For all those that face a similar issue: it was resolved after demoting Open Directory server to standalone, promoting it back to master, reimporting all users and reentering all passwords - a major pain in the butt, but nothing else would fix it.
About a month later, I thought I had the same issue, but luckily this time it came good after a few hours. I think a postfix reload may have contributed towards getting it successfully rejecting this time:
sudo postfix reload
I'm trying to understand how the Apple Open Directory <> Postfix setup works so that I have a thorough understanding when next faced with this issue.
I believe the relevant line in /etc/postfix/main.cf / postconf -n is:
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
I'm not sure what the proxy:unix:password.byname part means, but $alias_maps is defined below:
alias_maps = hash:/etc/aliases,hash:/var/mailman/data/aliases
/etc/aliases has all the postmaster, abuse, etc. entries - none of the actual users' accounts.
/var/mailman/data/aliases has all the entries for the mailing lists - none of the actual users' accounts.
This leaves me with either:
local_recipient_maps not being the correct setting
The part I don't understand: proxy:unix:passwd.byname being the list of actual mail users
Does anyone know the answer?