Package: postfix Version: 3.3.2-1 Hi,
It seems that by default smtp_tls_CApath is not set, which means by default postfix can't check that certificates are valid. Please set the default to /etc/certs/ssl, and add a Depends or Recommends on ca-certificates. Kurt