Using your configuration, can you visit a friend and send mail to someone whose email account is not hosted on your server? It seems like the most normal thing to do. Could you imaging gmail only being able to send email to other gmail accounts?? It wouldn’t last long.

Michael

For example, check out my settings: http://img.skitch.com/20091026-g1g3rbxi5ma561keraq8q7epx5.png

Do you already have loopback (obviously) AND the ip address subnet of the lan interface?
The subnet (I use /24 now) I was using was giving me some troubles, especially with mailman. Worth a try.

Michael

The problem is really simple. I’ll illustrate as follows with very simple examples:

A user is on the road and has a valid email account on the Snow Leopard server.

1. He receives an email from someone else with an account on the same server. He replies. The email message is delivered to the sender.

2. He receives an email from someone with an email address other than our server — eg gmail.com. He replies. The email is not sent and a dialog box appears that asks if the user wants to use another server or try again or try later. The message is never sent.

This is pretty stupid for any email server software, but I assume has to do with relaying since the local address isn’t really a relay and the external address is.

We have just switched to Snow Leopard Server (we have been using Windows Server 2003) and have found the switch to be less than friendly. For example, the need to create a new user to have a new email address is rather old and not practical in today’s environments. It seems very Unixie old school.

However, it is allowing users to use their email address to both send and receive their email while travelling that is the current major problem. It should be a DEFAULT configuration of any email server to provide this service.

Michael

1) blocking from relaying
2) blocking from greylisting

blocking from relaying means that postfix isn’t configured to accept relay by examining your mobile source address.

blocking from greylisting is a spam countermeasure that works this way:
when you try to send the mail the first time, the server responds that the service is currently unavailable and suggest to try later.
most spambots doesn’t try to resend the email therefore mission accomplished.
however legit mail clients and servers will try to resend the email at some point, greylist matches the ip that tried to send an email earlier and whitelist it.
whitelist is wiped once in a while and the addresses wiped are the ones that the server haven’t seen in a time frame.

so, to recap you should really check what kind of problem you have there, if it’s related to greylisting or relaying.

Is this a rare requirement that authenticated email users are not allowed to reply to the email messages they just received? I would think this is the norm and the act of rejecting should be the rare situation.

On the road or away from the office, user can send email to email addresses on the server but not to email addresses elsewhere in the Internet. I can manually correct this by adding their location (IP) to the accept relay list on the server. What a pain!! Where do you set things so that an authenticated user can relay?

Most other email servers offer a range of time periods after authentication to allow legal relays. Ie a renewal requirement that is most often associated with the success retrieval of POP or IMAP mail by that user.

This is a major failing — although I assume I have just not found the magic place to configure this.