Flurdy: great tutorial! This is the most complete tutorial I've seen out there - thank you so much for putting the time and effort into this.

My issue has to do with getting bounced emails when using a relayhost. I've added this wrinkle to the Postfix config to circumvent the SPAM suppression my ISP (& which most good ones do) on port 25. Unfortunately, one side-effect of my attempt is that my configuration is auto-forwarding any incoming emails to my forwarding service. What am I doing wrong?

Here's the mail log output:
Code:
May 11 16:39:00 mail postfix/smtpd[25335]: connect from n54.bullet.mail.sp1.yahoo.com[98.136.44.32]
May 11 16:39:01 mail postfix/smtpd[25335]: 0E33218880A: client=n54.bullet.mail.sp1.yahoo.com[98.136.44.32]
May 11 16:39:01 mail postfix/cleanup[25330]: 0E33218880A: message-id=<783351.26703.qm@web45303.mail.sp1.yahoo.com>
May 11 16:39:01 mail postfix/qmgr[25118]: 0E33218880A: from=<user@yahoo.com>, size=2613, nrcpt=1 (queue active)
May 11 16:39:01 mail amavis[2631]: (02631-19) ESMTP::10024 /var/lib/amavis/tmp/amavis-20090506T093443-02631: <user@yahoo.com> -> <testuser@example.c> SIZE=2613 Received: from mail.example.com ([127.0.0.1]) by localhost (mail.example.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <testuser@example.c>; Mon, 11 May 2009 16:39:01 -0700 (PDT)
May 11 16:39:01 mail postfix/smtpd[25335]: disconnect from n54.bullet.mail.sp1.yahoo.com[98.136.44.32]
May 11 16:39:01 mail amavis[2631]: (02631-19) smtp connection cache, dt: 154.9, state: 0
May 11 16:39:01 mail amavis[2631]: (02631-19) dkim: VALID Author+Sender+MailFrom signature by i=@yahoo.com, From: <user@yahoo.com>, a=rsa-sha256, c=relaxed/relaxed, s=s1024, d=yahoo.com
May 11 16:39:01 mail amavis[2631]: (02631-19) dkim: VALID Author+Sender+MailFrom signature by i=user@yahoo.com, From: <user@yahoo.com>, a=rsa-sha1, c=nofws, s=s1024, d=yahoo.com
May 11 16:39:01 mail amavis[2631]: (02631-19) Checking: UNH1HEO39P8B [98.136.44.32] <user@yahoo.com> -> <testuser@example.c>
May 11 16:39:01 mail amavis[2631]: (02631-19) p003 1 Content-Type: multipart/alternative
May 11 16:39:01 mail amavis[2631]: (02631-19) p001 1/1 Content-Type: text/plain, size: 9 B, name: 
May 11 16:39:01 mail amavis[2631]: (02631-19) p002 1/2 Content-Type: text/html, size: 127 B, name: 
May 11 16:39:01 mail postfix/smtpd[25332]: connect from localhost[127.0.0.1]
May 11 16:39:01 mail postfix/smtpd[25332]: 5770B188810: client=localhost[127.0.0.1]
May 11 16:39:01 mail postfix/cleanup[25330]: 5770B188810: message-id=<783351.26703.qm@web45303.mail.sp1.yahoo.com>
May 11 16:39:01 mail postfix/qmgr[25118]: 5770B188810: from=<user@yahoo.com>, size=3239, nrcpt=1 (queue active)
May 11 16:39:01 mail postfix/smtpd[25332]: disconnect from localhost[127.0.0.1]
May 11 16:39:01 mail amavis[2631]: (02631-19) FWD via SMTP: <user@yahoo.com> -> <testuser@example.c>,BODY=7BIT 250 2.0.0 Ok, id=02631-19, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 5770B188810
May 11 16:39:01 mail amavis[2631]: (02631-19) Passed CLEAN, [98.136.44.32] [64.9.232.205] <user@yahoo.com> -> <testuser@example.c>, Message-ID: <783351.26703.qm@web45303.mail.sp1.yahoo.com>, mail_id: UNH1HEO39P8B, Hits: -, size: 2610, queued_as: 5770B188810, dkim_id=@yahoo.com,user@yahoo.com, 340 ms
May 11 16:39:01 mail postfix/smtp[25331]: 0E33218880A: to=<testuser@example.c>, orig_to=<testuser@example.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.79, delays=0.43/0/0.01/0.35, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=02631-19, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 5770B188810)
May 11 16:39:01 mail postfix/qmgr[25118]: 0E33218880A: removed
May 11 16:39:01 mail amavis[2631]: (02631-19) TIMING [total 358 ms] - SMTP greeting: 3 (1%)1, SMTP EHLO: 2 (0%)1, SMTP pre-MAIL: 2 (1%)2, SMTP pre-DATA-flush: 4 (1%)3, SMTP DATA: 33 (9%)13, check_init: 2 (1%)13, digest_hdr: 62 (17%)30, digest_body_dkim: 4 (1%)32, gen_mail_id: 9 (3%)34, mime_decode: 33 (9%)43, get-file-type2: 21 (6%)49, parts_decode: 0 (0%)49, check_header: 5 (1%)51, update_cache: 3 (1%)52, decide_mail_destiny: 1 (0%)52, fwd-connect: 50 (14%)66, fwd-mail-pip: 6 (2%)67, fwd-rcpt-pip: 1 (0%)68, fwd-data-chkpnt: 0 (0%)68, write-header: 3 (1%)69, fwd-data-contents: 0 (0%)69, fwd-end-chkpnt: 41 (11%)80, prepare-dsn: 7 (2%)82, main_log_entry: 51 (14%)96, update_snmp: 5 (1%)98, SMTP pre-response: 1 (0%)98, SMTP response: 2 (0%)98, unlink-2-files: 1 (0%)99, rundown: 5 (1%)100
May 11 16:39:01 mail CRON[25337]: pam_unix(cron:session): session opened for user root by (uid=0)
May 11 16:39:01 mail dbus-daemon: Rejected send message, 1 matched rules; type="method_call", sender=":1.43" (uid=1000 pid=4498 comm="/usr/lib/indicator-applet/indicator-applet --oaf-a") interface="org.freedesktop.DBus.Properties" member="Get" error name="(unset)" requested_reply=0 destination=":1.760" (uid=0 pid=25337 comm="/USR/SBIN/CRON "))
May 11 16:39:01 mail /USR/SBIN/CRON[25344]: (root) CMD (  [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -n 200 -r -0 rm)
May 11 16:39:01 mail CRON[25337]: pam_unix(cron:session): session closed for user root
May 11 16:39:02 mail postfix/smtp[25333]: 5770B188810: to=<testuser@example.c>, relay=outbound.mailhop.org[204.13.248.71]:2525, delay=0.88, delays=0.04/0/0.73/0.11, dsn=5.0.0, status=bounced (host outbound.mailhop.org[204.13.248.71] said: 550 testuser@example.c failed recipient verification (in reply to RCPT TO command))
May 11 16:39:02 mail postfix/cleanup[25330]: 502DE188811: message-id=<20090511233902.502DE188811@mail.example.com>
May 11 16:39:02 mail postfix/qmgr[25118]: 502DE188811: from=<>, size=5292, nrcpt=1 (queue active)
May 11 16:39:02 mail postfix/bounce[25334]: 5770B188810: sender non-delivery notification: 502DE188811
May 11 16:39:02 mail postfix/qmgr[25118]: 5770B188810: removed
May 11 16:39:03 mail postfix/smtp[25333]: 502DE188811: to=<user@yahoo.com>, relay=outbound.mailhop.org[204.13.248.71]:2525, delay=1.1, delays=0.01/0/0.7/0.41, dsn=2.0.0, status=sent (250 OK id=1M3f5L-0000uK-2h)
May 11 16:39:03 mail postfix/qmgr[25118]: 502DE188811: removed
Next the result of postconf -n:

