Ok, well, let's reason for a minute.
According to your main.cf, master.cf, and sasl/smtpd.conf, you are sending email to remote hosts requiring SASL authentication, sending that authentication via plain text (non-encrypted) on port 587 (submission) ... and that is working. If you were sending using encryption, you'd be using port 465 and have some more parameters set up. If you are able to successfully send an email, I'd say SASL is working, and getting the correct username and password out of MySQL. Agree?
Now ... receiving. If you can log in to read your mail, you are authenticating, correct?
I don't think there is any authentication involved in the mail transport agent (MTA) receiving mail from a remote host. I don't think there is any authentication involved either in delivering that mail to a mailbox. So, even though it may seem like authentication is involved ... to me, it doesn't seem so. Agree/disagree with my logic?