I want to achieve the following with Postfix:

1. Run all emails through a black list
2. Allow any clients sending to a list of domains
3. Allow some clients sending to any domain

This is what I have: (postfix is on 10.0.8.0 and some of the senders are 10.0.8.0 and 10.0.9.0)

mynetworks_style = subnet

smtpd_recipient_restrictions = check_recipient_access sqlite:/etc/postfix/access-bl.query, check_client_access hash:/etc/postfix/trusted_clients, check_recipie
nt_access hash:/etc/postfix/local_domains, reject_unauth_destination, permit

So, right now the black list works. File /etc/postfix/trusted_clients contains who can send anywhere (3), file /etc/postfix/local_domains contains where you can send (2). Those two are fine, they return properly.

My problem is getting all three working together. Not sure if it's an ordering issue. Currently sending a test from 10.0.9.17 and I get Relay access denied. If I add:

mynetworks = 10.0.8.0/24 10.0.9.0/24

then anyone can send anywhere, so #2 is not working.

Postfix version is 2.10 on Ubuntu 14.04.

Any ideas?