereof, except for addresses with sender-specified routing.
    * reject_unauth_pipelining: reject mail from improperly pipelining spamware
    * permit_mx_backup: accept mail for sites that list me as MX host.
    * reject_unknown_recipient_domain: reject domains without A or MX record.
    * check_recipient_access maptype:mapname: look up recipient address, parent domain, or localpart@. Reject if result is REJECT or "[45]xx text". Permit otherwise.
    * check_client_access maptype:mapname: see smtpd_client_restrictions.
    * check_helo_access maptype:mapname: see smtpd_helo_restrictions.
    * check_sender_access maptype:mapname: see smtpd_sender_restrictions.
    * reject_non_fqdn_hostname: reject HELO hostname that is not in FQDN form.
    * reject_non_fqdn_sender: reject sender address that is not in FQDN form.
    * reject_non_fqdn_recipient: reject recipient address that is not in FQDN form.
    * reject: reject the request. Place this at the end of a restriction.
    * permit: permit the request. Place this at the end of a restriction.

Restrictions are applied in the order as specified; the first restriction that matches wins.

Specify a list of restrictions, separated by commas and/or whitespace. Continue long lines by starting the next line with whitespace.

NOTE: YOU MUST SPECIFY AT LEAST ONE OF THE FOLLOWING RESTRICTIONS OTHERWISE POSTFIX REFUSES TO RECEIVE MAIL:
reject, check_relay_domains, reject_unauth_destination