The solution to this issue is whitelisting the internal domain.

That being said this is an opportunity to dig deeper into the issue and really solve it, because there is a bigger issue with DNSBL services.

1) Logwatch emails are marked with URIBL_DBL_SPAM, and therefore classified as spam. As good measure checked server for blacklist on these sites. All came up clean:

https://mxtoolbox.com/SuperTool.aspx?action=blacklist
https://www.spamhaus.org/lookup/
https://www.dnsbl.info/dnsbl-list.php

2) Both "built in" DNSBL services are supposedly disabled in /etc/postfix/main.cf. Restarted the server for good measure after commenting out.

postscreen_dnsbl_sites =
    #zen.spamhaus.org=127.0.0.[2..11]*3
    #b.barracudacentral.org=127.0.0.2*2

3) All messages are marked with "URIBL_BLOCKED=0.001," despite DNSBL services supposedly being disabled.

It is not that wanted to disable DNSBL services, but have found Spamhaus to cut off queries almost immediately (even small servers) and the Barracuda service requires registration, so just wanted to turn off until got around to registering.

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.3.2
- Deployed with iRedMail Easy or the downloadable installer? No
- Linux/BSD distribution name and version: Debian 10
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MariaDB
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====