==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.6.3 (OpenLDAP edition)
- Deployed with iRedMail Easy or the downloadable installer? Downloadable installer
- Linux/BSD distribution name and version: RHEL 8.7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No

==== ISSUE DESCRIPTION ====

After changing the DNS configuration on my iRedMail server from public DNS to internal company DNS (using nmcli), incoming emails from Office 365 users started failing.

Office 365 returns this NDR:

554 5.7.1 Recipient address rejected: SMTP AUTH is required for users under this sender domain

This issue appeared only after the DNS change.

==== WHAT I OBSERVE ====

- All iRedMail services (Postfix, Dovecot, Amavis, LDAP, etc.) are running normally.
- Incoming mail from external senders is now rejected with the above error.
- It appears Postfix is treating external senders as “unauthenticated” because DNS lookups may be failing.

==== SUSPECTED ROOT CAUSE ====

The internal DNS server may not be resolving external domains (MX/SPF/A records) correctly. 
Due to failed DNS lookups, Postfix/iRedAPD policies might incorrectly require SMTP AUTH for external senders.

==== QUESTIONS ====

1. Which Postfix/iRedAPD restriction triggers:
   `SMTP AUTH is required for users under this sender domain`
   when DNS lookups fail?

2. Is it required that the iRedMail server must resolve public DNS (SPF/MX/A) for external sender domains?

3. Should internal DNS servers be configured with external DNS forwarders for proper mail flow?

4. What is the recommended DNS setup for iRedMail on RHEL?

Thanks in advance.