When setting up authenticated SMTP service, be sure your IMAP server is accessible. The reason for this is Postfix will check the username using SASLauth daemon. And SASLauth damon uses “rimap” method for checking the username. Rimap is “remote IMAP”, and it tries to log into the configured IMAP service, which by default is defined as ‘localhost’.

So, the usual path is: you don’t want the IMAP service exposed, as it is potential breach in the security and you disable it. The SASLauthd is unable to log into the IMAP server and fails to verify the username and password. Postfix will reject the e-mail, as the senders credentials are invalid, as verified by SASLauthd. And what you get in the logs is

postfix/smtpd[…]: warning: unknown[….]: SASL LOGIN authentication failed: authentication failure

So, make sure your IMAP service is available for the ‘localhost’ interface.