TLS just enables encryption on the smtp session and doesn't directly affect whether or not Postfix will be allowed to relay a message.
The relaying denied message occurs because the smtpd_recipient_restrictions rules was not matched. One of those conditions must be fulfilled to allow the message to go through:
smtpd_recipient_restrictions =
permit_sasl_authenticated
check_recipient_access hash:/etc/postfix/filtered_domains
permit_mynetworks
reject_unauth_destination
To explain those rules:
permit_sasl_authenticated
permits authenticated senders through SASL. This will be necessary to authenticate users outside of your network which are normally blocked.
check_recipient_access
This will cause postfix to look in /etc/postfix/filtered_domains for rules based on the recipient address. (Judging by the file name on the file name, it is probably just blocking specific domains... Check to see if gmail.com is listed in there?)
permit_mynetworks
This will permit hosts by IP address that match IP ranges specified in $mynetworks. In the main.cf you posted, $mynetworks was set to 127.0.0.1, so it will only relay emails generated by the server itself.
Based on that configuration, your mail client will need to use SMTP Authentication before being allowed to relay messages. I'm not sure what database SASL is using. That is specified in /usr/lib/sasl2/smtpd.conf Presumably it also uses the same database as your virtual mailboxes, so you should be able enable SMTP authentication in your mail client and be all set.
This should work (not tried it, though):
Define a separate transport for the other domain and then route mail to this transport using sender_dependent_relayhost_maps
option in main.cf.
Something like this:
In 'master.cf':
smtp-other unix - - n - - smtp
-o smtp_helo_name=my.other.helo.name
In 'main.cf':
sender_dependent_relayhost_maps = hash:/etc/postfix/relay_maps
In 'relay_maps':
my.other.domain smtp-other:
And run 'postmap /etc/postfix/relay_maps'
Best Answer
no, SMTP is designed to have the entire email communication path traced in the email and each connection would terminate and relay the email, you should use transport maps (for postfix) to control the destination by email address not MTA hostname.
If you are receiving email for both domains locally then your email server should handle that, if this single IP is forwarding email to two other servers internally, then transport maps are what you are looking for in terms of a postfix server.
If this is an outbound server relay (SMTPS), you would need to handle authentication for both domains at this server as you cannot "proxy" like you do with nginx/haproxy and SNI.