Has anyone had experience with configuring Postfix to allow inbound
client SMTP connections from NZ-based IP addresses that have been Policy
Block Listed (PBL'ed) by their ISP?

Spark have PBL'ed most or all of their home and small business
fibre/*DSL connection IP addresses.

2degrees have PBL'ed most/all of their cellular data IP addresses.

I'm trying to support a user to send email from their cellphone email
client.

Angus contacted me with this:

"Could let him know that the best way around ISP
port 25 blocks is to have Postfix listen on SMTP Submission port 587.
Bonus is encryption.

If he wants to strip the originating mobile IP entirely...
https://serverfault.com/questions/413533/remove-hide-client-sender-ip-from-postfix"

Cheers, Peter

My user was connecting to port 587.

But, as it turns out, she had claimed to have entered the auth password, but in fact, did not. That's why permit_sasl_authenticated wasn't taking effect, leaving Postfix to consult the RBLs.

A series of screenshots and patient narrative later, and she's sending/receiving just fine.

D