I am a Postfix Newbie, and have been tasked with re-configuring some servers. Before I describe my question, let me first describe out current setup.

We currently run mailboxes for all of our users - faculty and staff. everyone has an email address on our domain. Email to and from these email addresses goes as usual - all can send using their email address that we provide them with "inside" or "outside" the network.

Howevers, since students typically have their own email addresses that they use, many just set up forwarding and we just forward it along to their real email address. However, we want to tighten this a little.

What we want to do is 1)Cut all student mailboxes and simply forward anything that comes to their address. This is because all of our mail scripts are configured to send email using these assigned address. 2)Disallow sending using addresses with no mailbox. 3)(Some) Faculty need the option to keep their mailbox that we provide, as they are our faithful users. These must opt-in to keep them, and can send from outside the network - so really no changes for them.

I have been reading the Postfix documentation and looked over things like smtpd_recipient_restrictions, and considered filtering by some kind of whitelist. However, this would impose the same restrictions across all users, including out opt-in users who want to still be able to send from outside using their email. I also looked at filtering using the Mail From field, but that can be spoofed.

Any suggestions on configuration options to allow this kind of behavior from Postfix?