We have a ZCS server (7.1.x) running *outside* of our firewall/NAT. It has two NICs - one connected to the WAN and one connected to the LAN.

We'd like our internal (LAN) clients to connect using the lan-facing NIC/address.
I created a DNS record in the internal view (BIND) to handle this accordingly and clients were resolving the correct address, etc. I've read through the Split DNS article, though I'd prefer to just use our existing DNS server. The mail server is looking at the same DNS server.

Unfortunately, when this was configured, our LAN clients could not send mail to other domains.

mail.info.2.gz:Aug 30 10:58:31 email postfix/smtpd[25331]: NOQUEUE: reject: RCPT from firewall.wandomain.net[24.111.x.xx]: 504 5.5.2 <someone@hotmail>: Recipient address rejected: need fully-qua
lified address; from=<localuser@ourdomain.net> to=<someone@hotmail> proto=ESMTP helo=<lancomputer.ourlan.localnet>
I can see why it's failing, but don't know exactly what to tweak without creating an open relay. I'd prefer not to even have an open relay for our local network. We do require authentication for SMTP.

Our trusted networks looks like:
Code: 24.111.x.xx/28 72.14.xxx.xx/32
And the option to do DNS lookups is checked.

Our internal LAN is

Any nudge in the right direction is much appreciated.