On 3/2/11 8:22 AM, /dev/rob0 wrote: > On Wed, Mar 02, 2011 at 10:11:38AM -0600, I wrote without reading: >> On Wed, Mar 02, 2011 at 07:26:55AM -0800, David Newman wrote: >>> The error message in maillog is like this: >>> >>> Mar 1 13:30:04 mail3 postfix/smtpd[99904]: NOQUEUE: reject: >>> RCPT from hostB.networktest.com[1.2.3.4]: 550 5.1.1 >>> <someu...@someexternaldomain.com>: Recipient address rejected: >>> User unknown in relay recipient table; >>> from=<dnew...@networktest.com> >>> to=<someu...@someexternaldomain.com> proto=ESMTP >>> helo=<localhost.localdomain> >> >> This is reject_unauth_destination in smtpd_recipient_restrictions, > > It obviously is not. It's that someexternaldomain.com was found in > relay_domains, but someu...@someexternaldomain.com was not found in > relay_recipient_maps. > > As alluded below, you should never list domains you do not host in > any of your address class definitions. Apparently you have done so. > Your post was inadequate to be able to further debug your mistake.
Thanks for your responses. I'd only messed with the relay_recipients file, not any parameter in main.cf. I've now undone edits to relay_recipients... > >> which typically would be preceded by permit_mynetworks and if using >> SASL AUTH, permit_sasl_authenticated. If you have those permit_* >> restrictions, neither case is being met. >> >>> In main.cf, relay_recipient_maps calls >> >> No, this is wrong. The relay domain class is for when your server >> is MX host for a domain, but not the final destination. This is not >> the issue as you have described. You want per-client (mynetworks) >> or per-user (SASL AUTH) relaying. > > This part is right. ...and added hostB's IPv4 address with a /32 prefix to mynetworks, and rerun postmap on relay_recipients to restore it, and reloaded postfix. Success. Thanks again. dn