After uprading from postfix-2.9.6 to 2.10.0, authentificated clients are not allowed to send mails for relaying anymore. smtp_sasl_security_options =noanonymous smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_use_tls = yes smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/ssl/server.crt smtpd_tls_key_file = /etc/ssl/server.key smtpd_tls_CAfile = /etc/ssl/ca.crt smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination but when debugging, permit_sasl_authenticated is not checked at all inside recipient access restrictions: hostname postfix/smtpd[2052]: >>> START Recipient address RESTRICTIONS <<< hostname postfix/smtpd[2052]: generic_checks: name=permit_mynetworks hostname postfix/smtpd[2052]: permit_mynetworks: pCLIENT.dip.t-dialin.net xx.xxx.xxx.x hostname postfix/smtpd[2052]: match_hostname: pCLIENT.dip.t-dialin.net ~? 127.0.0.0/8 hostname postfix/smtpd[2052]: match_hostaddr: xx.xxx.xxx.x ~? 127.0.0.0/8 hostname postfix/smtpd[2052]: match_hostname: pCLIENT.dip.t-dialin.net ~? [::1]/128 hostname postfix/smtpd[2052]: match_hostaddr: xx.xxx.xxx.x ~? [::1]/128 hostname postfix/smtpd[2052]: match_hostname: pCLIENT.dip.t-dialin.net ~? 10.9.0.0/24 hostname postfix/smtpd[2052]: match_hostaddr: xx.xxx.xxx.x ~? 10.9.0.0/24 hostname postfix/smtpd[2052]: match_list_match: pCLIENT.dip.t-dialin.net: no match hostname postfix/smtpd[2052]: match_list_match: xx.xxx.xxx.x: no match hostname postfix/smtpd[2052]: generic_checks: name=permit_mynetworks status=0 hostname postfix/smtpd[2052]: generic_checks: name=reject_unauth_destination hostname postfix/smtpd[2052]: reject_unauth_destination: somaddress@gmail.com hostname postfix/smtpd[2052]: permit_auth_destination: somaddress@gmail.com hostname postfix/smtpd[2052]: ctable_locate: leave existing entry key somaddress@gmail.com Mar 4 08:52:25 asterix postfix/smtpd[2052]: NOQUEUE: reject: RCPT from pCLIENT.dip.t-dialin.net[xx.xxx.xxx.x]: 554 5.7.1 <somaddress@gmail.com>: Relay access denied; hostname to=<somaddress@gmail.com> proto=ESMTP helo=<[192.168.0.141]> hostname postfix/smtpd[2052]: generic_checks: name=reject_unauth_destination status=2 hostname postfix/smtpd[2052]: >>> END Recipient address RESTRICTIONS <<< After downgrading back to postfix-2.9.6 again, everything works as before. Reproducible: Always
This looks like a configuration issue. smtpd_relay_restrictions was introduced in 2.10 to do exactly as you expect. http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions To achieve backwards compatibilty, smtpd_relay_restrictions must be set to empty instead of the default "permit_mynetworks, reject_unauth_destination" In your case, if you change smtpd_recipient_restrictions to smtpd_relay_restrictions, it should work.
That worked for me. Thanks!