Code:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_at_myorigin = no
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
content_filter = amavis:[127.0.0.1]:10024
delay_warning_time = 4h
disable_vrfy_command = yes
inet_interfaces = all
local_recipient_maps = 
mailbox_size_limit = 0
masquerade_domains = example.com
masquerade_exceptions = root
maximal_backoff_time = 8000s
maximal_queue_lifetime = 3d
minimal_backoff_time = 1000s
mydestination = 
mydomain = example.com
myhostname = mail.example.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mynetworks_style = host
myorigin = $mydomain
readme_directory = no
recipient_delimiter = +
relayhost = outbound.mailhop.org:2525
smtp_helo_timeout = 60s
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_password
smtp_sasl_security_options = 
smtp_tls_CAfile = /etc/ssl/certs/Equifax_Secure_CA.pem
smtp_tls_note_starttls_offer = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsblnjabl.org
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_hard_error_limit = 12
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
smtpd_recipient_limit = 16
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, permit
smtpd_sender_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit
smtpd_soft_error_limit = 3
smtpd_tls_cert_file = /etc/postfix/postfix.cert
smtpd_tls_key_file = /etc/postfix/postfix.key
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 450
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
virtual_gid_maps = mysql:/etc/postfix/mysql_gid.cf
virtual_mailbox_base = /var/spool/mail/virtual
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
virtual_uid_maps = mysql:/etc/postfix/mysql_uid.cf
A few notes about my configuration/environment. I am using a home router w/ my own domain name (example.com). The mail server (mail.example.com) is running on Ubuntu 9.04 behind the home router. The router is set up to forward all of the relevant ports to the Ubuntu server. (Port 25 for SMTP and 143 for IMAP)

Also, I've checked my router and DNS records against the documentation, and I think I've got the MX records set up properly. (not totally confident there...) I've tested the setup externally, using mxtools. (http://www.mxtoolbox.com/ a very helpful tool!) Everything there checks out, except its attempt to telnet into mail.example.com. Here's the result:

Code:
May 11 16:24:17 mail postfix/smtpd[25121]: connect from mxtb-pws1.mxtoolbox.com[64.20.227.131]
May 11 16:24:18 mail postfix/smtpd[25121]: NOQUEUE: reject: RCPT from mxtb-pws1.mxtoolbox.com[64.20.227.131]: 554 5.7.1 <test@mxtoolbox.com>: Relay access denied; from=<test@mxtoolbox.com> to=<test@mxtoolbox.com> proto=SMTP helo=<please-read-policy.mxtoolbox.com>
May 11 16:24:18 mail postfix/smtpd[25121]: disconnect from mxtb-pws1.mxtoolbox.com[64.20.227.131]
Not sure if this has anything to do w/ my issue, but maybe it will provide some clues...

Thanks for the help, in advance.

Cheers!