First - the Mailserver is … a mail server. It was never designed as a mail gateway and except for that it works and does a very good job of keeping spam at bay, nothing will be made in order to make this more in to a mail gateway than it already is, so all the limitations of using the mailserver as a mail gateway is likely always going to be there. It might be that a separate mail gateway product will be released in the future that addresses these shortcomings.

The first configuration that's needed is in the Mailrouting section in the mail admin gui. There's the option of adding mail routes, these should be setup as follows:

source: springfield.com
destination: smtp:internalmail.mydomain.com

or

source: springfield.com
destination: smtp:10.1.2.3

where springfield.com is the incoming domain to accept, and internalmail.mydomain.com or 10.1.2.3 is the internal mail server. Repeat this for all domains you want to accept mail to.

in the permitted relays section, please add 10.1.2.3 or 10.1.2.0/24 (or whatever the internal network is). This will allow the internal mailserver (and other internal hosts) to route mails through the mailserver.

The only thing that's needed on the internal mailserver is to setup mail relaying to the Mailserver (now turned in to a mail gateway). This will make sure that outgoing mailservers are whitelisted in the greylist filter.

All the global mail controls like greylisting, antivirus and antispam works just as expected. What doesn't work is any user based controls - simply because there are no users on the system.