Thank you so much. I was able to edit the main.cf and add the appropriate changes needed.
The check_sender_access restriction below triggers the lookup to catch the
sender:
smtpd_recipient_restrictions =
...
check_sender_access hash:/etc/postfix/internal_senders
permit_mynetworks
reject_unauth_destination
...
In the map you list the senders that should be re-routed to the dedicated
filter ruleset:
# /etc/postfix/internal_senders
[hidden email] internal_only
The rule above says to route [hidden email] to a ruleset called
"internal_only". You need to define it, before you can add rules to it:
smtpd_restriction_classes =
internal_only
Now you can create the restriction class "internal_only" and add rules. They
are executed top to bottom - first match wins:
internal_only =
check_recipient_access hash:/etc/postfix/internal_domains
reject
In the map /etc/postfix/internal_domains you list all recipient domains the
sender should be permitted to send to. When you say "OK" you tell Postfix to
permit the senders request (send a message):
# /etc/postfix/internal_domains
example.com OK
example.org OK
If the recipient domain is not in /etc/postfix/internal_domains Postfix will
look for the next rule. In "internal_only" I wrote "reject". This is a static
action, which always is true if Postfix tests it. It gives you what you want.
Either the recipient domain is on /etc/postfix/internal_domains or the request
action (send a message) will be rejected.