We have successfully navigated the many rivers of setting up a website and mail server with SSL/TLS but one:Relay access denied for outgoing mail to external addressee from an offsite client through our own Postfix SMTP server. Everything else works great.
Any ideas? Details below.
Thank you, Andy
We have Postfix Version: 3.2.0-1.4 under opensuse Leap 42.3. Other relevants include Dovecot 2.2.31 (65cde28)
**• Receive** mail (Dovecot) works under all options at both internal (**lavarre**) and external (**spectre**) sites.
• **Send** mail from internal and external clients tested with:
```
telnet mail.privustech.com 587
```
or
```
openssl s_client -connect mail.privustech.com:587 -starttls smtp
```
(it fails if **-starttls** tag is not included: **No peer certificate...**)
• Send mail from internal (within the server) to both internal and external addressees works.
• Send mail from external clients to internal addressees (**@privustech.com**) works.
• Send mail from external clients to external addressees suffers **Relay access denied**.
We have done the following with **/etc/postfix/main.cf**:
• Created **/etc/postfix/sender_access** with **postmap** to explicitly *include* as authorized senders:**andy@privustech.com**
**alavarre@privustech.com**
• Updated the line
```
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access
```
to use that access database.
• Commented out
```
smtp**d**_recipient_restrictions
```
to preclude restrictions on addressees
• Not found
```
**smtp**_recipient_restrictions
```
• Commented out
```
relayhost =
```
The only thing that works to date is to explicitly add our external IP address to mynetworks:
```
mynetworks = **72.215.48.235/32**, 127.0.0.0/8,
```
but even that doesn't work with the Evolution email client:
[INDENT=2]"Bad authentication response from server."
[/INDENT]
So I would deeply appreciate help in sorting this last bit out...
Thanks again.