This is another of the “this is to help me remember what I did to cure this problem” type posts.
Having recently updated the mail server an old issue resurfaced that caused one of my users to be unable to send mail correctly. We use SMTP AUTH to authenticate users and only allow relaying for authenticated users. It’s not an unusual configuration but as postfix is installed by Ubuntu it has this line in the main.cf config file
smtpd_tls_auth_only = yes
With this line only connections that are encrypted will offer the AUTH command. While this is great for security it means that users who ignore my advice to use encrypted connections are unable to relay mails.
I’ve commented out the line in main.cf allowing the default value of ‘no’ to be used which has allowed all users to send correctly. Of course, warnings have also been given to the affected users along with a reiteration of the advice to use an encrypted connection 
We have required all our users to use encrypted connections to our mail servers for years now. Protects them (and us) from wireless sniffers and similar attacks.
I’d love to require people to use secure connections, but whenever I’ve tried to enforce it I get too much blow back from some of the people who use the service. They are adults and so once informed of the risks, I let them make their own minds up