Postfix: Unverified Client host rejected / SASL Logged In

Question

Running Ubuntu, iRedMail, Mysql, Amavis, Spamassassin, Dovecot, Postfix

Recently had some unauthorized usage of a postfix server internally from a malware deprecated staging server. I worked on hardening the install but now external sasl logged in users can no longer send email.

May  3 15:35:07 nexus postfix/smtpd[19109]: NOQUEUE: reject: RCPT from tld.com[100.100.x.x]: 554 5.7.1 <tld.com[100.100.x.x]>: 
Unverified Client host rejected: Generic - Please relay via ISP (tld.com); from=<user@logged.in> to=<test.email@tld.com> proto=ESMTP helo=<[10.10.10.10]>

Postfix main.cf: https://pastee.org/pcfvn [now a 404]

Postfix master.cf: https://pastee.org/22y8f [now a 404]

I did look at: Postfix rejecting mail from authenticated clients but it didn't seem to be my problem or at least not conventionally.

I think I've read enough that I've gone temporarily blind with information. If anyone sees the needle in my haystack, your attention is appreciated.

Answer 1

Winning suggestion came from Twitter / @CBallou: https://twitter.com/cballou/status/727593905399734273

DNS PTR issue. Test removing check_reverse_client_hostname_access

I removed it, mail passed. Re-added it below permit sasl lines and we're still golden.

Definitely glad for some extra eyeballs on it. I should have stripped some of my new blocks out, or at least moved my permissions to the top and slowly dropped them down for verification. I was too stuck in the idea that sasl auth wasn't getting understood by postfix, when it wasn't even getting a chance.