Redirect local mail addressed to root, but don’t accept mail at [email protected]

On my Postfix mail server, I would like to redirect local mail sent to root to my virtual mailbox [email protected]. At the same time, I do not want to receive any outside mail at [email protected]. Is such a configuration at all possible?

My motivation is to receive notifications generated by services like Cron conveniently in my inbox at [email protected]. Such notifications usually get sent to user root. I have been able to set up the redirection as desired:

1. Daemon sends mail to root.
2. Postfix appends $myorigin (append_at_myorigin = yes, must not be changed).
3. [email protected] is looked up and mapped through virtual_alias_maps.
4. Mail is delivered to mailbox [email protected].

However, with this setup anyone can send mail to [email protected]. I’d rather not have this address as a public alias of [email protected]. The behaviour I would like to have:

• locally: mail sent to root → delivered to [email protected]
• remote clients: attempt to send mail to [email protected] → 550 5.1.1 User Unknown

/etc/postfix/main.cf:

myhostname = mail.my.org
mydomain = my.org
myorigin = /etc/mailname
mydestination = localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth
smtpd_sender_login_maps = $virtual_alias_maps
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_mailbox_domains = my.org
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_alias_maps = hash:/etc/postfix/virtual
alias_maps = hash:/etc/aliases

/etc/mailname:

my.org

/etc/postfix/vmailbox:

[email protected]         [email protected]
[email protected] [email protected]

/etc/postfix/virtual:

[email protected]         [email protected]
[email protected]        [email protected]
[email protected]       [email protected]
[email protected] [email protected]

/etc/aliases:

postmaster: [email protected]
root: [email protected]