This is a fairly common question, but any of the answers I've found (e.g. How to correct Postfix' 'Relay Access Denied'?, https://unix.stackexchange.com/questions/360960/relay-access-denied, https://stackoverflow.com/questions/18318789/linux-postfix-dovecot-554-relay-access-denied) don't work. I've now spent days trying to find what the source of the error is with no luck.
When using my mail client to send an email to an external domain, here is what the log (/var/log/mail.log) shows:
Feb 24 19:02:37 (name) postfix/submission/smtpd[27783]: connect from (my domain)[(myip)]
Feb 24 19:02:37 (name) postfix/submission/smtpd[27783]: NOQUEUE: reject: RCPT from (mydomain)[(myip)]: 554 5.7.1 <(my email)@gmail.com>: Relay access denied; from=<admin@(my domain)> to=<(my email)@gmail.com> proto=ESMTP helo=<mail.(my domain)>
Feb 24 19:02:37 (name) postfix/submission/smtpd[27783]: disconnect from (my domain) [(my ip)] ehlo=2 starttls=1 auth=1 mail=1 rcpt=0/1 rset=1 quit=1 commands=7/8
Everything here looks like I would expect. The request is coming internally from my own domain at my own ip. My domain is configured as a virtual_host and my ip address is specified in /etc/postfix/main.cf under the mynetworks
key. In addition, I have set the smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
as suggested elsewhere. These have done nothing to alleviate this error.
EDIT: added output of postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
compatibility_level = 2
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
mydestination = localhost.(my tld), , localhost, (my ip), 127.0.0.1
myhostname = (my domain)
mynetworks = 127.0.0.0/8, [::ffff:127.0.0.0]/104, [::1]/128, 127.0.0.1, (my ip)
myorigin = /etc/mailname
non_smtpd_milters = inet:127.0.0.1:11332
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_milters = inet:127.0.0.1:11332
smtpd_recipient_restrictions = reject_unauth_destination check_policy_service unix:private/quota-status
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = mysql:/etc/postfix/mysql-email2email.cf
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = (path to certs)/fullchain.pem
smtpd_tls_key_file = (path to certs)/privkey.pem
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp
EDIT: and here is /etc/postconf/master.cf
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_auth_only=yes
-o smtpd_reject_unlisted_recipient=no
-o smtpd_relay_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
-o syslog_name=postfix/$service_name
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
What is causing the Relay access denied
error?