Description
I just spent hours researching this. Could not send email if even when SASL authentication succeeded. I was getting Client host rejected: Access denied; and reviewed all the polices I copied from the example. I could not come up with a reason. Only after adding POSTFIX_debug_peer_list: host-from-which-i-am-sending.com did I get a clue.
It turned out to be the this default (for this docker) policy:
smtpd_client_restrictions=permit_mynetworks,reject
It would be great if permit_sasl_authenticated was part of the policy by default so other people don't have to go through this.
I solved it for my self by adding this to my docker-compose:
POSTFIX_smtpd_client_restrictions: "permit_mynetworks, permit_sasl_authenticated, reject"
Hopefully it will help other searching for a similar issue.