Relaying is rejected by default. The only messages that will be relayed through your system are by those that you specifically allow.
In your example, a message to ANY domain that originates from localhost will be allowed. But, if you tried to connect from another network to send a message, it would get rejected.
Now, if you wanted mail sent to domain example.com, for example, you could have :
Code:
To:Example.com RELAY
So anyone that connects to your machine to send a message to example.com would be allowed. Messages sent to other domains would be rejected.
Now keep in mind, this could open you up to backscatter. What we do to avoid that is we populate all valid e-mail accounts in the access file. So ours looks like:
Code:
To:example.com REJECT
To:jim@example.com RELAY
To:Sue@example.com RELAY
...
etc.
So basically it would reject all mail to example.com except for jim, sue and anyone else I specify.