Comment 1 for bug 1940603

With postfix using "smtpd_sasl_type = dovecot", you shouldn't need sasl2-bin.

I think your test with telnet on port 25 will not work because you have "smtpd_sasl_security_options = noanonymous,noplaintext" which disables "plaintext" type of auth and both LOGIN and PLAIN are in the clear.

It's generally advised to enable SASL/authenticated relaying only on TCP/465 and/or TCP/587 where you can (and should) require TLS encryption. Once you use one of those port with mandatory encryption, you can set "smtpd_sasl_tls_security_options = noanonymous" (note the "tls" in the name).

For more information, please refer to those:

https://doc.dovecot.org/configuration_manual/howto/postfix_and_dovecot_sasl/
http://www.postfix.org/SASL_README.html#smtpd_sasl_security_options

HTH,
Simon