Assuming you are trying to set up SASL authentication for the SMTP server (rather than the SMTP client):
Set the following Postfix parameters in main.cf:
smtpd_sasl_security_options = noanonymous
smtpd_tls_auth_only = yes
"smtpd_sasl_security_options = noanonymous" should be the default, so you may not need to set it. This will allow plain-text SASL mechanisms (PLAIN, LOGIN).
"smtpd_tls_auth_only = yes" forces users authenticating to do so over a TLS encrypted connection. This way their plain-text passwords will be sent encrypted.
This is a perfectly acceptable method as long as your database backend is secure. If nobody can access the stored passwords, then storing them in plain text is not a problem. If you don't currently use TLS for your Postfix SMTP client and server, read the TLS_README
file for more information. There really is no reason not
to use TLS on a mail server, especially when self-signed or private CA signed certs are widely accepted for SMTP.
If for whatever reason you don't like the idea of storing your passwords in plain text in your MySQL database, then have a look at using Dovecot as the SASL backend for Postfix. Dovecot can be configured with "default_pass_scheme = MD5-CRYPT" to store a hash of the passwords in the database, and still work with the PLAIN SASL mechanism. You will still want to use TLS for authenticated sessions, as clients will otherwise send their passwords in the clear. One limitation of using Dovecot for SASL is that it is not supported in the Postfix SMTP client, which is needed if your mail server needs to authenticate with another server for relay purposes (i.e., a smart host).