Postfix Configuration - different servers for subdomains and domain

I have a following setup: 1 postfix server: a.example.com that needs to accept all emails for any subdomain on example.com (*@*.example.com) and delivers to mailman account and also send emails to any email account (gmail, yahoo, etc) including *@example.com. 1 hosted exchange: exch11.hosted.com for example.com emails (*@example.com).

Everything works in this setup except sending emails from a.example.com to *@example.com (exch11.hosted.com). If I have example.com in mydomains.db file, then a.example.com does not send out *@example.com emails and delivers locally. if I change it to *.example.com then it sends *@example.com emails to exch11.hosted.com but now does not accept *@subdomain.example.com emails and shows an error that Relay is not allowed (it should not be relaying and delivering to local maildir account).

Main requirement is to have a.example.com accept mail for any subdomain and deliver emails for main domain to exch11.hosted.com. Can anyone please help me or point me towards right direction?

Any help is welcome.

Thanks.

main.cf:

command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mydestination = hash:/etc/postfix/mydomains
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
home_mailbox = Maildir/
smtpd_banner = mail.example.com

debug_peer_level = 2
debugger_command =
     PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
     xxgdb $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.3.3/samples
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
virtual_alias_maps = hash:/etc/postfix/virtual, pcre:/etc/postfix/virtual.pcre
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtp_sasl_security_options = noplaintext
#smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender-access
smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/inbound-access,permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
mailbox_size_limit = 25600000
transport_maps = hash:/etc/postfix/transport
message_size_limit = 20240000

virtual.pcre and virtual:

/(.*)@[^.]*\.example\.com$/ mailman

transport:

# demo
.demo.example.com   smtp:192.168.100.161:25
# demo mail
demo.example.com    smtp:192.168.100.161
# Demo2
.demo2.example.com  smtp:192.168.100.221:25
# demo2 domain
demo2.example.com   smtp:192.168.100.221

mydomains:

localhost       OK
mail.local  OK
example.com     OK

Thanks. I just tried on test server and outgoing email works fine. I did not specify explicit transport and it looks like it is picking up server from MX record correctly. I will be testing incoming email on our main server on monday and hopefully I dont get Relay Denied errors on incoming mail from untrusted network... P.S. How important is it to specify explicit transport? Thanks again.

@IuriG. you don't need to specify an explicit transport if the mx record is correct but anyway why does a.example.com receive mail from untrusted networks for example.com if the mx record doesn't point to a.example.com?

It does not. My above comment was referring to subdomain.example.com emails. Usually when i changed example.com in mydomains to .example.com, for some reason postfix would stop receiving emails from untrusted netwrok (for subdomain.example.com). As if it was not supposed to receive them and was giving Relay Denied error. Hopefully virtual_alias_domain will work right for incoming email.

thanks. works very well. just tested in production server