On Wed, Apr 20, 2011 at 11:24:59AM -0400, Alex wrote:
> The box is receiving mail for users in that domain, but I cannot
> send mail as one of those users to an external user. It fails with
> "relay access denied".
http://www.postfix.org/BASIC_CONFIGURATION_README.html#relay_from
The privilege to send email to an external account is completely
unrelated to the contents of the tables that list local users. Rather,
your client machine needs to be listed in mynetworks (if stationary
node on a locally attached network), or your MUA needs to authenticate
via SASL (if mobile laptop or similar).
http://www.postfix.org/SASL_README.html#server_sasl
> smtpd_recipient_restrictions =
> permit_sasl_authenticated,
> reject_non_fqdn_sender,
> reject_non_fqdn_recipient,
> reject_unknown_sender_domain,
> reject_unknown_recipient_domain,
> reject_unauth_pipelining,
> reject_unauth_destination, <-- Rejected here
> permit_mynetworks, <-- Too late
> check_recipient_access pcre:/etc/postfix/relay_recips_access,
> check_recipient_access pcre:/etc/postfix/relay_recips_maillistusers,
> check_client_access hash:/etc/postfix/client_checks,
> reject_rbl_client zen.spamhaus.org,
> reject_invalid_hostname,
> reject_non_fqdn_hostname,
> check_helo_access hash:/etc/postfix/helo_checks,
> check_sender_access hash:/etc/postfix/sender_checks,
> permit
The above it the problem, your "permit_mynetworks" is incorrectly
after "reject_unauth_destination". Switch the two.
--
Viktor.
