I asked a very similar question some 4 or 5 months ago, but haven't tracked down a suitable answer. I decided to post a new question so that I can ... a) Post updated info b) post my most current postconf -n output

When a user sends mail from inside the network (via webmail) to email addresses both inside and outside the network, the email is delivered. When a user with an email account on the system sends mail from outside the network, using the server as the relay, to addresses inside the network, the email is delivered.

But [sometimes] when a user connects via SMTPD to send email to an external address, a Relay Access Denied error is returned:

Feb 25 19:33:49 myers postfix/smtpd[8044]: NOQUEUE: reject: RCPT from host-68-169-158-182.WISOLT2.epbfi.com[]: 554 5.7.1 <host-68-169-158-182.WISOLT2.epbfi.com[]>: Client host rejected: Access denied; from=<me@my-domain.com> to=<me@gmail.com> proto=ESMTP helo=<my-computer-name>
Feb 25 19:33:52 myers postfix/smtpd[8044]: disconnect from host-68-169-158-182.WISOLT2.epbfi.com[]

Sending this through Microsoft Outlook 2003 generates the above log. However, sending through my iPhone, with the exact same settings, goes through fine:

Feb 25 19:37:18 myers postfix/qmgr[3619]: A2D861302C9: from=<me@my-domain.com>, size=1382, nrcpt=1 (queue active)
Feb 25 19:37:18 myers amavis[2799]: (02799-09) FWD via SMTP: <me@my-domain.com> -> <me@gmail.com>,BODY=7BIT 250 2.0.0 Ok, id=02799-09, from MTA([]:10025): 250 2.0.0 Ok: queued as A2D861302C9
Feb 25 19:37:18 myers amavis[2799]: (02799-09) Passed CLEAN, [] [] <me@my-domain.com> -> <me@gmail.com>, Message-ID: <C14ABC90-D288-4C9C-801B-EBFE0DDF57E8@my-domain.com>, mail_id: yMLvzVQJloFV, Hits: -9.607, size: 897, queued_as: A2D861302C9, 6283 ms
Feb 25 19:37:18 myers postfix/lmtp[8752]: 2ED3A1302C8: to=<me@gmail.com>, relay=[]:10024, delay=6.6, delays=0.25/0.01/0.19/6.1, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02799-09, from MTA([]:10025): 250 2.0.0 Ok: queued as A2D861302C9)
Feb 25 19:37:18 myers postfix/qmgr[3619]: 2ED3A1302C8: removed

Outgoing Settings on Outlook 2003 match the settings on my iPhone: SMTP server: mail.my-domain.com Username: My full email address Uses SSL Server Port 587

Now, here's postconf -n. I realize the "My Networks" Parameter is a bit nasty. I have these IP addresses in here for just this reason, as others have been complaining of this problem too:

alias_database = hash:/etc/postfix/aliases
alias_maps = $alias_database
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = amavisfeed:[]:10024
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
disable_vrfy_command = yes
html_directory = no
inet_interfaces = all
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message_size_limit = 20480000
mydestination = $myhostname, localhost, localhost.$mydomain
mydomain = my-domain.com
myhostname = myers.my-domain.com
mynetworks =,,,,,,,,
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
receive_override_options = no_address_mappings
recipient_delimiter = +
relay_domains = $mydestination
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_bind_address = my-primary-server's IP address
smtpd_banner = mail.my-domain.com
smtpd_helo_required = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/mailserver/postfix.pem
smtpd_tls_key_file = /etc/ssl/mailserver/private/postfix.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = no
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 554
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf,mysql:/etc/postfix/mysql-email2email.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_minimum_uid = 5000
virtual_transport = dovecot
virtual_uid_maps = static:5000

If anyone has any ideas and can help me finally solve this issue once and for all, I'd be eternally grateful.

David W
  • 3,405
  • 5
  • 34
  • 61
  • It just hit me that when I send mail through my iPhone, I'm told that the security cert is invalid, and I'm asked if I want to continue - I say yes. I'm not given that option through Outlook. I have access to some free certs, so I'm installing one now for the mail domain. I'll update this thread with whether or not this fixes my problem. – David W Feb 26 '11 at 02:56
  • While adding the certificate has no made my iPhone stop asking me for the cert when I send mail (which still works, by the way), Outlook 2003 still continues to fail sending mail. So my question still stands. Why is Microsoft's stuff such crap, and how can I get Postfix / Dovecot configured to work with it? :) – David W Feb 26 '11 at 04:32

1 Answers1


My issue was not in the postfix configuration file at all. The issue was in Dovecot's authentication. There's a section like this in /etc/dovecot.conf:

auth default {
  # Space separated list of wanted authentication mechanisms:
  # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi
  # NOTE: See also disable_plaintext_auth setting.
mechanisims = 



My issue was that mechanisms was only set to plain, when it also needed "login", like this:

auth default {
mechanisms = plain login


This issue has honestly been alluding me for months, but I have no solved it - and I have a working cert now too!

David W
  • 3,405
  • 5
  • 34
  • 61
  • 1
    on dovecot 2.1.7 I changed in /etc/dovecot/conf.d/10-auth.conf auth_mechanisms = plain to auth_mechanisms = plain login and it worked! – NilsB Jan 15 '14 at 17:46
  • Wonderful, I'm glad this was useful for someone else! – David W Jan 15 '14 at 18:42
  • it helped indeed a lot. I had spent a lot of time on that problem and you were my saviour. Many thanks! – NilsB Jan 19 '14 at 09:05