I'm a security admin with mailboxes on Exchange Online (aka Microsoft 365), not seasoned to postmail, but I have to deploy a postmail service on premises to allow some devices (internal applications, switches, etc) to send e-mail through Exchange Online.
My preferred approoach is an internal device (example: printer) or application (ex: some on premises server) talks SMTP with my on premises postfix that in turn talks SMTP to Exchange Online.
I have everything configured on Exchange side to this, with a relay connector, no problem receiving e-mail.
I configured postfix to relay and at first it's working ok, allowing only hosts on a file to use the service:
mynetworks = hash:/etc/postfix/hosts_auth_to_relay
But I want to mantain two authorization lists:
List1: hosts authorized to relay only to Exchange internal mailboxes... The criteria is mail to my domain (example: mycorpdomain.com).
List2: hosts authorized to relay to all domains (i.e.: gmail.com, hotmail.com, etc.com)
I'm struggling with smtpd_recipient_restrictions and smtpd_relay_restrictions but I got all mail denied when using them. Do you know how to state this two authorizations on main.cf?