Hi, >> The box is receiving mail for users in that domain, but I cannot >> send mail as one of those users to an external user. It fails with >> "relay access denied". > > http://www.postfix.org/BASIC_CONFIGURATION_README.html#relay_from > > The privilege to send email to an external account is completely > unrelated to the contents of the tables that list local users. Rather, > your client machine needs to be listed in mynetworks (if stationary > node on a locally attached network), or your MUA needs to authenticate > via SASL (if mobile laptop or similar).
Yes, understood. >> smtpd_recipient_restrictions = >> permit_sasl_authenticated, >> reject_non_fqdn_sender, >> reject_non_fqdn_recipient, >> reject_unknown_sender_domain, >> reject_unknown_recipient_domain, >> reject_unauth_pipelining, >> reject_unauth_destination, <-- Rejected here >> permit_mynetworks, <-- Too late >> check_recipient_access pcre:/etc/postfix/relay_recips_access, >> check_recipient_access pcre:/etc/postfix/relay_recips_maillistusers, >> check_client_access hash:/etc/postfix/client_checks, >> reject_rbl_client zen.spamhaus.org, >> reject_invalid_hostname, >> reject_non_fqdn_hostname, >> check_helo_access hash:/etc/postfix/helo_checks, >> check_sender_access hash:/etc/postfix/sender_checks, >> permit > > The above it the problem, your "permit_mynetworks" is incorrectly > after "reject_unauth_destination". Switch the two. Working with this last night, I also came to the same conclusion. Sure appreciate your help. I learned a lot of this the hard way -- by being put in the position where I had to figure it out. I'm now slowly learning the right way to do things, even if they are much more advanced than I fully understand. Thanks again, Alex
