I believe it's the unauthenticated check that is causing the problem. The user sends a message from hosteddomain1.com to hosteddomain2.com via a 3rd party SMTP server and it gets rejected as "not logged in". In this case, we want it to be treated as incoming mail from an external domain and not get rejected.
What we don't want is users sending email from hosteddomain1.com to externaldomain2.com without being authenticated. And that's the use case I'm looking for verification for. My guess is that relaying is handled by other postfix settings, so it's probably not an issue, but I'd like to be sure.
Hopefully this may help clear up what is happening.
1 - I got the same error messages - see below.
----- The following addresses had permanent fatal errors -----
(reason: 553 5.7.1 <firstname.lastname@example.org>: Sender address rejected: not logged in)
2 - I am in the process of migrating mydomain.com from my previous ISP to my iRed system.
3 - The SMTP server settings on my email client are smtp.myCurrentISP.com
4 - Both Receiver@example.com and mydomain.com are registered in my iRed mail system.
The problem comes down to this: Even though I am sending my email using my old isp when the email gets to my iRed mail system the iRed mail system recognises that both receiver and sender are registered in the ired mail system .
The iRed mail system recognises that the sender ( email@example.com) is not logged into iRed mail and so without checking to see if the sending smtp is iRed mail or an external isp ( smtp.myCurrentISP.com) rejects the mail.
Technically this is a glitch in iRed mail. iRed mail should not check the sender is logged in if the sender is using an external smtp service.
Practically - clients of an iRed mail system should probably use the iRed mail systems smtp rather than third party senders (e.g. if I change my mail clients smtp settings to smtp.mydomain.com , the ired mails smtp address then the problem goes away).
Where this would not work is if I am using an ISP that blocks outgoing port 25 / 465 / 587 and forces me to go through their smtp when using them as an ISP. In my country we have ISP's that do block outgoing port 25, 465 and 587 unless you explicitly ask for an exemption - and that exemption only works if you have a static ip address, not a casual ADSL with changing IP address.
A suggested flow is shown here: