https://etbe.coker.com.au/2015/10/17/mail-server-training/

Looks like a good resource. The one I worked from had MySQL backed accounts and postadmin set up (+ a bunch of anti spam / anti virus stuff)


It looks like you have missed out a SASL authentication mechanism.  I 
recommend using Dovecot as it's MUCH easier than getting Postfix to use MySQL 
directly.  But following the above blog post is the easiest thing to do.  I 
read my own blog posts when I have to do these things.  ;)

This:

  1. Edit /etc/postfix/master.cf, uncomment the line for the submission service, and restart Postfix. This makes Postfix listen on port 587 which is allowed through most firewalls.


It looks like that all along I had not set up 587 on the VM. Thank you for helping me circle back to the obvious!

The only thing left to do is set up vacation emails - any suggestions? Preferably with a way for users to manage them themselves (bearing in mind the Dovecot / SASL / MySQL thingo)


Cheers
Piers