TLS just enables encryption on the smtp session and doesn't directly affect whether or not Postfix will be allowed to relay a message.
The relaying denied message occurs because the smtpd_recipient_restrictions rules was not matched. One of those conditions must be fulfilled to allow the message to go through:
smtpd_recipient_restrictions =
permit_sasl_authenticated
check_recipient_access hash:/etc/postfix/filtered_domains
permit_mynetworks
reject_unauth_destination
To explain those rules:
permit_sasl_authenticated
permits authenticated senders through SASL. This will be necessary to authenticate users outside of your network which are normally blocked.
check_recipient_access
This will cause postfix to look in /etc/postfix/filtered_domains for rules based on the recipient address. (Judging by the file name on the file name, it is probably just blocking specific domains... Check to see if gmail.com is listed in there?)
permit_mynetworks
This will permit hosts by IP address that match IP ranges specified in $mynetworks. In the main.cf you posted, $mynetworks was set to 127.0.0.1, so it will only relay emails generated by the server itself.
Based on that configuration, your mail client will need to use SMTP Authentication before being allowed to relay messages. I'm not sure what database SASL is using. That is specified in /usr/lib/sasl2/smtpd.conf Presumably it also uses the same database as your virtual mailboxes, so you should be able enable SMTP authentication in your mail client and be all set.
Use the built-in SMTP server, you can't get lighter than that, especially if IIS is already running. I'm not sure what you mean by sufficient - as you say, your requirements are minimal.
You don't need to accept mail from anything other than the local machine. Be careful that your web pages can't be used to relay mail, but that issue is independent of your choice of SMTP server.
As for badmail, retries etc, anyone else got some configuration ideas? I would try to minimize the number of retries, and either send badmail to NULL somehow, or schedule a script to clean out the directory periodically.
Best Answer
You might have to wait until the process flushes its log buffer and writes to the log file. I know for the HTTP service you can manually flush the buffer and force it to write to file using this:
I'm looking around for something equivalent to that for the SMTP service.
EDIT:
Or, take a look at this from Steve Schofield's blog: