outlook connect postfix use tls will fail,reject: RCPT from , 554 5.7.1,Client host rejected: Access denied

[xiedeacc]

use outlook connect to postfix on ubuntu 16.04 will fail, it seemed tls
established, and can connect to imap success, but send test mail will fail,
if use roundcube without tls, can log imap and smtp, and send recevive mail
successfully,here is log:

Sep 10 18:40:01 xiedeacc postfix/smtpd[5536]: Anonymous TLS connection
established from unknown[122.226.185.66]: TLSv1 with cipher
ECDHE-RSA-AES256-SHA (256/256 bits)
from here we can see tls established, but send mail will rejected by postfix

Sep 10 18:40:01 xiedeacc postfix/smtpd[5536]: NOQUEUE: reject: RCPT from
unknown[122.226.185.66]: 554 5.7.1 <unknown[122.226.185.66]>: Client host
rejected: Access denied; from=<te...@xiedeacc.com> to=<te...@xiedeacc.com>
proto=ESMTP helo=<yangzhenxieNB4>
here is main.cf

smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_hostname,
reject_invalid_hostname, permit

#smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender,
reject_unknown_sender_domain, reject_unauth_pipelining, check_sender_access
hash:/etc/postfix/sender_access, permit

smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender,
reject_unknown_sender_domain, check_sender_access
hash:/etc/postfix/sender_access, permit

smtpd_client_restrictions = check_client_access hash:/etc/postfix/access,
reject_rbl_client anti-spam.org.cn, permit_mynetworks,
permit_inet_interfaces, permit_sasl_authenticated, reject

smtpd_recipient_restrictions =  check_recipient_access
hash:/etc/postfix/recipient_access, permit_auth_destination,
reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated,
reject_non_fqdn_recipient, reject_unknown_recipient_domain,
reject_unauth_destination, check_policy_service
unix:/var/spool/postfix/var/run/postgrey/socket, reject

#smtpd_recipient_restrictions = check_recipient_access
mysql:/etc/postfix/mysql_block_recip.cf

smtpd_data_restrictions = reject_unauth_pipelining

smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,
permit_auth_destination, reject
here is master.cf

submission inet n       -       y       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o
smtpd_client_restrictions=permit_mynetworks,permit_inet_interfaces,permit_sasl_authenticated,reject
  -o
smtpd_helo_restrictions=permit_mynetworks,reject_non_fqdn_hostname,reject_invalid_hostname,permit
  -o
smtpd_sender_restrictions=permit_mynetworks,reject_non_fqdn_sender,reject_unknown_sender_domain,permit
  -o
smtpd_recipient_restrictions=permit_auth_destination,reject_unauth_pipelining,permit_mynetworks,permit_sasl_authenticated,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_destination,reject
  -o
smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,permit_auth_destination,reject
  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       y       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  #  -o smptd_tls_auth_only=yes
  -o smtpd_sasl_security_options=noanonymous,noplaintext
  -o smtpd_sasl_tls_security_options=noanonymous
  -o smtpd_tls_cert_file=/etc/ssl/certs/xiedeacc.com.crt
  -0 smtpd_tls_key_file=/etc/ssl/private/xiedeacc.com.nopassword.key
  -o
smtpd_client_restrictions=permit_mynetworks,permit_inet_interfaces,permit_sasl_authenticated,reject
  -o
smtpd_helo_restrictions=permit_mynetworks,reject_non_fqdn_hostname,reject_invalid_hostname,permit
  #  -o
smtpd_sender_restrictions=permit_mynetworks,reject_non_fqdn_sender,reject_unknown_sender_domain,reject_unauth_pipelining,permit
  -o
smtpd_sender_restrictions=permit_mynetworks,reject_non_fqdn_sender,reject_unknown_sender_domain,permit
  -o
smtpd_recipient_restrictions=permit_auth_destination,reject_unauth_pipelining,permit_mynetworks,permit_sasl_authenticated,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_destination,reject
  -o
smtpd_relay_restrictions=permit_mynetworks,permit_sasl_authenticated,permit_auth_destination,reject
  -o milter_macro_daemon_name=ORIGINATING



--
Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html