I'm wanting to setup an internal-only email server. By this, I mean that the people using it will only be able to send to and receive from each other, not go out to the internet.

To accomplish this, I was planning on setting up email address @company.lan, an non-existant domain, so that anyone trying to send email to those accounts from the outside would fail. To prevent outside sending, the server simply wouldn't have a default gateway on it, so it would be incapable of forwarding off any email to the outside world. For this interested, most webmail services are blocked, and port 25 outbound is blocked from the workstations by the firewall so that users can't simply change their SMTP server settings to send out.

However, I've run into a bit of a snag. My client would like to use this same box as a public web server, which means it will need internet access, which means that the server will relay outbound any email addressed outside. Any suggestions on how to prevent that?

The MTA of choice here is Postfix.