Good news: the alias is working! The error has changed, which means the first issue is resolved.
Now, the new error is different:
553 5.7.1 <surfing@tommi.space>: Sender address rejected: not logged in
This happens because tommi.space is also a domain on your YunoHost server. When Proton Mail delivers an email from surfing@tommi.space to your server, Postfix sees the sender address belongs to a local domain but the connection is not authenticated — so it rejects it as a potential impersonation attempt.
This is caused by the reject_sender_login_mismatch directive in Postfix’s configuration.
You have two options:
-
Quick test: try sending your test email from an address that is not on a domain hosted by your YunoHost (e.g. a Gmail address
). That should go through fine and confirm the alias works. -
Permanent fix: if you actually need to receive emails sent from
@tommi.spacevia Proton Mail, you can comment outreject_sender_login_mismatchin/etc/postfix/main.cfand reload Postfix (systemctl reload postfix). SPF, DKIM and DMARC already protect against sender spoofing, so the security impact is minimal. Note that YunoHost may restore this line onregen-conf postfix, so keep that in mind.
This exact issue was discussed and solved here: Question Postfix -- 553 5.7.1 ... : Sender address rejected: not logged in