Relay access denied for aliases

I have an address alias that forwards to several other addresses on inbound. I want those addresses to also be able to send as that address. In the alias definition I see the two alternatives for allowing that “Any mail user listed in the Fowards To box can send mail claiming to be from the alias address.” and “I’ll enter the mail users that can send mail claiming to be from the alias address.” I’ve tried both options, entering the same addresses in both boxes, but I still get “relay access denied” errors:

Nov 16 16:45:08 mail postfix/submission/smtpd[28395]: NOQUEUE: reject:
RCPT from box01.example.com[10.0.0.1]:
554 5.7.1 <accounts@example.net>: Relay access denied;
from=<support@example.com> to=<accounts@example.net> proto=ESMTP helo=<box01.example.com>

This message is sent by connecting as one of the forwarding addresses (which is a real account), and then sending as the support@ alias.

I could work around this by creating a real support@ account, but I can’t do that and have it forward to other addresses on inbound.

I have now added an extra source IP of the sending server to my_networks in main.cf, but I don’t know if that’s solved it, or whether that’s an appropriate approach - I don’t want to whitelist a whole IP as a workaround for ineffective auth.

Why isn’t this working? How should this be configured?

Why not?

For mail relaying to work properly I do believe that you will need an account on the box that matches the account that you are sending with.

This one could be of help.