On Fri, Sep 20, 2013 at 02:50:55PM +1000, Russell Coker wrote:
<- 220 mx0.example.com ESMTP Postfix (Debian/GNU) -> EHLO example.com [...] <** 554 5.7.1 <logcheck@server0.example.com>: Sender address rejected: forged mail -> QUIT
some questions that might lead you in the right direction: does mx0 have server0.example.com in its my_destination? is there a check_sender_access map in main.cf listing server0.example.com? is there a check_helo_access map listing example.com? if it does exist, does it come *AFTER* or *BEFORE* permit_mynetworks, permit_tls_clientcerts, and permit_sasl_authenticated? the order of rules is extremely significant in postfix. e.g. in main.cf I have "check_helo_access hash:/etc/postfix/nolocal,". This comes after the permit_* rules. /etc/postfix/nolocal contains lines like: taz.net.au 550 forgery of local address rejected. craig -- craig sanders <cas@taz.net.au> BOFH excuse #405: Sysadmins unavailable because they are in a meeting talking about why they are unavailable so much.