Since few months, on my self hosted mail server, smtp authentification under postfix stopped working. Mails were rejected with elay access denied error.

At first glance, it looked related to sasl. So I tried some tools (testsaslauthd, smtptest) to debug the issue, but found the authentication was working. So I started to look at the postix configuration.

After some tracing, it appeared postfix was rejecting incomming mail becase of smtpd_relay_restrictions parameter, even if it was able to authenticate client connexion via sasl. In fact, in some point of time, smtpd_relay_restrictions has changed (or got added...).

The default value of the postconf -d | grep smtpd_relay_restrictions is permit_mynetworks, reject_unauth_destination. Obviousy, permit_sasl_authenticated is missing from the list. So, I added smtpd_relay_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination, reject to and restarted the service. Magicly, I was able to send mails from the public wifi access.