Getting SASL authentication to work inbound requires that the sending SMTP server have proper SASL settings -- which OS X doesn't make visible from the Server app. You have to set them on the CLI, thusly:
add the inbound user account and password to a file, say, .../etc/postfix/sasl-passwords hash the file (postmap) add to postfix main.conf (using, say, postconf -e): relayhost = [{relay host}]:587 # Enable SASL authentication in the Postfix SMTP client. smtpd_sasl_auth_enable = yes smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:.../etc/postfix/sasl_passwd smtp_sasl_security_options = smtp_sasl_mechanism_filter = AUTH LOGIN # Enable Transport Layer Security (TLS), i.e. SSL. smtp_use_tls = yes smtp_tls_security_level = encrypt tls_random_source = dev:/dev/urandom
Then be sure to add
smtp_sasl_security_options = noanonymous
on the SENDING server side.
Remember that smtp_* settings are for OUTBOUND mail. smtpd_* settings are for INBOUND mail. Duh.