# A simple anti-relay only example. Make sure you don't get used as a third
# party relay to spam other unfortunate people and grind your server
# to a halt dealing with the complaints. 

# assumes we are "my.domain". - edit for your own use.

# If we have JUNIPER_SUPPORT, we can allow through stuff based on 
# what sort of interface it arrived on. This says we will relay
# for any connection on a trusted interface.
#allow:TRUSTED:ALL:ALL

# Don't allow people to %hack relay off of me.
noto:ALL:ALL:*%*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T.
noto:ALL:ALL:*!*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T.
noto:ALL:ALL:*@*@*:551 Sorry %H (%I), I don't allow unauthorized relaying. You can't use me to send mail from %F to %T.

# If we have NS_MATCH=1 compiled in, we can do it this way, by allowing
# the relay mail outbound from hosts that have dns.my.domain as one of
# their nameservers. this might be useful if we sit in front of a 
# lot of domains.
allow:NS=dns.my.domain:ALL:ALL
# alternatively, if we don't want to use NS_MATCH, we can simply allow 
# all hosts ending in my.domain to relay through me.
allow:*my.domain:ALL:ALL

# If we have NS_MATCH=1 compiled in, we can again, match on the nameserver
# accepting mail for any address where the RHS uses us as a nameserver.
allow:ALL:ALL:NS=dns.my.domain
# alternatively, allow anything ending in my.domain.
allow:ALL:ALL:*my.domain

#
# punt anything else, we won't relay for people we don't know.
#
noto:ALL:ALL:ALL:551 Sorry %H(%I), I don't allow unauthorized relaying. Please
use another SMTP host to mail from %F to %T