Hi all,
In my organization have to groups: restricted_rcpts and restricted_senders for send/receive mail from internet/internal, my problem is in the configuration, all accounts receive internet mails. I don't have problems in send restriction.

My scenario:
=========
Server: Release 7.1.2_GA_3268.UBUNTU10_64 UBUNTU10_64 FOSS edition. Integrated Server con Exchange 2007 (GAL) LDAP
Documentation revised: RestrictPostfixRecipients - Zimbra :: Wiki

Main.cf
=====
mail_owner = postfix
bounce_notice_recipient = postmaster
content_filter = smtp-amavis:[127.0.0.1]:10024
relayhost =
smtpd_sasl_authenticated_header = no
broken_sasl_auth_clients = yes
minimal_backoff_time = 300s
sender_canonical_maps = proxy:ldap:/opt/zimbra/conf/ldap-scm.cf
always_add_missing_headers = yes
smtpd_tls_key_file = /opt/zimbra/conf/smtpd.key
smtpd_helo_required = yes
virtual_transport = error
sendmail_path = /opt/zimbra/postfix/sbin/sendmail
smtpd_recipient_restrictions = check_recipient_access hash:/opt/zimbra/postfix/conf/restricted_rcpts, check_sender_access hash:/opt/zimbra/postfix/conf/restricted_senders, reject_non_fqdn_recipient, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_unlisted_recipient, reject_invalid_hostname, reject_non_fqdn_sender, permit
smtpd_reject_unlisted_recipient = no
bounce_queue_lifetime = 5d
local_header_rewrite_clients = permit_mynetworks,permit_sasl_authenticated
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_tls_security_level = may
smtpd_milters =
smtpd_sender_restrictions =
lmtp_host_lookup = dns
delay_warning_time = 0h
virtual_mailbox_maps = proxy:ldap:/opt/zimbra/conf/ldap-vmm.cf
queue_run_delay = 300s
header_checks =
notify_classes = resource,software
command_directory = /opt/zimbra/postfix/sbin
smtpd_client_restrictions = reject_unauth_pipelining
smtpd_tls_auth_only = yes
virtual_alias_maps = proxy:ldap:/opt/zimbra/conf/ldap-vam.cf
mailq_path = /opt/zimbra/postfix/sbin/mailq
mynetworks = 127.0.0.0/8 172.17.12.0/22 172.16.28.202/32 172.17.23.0/24 172.16.15.82/32 172.27.12.5/32 172.27.12.6/32
lmtp_connection_cache_time_limit = 4s
transport_maps = proxy:ldap:/opt/zimbra/conf/ldap-transport.cf
virtual_alias_domains = proxy:ldap:/opt/zimbra/conf/ldap-vad.cf
smtpd_sasl_auth_enable = yes
smtpd_tls_loglevel = 1
maximal_backoff_time = 4000s
virtual_mailbox_domains = proxy:ldap:/opt/zimbra/conf/ldap-vmd.cf
daemon_directory = /opt/zimbra/postfix/libexec
non_smtpd_milters =
setgid_group = postdrop
alias_maps = hash:/etc/aliases
mydestination = localhost
myhostname = myhost.com
message_size_limit = 5242880
recipient_delimiter =
in_flow_delay = 1s
queue_directory = /opt/zimbra/data/postfix/spool
propagate_unmatched_extensions = canonical
manpage_directory = /opt/zimbra/postfix/man
smtpd_tls_cert_file = /opt/zimbra/conf/smtpd.crt
lmtp_connection_cache_destinations =
newaliases_path = /opt/zimbra/postfix/sbin/newaliases
policy_time_limit = 3600
mailbox_size_limit = 0
disable_dns_lookups = no
smtpd_restriction_classes = send_local_only, rcpt_local_only
local_only = check_recipient_access hash:/opt/zimbra/postfix/conf/local_domains, reject
send_local_only = check_recipient_access hash:/opt/zimbra/postfix/conf/local_domains, reject
rcpt_local_only = check_recipient_access hash:/opt/zimbra/postfix/conf/local_domains, reject

The files local_domains, restricted_senders, restricted_rcpts are postmap command (.db)

Any ideas

Thanks
Cristhian