Using LDAP backend. I am getting really close to deployment, but run into an issue that I am sure is easy to fix, but I am stumped. Here is what what I did, and why:

- Remove permit_sasl_authenticated from smtpd_recipient_restrictions in /etc/postfix/main.cf
    I want smtp only being used for external mail delivery
- Add "-o smtpd_tls_security_level=encrypt" to smtps in /etc/postfix/master.cf
    Enforce encryption and authentication on smtps port

Everything works as expected with my primary domain.

Then, I added a second domain:
    - Add domain and a domain user using iRedAdmin
    - Added domain to @local_domains_maps in /etc/amavis/50-user
    - Generated a dkim key
    - Added dkim key to /etc/amavis/50-user
    - Restarted amavis
    - Updated MX, SPF and DMIM records in DNS server

Now, server receives email for new domain, and I can login to roundcube using new domain user, and send email.
However when I try to send an email using thunderbird, I get:

"An error occurred while sending mail. The mail server responded: 5.7.1. <dest email address>: Relay access denied. Please check the message recipients and try again."

I am using SSL plus authentication, so it should let me relay? When I use a user from my primary domain for authentication it works flawlessly. What am I missing? Has to be something simple...