Postfix/Dovecot TLS won't work

Below are the details from your CheckTLS TestSender test
from <lukas@saale-media.de> via [188.68.32.132]
run on 2016-07-30 20:23:06 EDT.
Original email Subject: h2mxmv4qhmmqj

Your email was sent, however it was NOT SENT SECURELY using TLS.

A transcript of the eMail SMTP session is below:
--> this would be a line from your email system to our test
<-- and this would be a line to your email system from our test

If TLS was negotiated, a line is added:
====tls negotiation successful (cypher: cyphername, client cert: certinfo)

Everything after that line is secure (encrypted), as indicated by:
~~> commands from your system then have wiggly lines
<~~ and responses from our system do too

Any errors that the test noticed are noted in the log by asterisk boxes:
***************************************
*** ********** Error Note ********* ***
*** ***
*** The error message would be here ***
*** ***
***************************************
***************************************

___TRANSCRIPT BEGINS ON THE NEXT LINE___
<-- 220 ts4.checktls.com CheckTLS TestSender Sat, 30 Jul 2016 20:23:05 -0400
--> EHLO sv1.saale-media.de
<-- 250-ts4.checktls.com Hello [188.68.32.132], pleased to meet you
<-- 250-ENHANCEDSTATUSCODES
<-- 250-8BITMIME
<-- 250-STARTTLS
<-- 250 HELP
--> MAIL FROM:<lukas@saale-media.de>
<-- 250 Ok - mail from lukas@saale-media.de
--> RCPT TO:<test@testsender.checktls.com>
<-- 250 Ok - recipient test@testsender.checktls.com
--> DATA
<-- 354 Send data. End with CRLF.CRLF
--> Received: from rainloop.saale-media.de (sv1.saale-media.de [188.68.32.132])
--> (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
--> (No client certificate requested)
--> (Authenticated sender: lukas@saale-media.de)
--> by sv1.saale-media.de (Postfix) with ESMTPSA id E3029601AB5
--> for <test@testsender.checktls.com>; Sun, 31 Jul 2016 02:23:04 +0200 (CEST)
--> Mime-Version: 1.0
--> Date: Sun, 31 Jul 2016 00:23:04 +0000
--> Content-Type: multipart/alternative;
--> boundary="--=_RainLoop_829_411984253.1469924584"
--> Message-ID: <85e7240b4653d28861d05ca023e5c8d0@rainloop.saale-media.de>
--> X-Mailer: RainLoop/1.10.2.145
--> From: lukas@saale-media.de
--> Subject: h2mxmv4qhmmqj
--> To: test@testsender.checktls.com
-->
-->
--> ----=_RainLoop_829_411984253.1469924584
--> Content-Type: text/plain; charset="utf-8"
--> Content-Transfer-Encoding: quoted-printable
-->
--> test
-->
--> ----=_RainLoop_829_411984253.1469924584
--> Content-Type: text/html; charset="utf-8"
--> Content-Transfer-Encoding: quoted-printable
-->
--> <!DOCTYPE html><html><head><meta http-equiv=3D"Content-Type" content=3D"t=
--> ext/html; charset=3Dutf-8" /></head><body><html><body><div><div data-html=
--> -editor-font-wrapper=3D"true" style=3D"font-family: arial, sans-serif; fo=
--> nt-size: 13px;">test</div></div></body></html></body></html>
-->
--> ----=_RainLoop_829_411984253.1469924584--
--> .
<-- 250 Ok
--> QUIT
<-- 221 ts4.checktls.com closing connection
SPF results: code="pass", local="saale-media.de: 188.68.32.132 is authorized to use 'lukas@saale-media.de' in 'mfrom' identity (mechanism 'mx' matched)"
DKIM verify: "none"