Dovecot 2.3-rc1 SMTP submission proxy always gives TLS required error even when already using TLS

Mon Dec 18 22:44:22 EET 2017

First of all, I apologize for my accidental empty message earlier.

I just set up the SMTP submission proxy in Dovecot 2.3, but whenever I 
try to connect to it, it always returns "530 5.7.0 TLS required." for 
any sort of AUTH or MAIL command.  This occurs even if TLS is being 
used.  It also occurs regardless of whether I connect with a real client 
(Thunderbird) or manually with openssl s_client and regardless of 
whether a loopback connection or a remote connection is used.  Here is 
the output of "dovecot -n".  Please let me know if I can provide any 
other data.  Thanks!

# 2.3.0.rc1 (12aba5948): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.0.alpha1 (f60f2785)
# OS: Linux 4.14.7-041407-generic x86_64 Ubuntu Bionic Beaver 
(development branch)
auth_mechanisms = plain login
auth_username_format = %Ln
mail_location = mdbox:~/mdbox
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date index ihave duplicate mime foreverypart 
extracttext
namespace inbox {
   inbox = yes
   location =
   mailbox Drafts {
     special_use = \Drafts
   }
   mailbox Junk {
     special_use = \Junk
   }
   mailbox Sent {
     special_use = \Sent
   }
   mailbox "Sent Messages" {
     special_use = \Sent
   }
   mailbox Trash {
     special_use = \Trash
   }
   prefix =
}
passdb {
   driver = pam
}
plugin {
   sieve = file:~/sieve;active=~/.dovecot.sieve
}
postmaster_address = michael at michaelmarley.com
protocols = imap sieve lmtp submission
service auth {
   unix_listener /var/spool/postfix/private/dovecot-auth {
     group = postfix
     mode = 0660
     user = postfix
   }
}
service imap-login {
   inet_listener imaps {
     port = 0
   }
}
service lmtp {
   process_min_avail = 5
   unix_listener /var/spool/postfix/private/dovecot-lmtp {
     group = postfix
     mode = 0600
     user = postfix
   }
}
ssl = required
ssl_cert = </etc/ssl/private/michaelmarley.com.pem
ssl_cipher_list = HIGH !RC4 !aNULL !eNULL !3DES @STRENGTH
ssl_dh =  # hidden, use -P to show it
ssl_key =  # hidden, use -P to show it
ssl_min_protocol = TLSv1.2
ssl_prefer_server_ciphers = yes
submission_relay_host = localhost
submission_relay_port = 24
submission_relay_trusted = yes
userdb {
   driver = passwd
}
protocol lmtp {
   mail_plugins = " sieve"
}
protocol lda {
   mail_plugins = " sieve"
}
local_name matthewtmarley.com {
   ssl_cert = </etc/ssl/private/matthewtmarley.com.pem
   ssl_key =  # hidden, use -P to show it
}