Did you restart postfix/SMTP Server after making you changes? I have a feeling it may fail or give warnings.

Is your "postconf -n" really correct? It looks like a C&P from mine with a few alterations. From you latest file, I see you've built in restrictions on the "access" file. Have you really done anything with it, populated it with anything then run postmap against it? Also have you installed and activated greylisting because you've built that in as well. If you don't know what you are doing with the restrictions, can I suggest you go back to the default, which is something like:

queue_directory = /var/spool/postfix

command_directory = /usr/sbin

daemon_directory = /usr/libexec/postfix

data_directory = /var/lib/postfix

mail_owner = postfix

myhostname = server.lan

mydomain = howitts.co.uk

myorigin = $mydomain

inet_interfaces = all

inet_protocols = ipv4

mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

unknown_local_recipient_reject_code = 550

mynetworks = 127.0.0.0/8, [::1]/128, 172.17.2.0/23

alias_maps = hash:/etc/aliases

alias_database = hash:/etc/aliases

header_checks = regexp:/etc/postfix/header_checks

debug_peer_level = 2

debugger_command =

         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin

         ddd $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail.postfix

newaliases_path = /usr/bin/newaliases.postfix

mailq_path = /usr/bin/mailq.postfix

setgid_group = postdrop

html_directory = no

manpage_directory = /usr/share/man

bounce_queue_lifetime = 6h

mailbox_size_limit = 102400000

message_size_limit = 51200000

luser_relay =

recipient_delimiter = +

message_strip_characters = \0

broken_sasl_auth_clients = yes

smtpd_sasl_auth_enable = no

smtpd_sasl_security_options = noanonymous

smtpd_sasl_local_domain = $mydomain

smtpd_use_tls = yes

smtpd_tls_cert_file = /etc/postfix/cert.pem

smtpd_tls_key_file = /etc/postfix/key.pem

smtpd_tls_loglevel = 1

smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service unix:/var/spool/postfix/postgrey/socket

mailbox_transport = mailpostfilter

content_filter = mailprefilter

transport_maps = hash:/etc/postfix/transport

virtual_alias_maps = $alias_maps, $virtual_maps, ldap:/etc/postfix/imap-aliases.cf, ldap:/etc/postfix/imap-groups.cf

local_recipient_maps = $alias_maps $virtual_alias_maps

smtpd_tls_auth_only = no

You can then build on it using More anti-spam and e-mail defence measures.

Dear Nick,

Thank you for help, but the email notice from government still rejected,

Jan 14 08:38:18 ms postfix/smtpd[3727]: NOQUEUE: reject: RCPT from 163-29-187-197.HINET-IP.hinet.net[163.29.187.197]: 504 5.5.2 <wa11>: Helo command rejected: need fully-qualified hostname; from=<sys-no-reply@findbiz.nat.gov.tw> to=<yyy@XXX.com.tw> proto=ESMTP helo=<wa11>

my new postconf -n is below

alias_database = hash:/etc/aliases

alias_maps = hash:/etc/aliases

bounce_queue_lifetime = 6h

broken_sasl_auth_clients = yes

command_directory = /usr/sbin

config_directory = /etc/postfix

content_filter = mailprefilter

daemon_directory = /usr/libexec/postfix

data_directory = /var/lib/postfix

debug_peer_level = 2

debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5

disable_vrfy_command = no

header_checks = regexp:/etc/postfix/header_checks

html_directory = no

inet_interfaces = all

inet_protocols = ipv4

local_recipient_maps = $alias_maps $virtual_alias_maps

luser_relay =

mail_owner = postfix

mailbox_size_limit = 102400000

mailbox_transport = mailpostfilter

mailq_path = /usr/bin/mailq.postfix

manpage_directory = /usr/share/man

message_size_limit = 20480000

message_strip_characters = \0

mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

mydomain = fmp.com.tw

myhostname = ms.fmp.com.tw

mynetworks = 127.0.0.0/8, [::1]/128, 172.16.0.0/12

myorigin = $mydomain

newaliases_path = /usr/bin/newaliases.postfix

queue_directory = /var/spool/postfix

readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES

recipient_delimiter = +

relay_domains = $mydestination

relayhost = [msa.hinet.net]:25

sample_directory = /usr/share/doc/postfix-2.6.6/samples

sendmail_path = /usr/sbin/sendmail.postfix

setgid_group = postdrop

smtpd_client_restrictions = sleep 5

smtpd_delay_reject = yes

smtpd_helo_required = yes

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_invalid_hostname, check_policy_service unix:/var/spool/postfix/postgrey/socket, reject_unauth_pipelining, reject_unknown_recipient_domain, reject_rbl_client zen.spamhaus.org

smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

smtpd_sasl_auth_enable = yes

smtpd_sasl_local_domain = $mydomain

smtpd_sasl_security_options = noanonymous

smtpd_sender_restrictions = permit_mynetworks, check_sender_access hash:/etc/postfix/sender_access, check_sender_access hash:/etc/postfix/access, permit_sasl_authenticated, reject_non_fqdn_sender, reject_invalid_hostname

smtpd_tls_auth_only = no

smtpd_tls_cert_file = /etc/postfix/cert.pem

smtpd_tls_key_file = /etc/postfix/key.pem

smtpd_tls_loglevel = 1

smtpd_use_tls = yes

strict_rfc821_envelopes = yes

transport_maps = hash:/etc/postfix/transport

unknown_local_recipient_reject_code = 550

virtual_alias_maps = $alias_maps, $virtual_maps, ldap:/etc/postfix/imap-aliases.cf, ldap:/etc/postfix/imap-groups.cf

Please advice Is there anything I and do. because I can not suggest gov. to fix it.

Regards,
Charlie

Dear Nick,
Thanks to your quickly response.

I have add smtpd_relay_restrictions.

I have comment smtpd_helo_restrictions =..., #smtpd_sender_restrictions = ... and smtpd_recipient_restrictions = ... as you suggestion,
why they added is for blocking spam mail use my email server to send junk email.

Can you advice the minimum "restrictions" should or must I config in main.cf

Thank you very much.
Charlie

As a new user, your first couple of posts get moderated, so I've deleted your repeat post.

The best solution is to contact the sysadmin of the sending server and inform him that is server is misconfigured.

I see that you have changed a lot of you main.cf as it normally does not have any helo restrictions and much more limited sender restrictions and more recipient restrictions. I trust you understand the changes you've done! Most of the sender restrictions you have I would have expected in recipient restrictions.

Check /etc/postfix/access for the format of the helo whitelist and remember to do a "postconf /etc/postfix/helo_access" each time you edit it.

Your smtpd_sender_restrictions are a mess as they duplicate (same goes for your helo restrictions) and be very careful where reject_unauth_destination ends up in the list so you don't set up an inadvertent relay. See this Postfix link. You may do better to add some smtpd_relay_restrictions. I use:

smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination