This is how postfix is configured as a front-end mx that receives and sends mail to the public internet.

The particular configuration described here is for use with nest, but could be used for any similar setup.

A postfix frontend should have these as well:

FRONTEND POSTFIX

main.cf

myhostname = tern.riseup.net
myorigin = tern.riseup.net
mydestination = $myhostname, $myorigin, localhost.$mydomain, localhost

virtual_mailbox_domains = riseup.net
virtual_alias_maps = mysql:$maps_dir/mysql_aliases.cf
transport_maps = mysql:$maps_dir/mysql_transport.cf

discussion

transport_maps: this allows us to direct the message to the correct backend server without rewriting the recipient. if we rewrote the recipient, we would have to rewrite it back for maildrop to work on the back end server.

virtual_alias_maps: The alias map is needed because mail might need to get forwarded or redirected.

virtual_mailbox_domains: it is weird to have virtual_alias_maps and virtual_mailbox_domains. However, if we change virtual_mailbox_domains to virtual_alias_domains, then everything breaks? I dunno why. Options virtual_mailbox_* are used for virtual mailbox delivery, which we are not actually doing on the frontend servers: all the mailboxes live on other servers.

see
www.postfix.org/VIRTUAL_README.html
www.postfix.org/ADDRESS_CLASS_README.ht...