Google Apps Email Routing unknown accounts to Postfix - "Relay access is denied (state 14)"
Posted on 2009-07-08
We're an SaaS provider that uses a lot of SMTP traffic for routing customer-driven information out to our users. The emails our application sends are not spam or unsolicited (just figured I'd say that right off the bat...)
Our previous configuration was an IMail server hosting both our corporate email and application email as ourcompany.com. We moved our corporate emails (ourcompany.com, "staff") to Google Apps some time ago, then configured Google Apps to send unknown accounts to our IMail server. That has been working great. Now, we're moving our application email from our IMail server to an Ubuntu server running Postfix on a different email domain (applicationemail.net). The account names are the same, we're just changing the domain names they're associated with. Since our customers are use to sending to THIERNAME@ourcompany.com for years, I want to configure our current Google Apps email to send unknown addresses to the new Postfix server, but restamp the SMTP envelope with @applicationemail.net address.
I've configured it to do just that. Now, if I send an email to an account that is not provisioned in Google Apps to an account that exists on the Postifx server, Postfix is bouncing the message back saying:
Delivery to the following recipient failed permanently:
Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 554 554 5.7.1 <email@example.com>: Relay access denied (state 14).
I've found resources all over the place where people are reporting problems going the OTHER way... Postfix to Google Apps gives this error, but I know that this is a configuration issue with Postfix. Postfix doesn't want anything relayed to it. I cannot find anywhere how to allow google apps to send TO postfix.
I know that I can configure Postifx to permit IP addresses (it already is doing so), but since Google is so dynamic, I was hoping there was a way to permit their servers by domain name instead....
Any help is appreciated!