I'm adding this because I spent hours looking for a solution only to find the solution hidden away in a bug report. Hopefully, this will save someone else some time.
Seeing errors like this in your /var/log/maillog?
Feb 13 00:00:33 mail postfix/trivial-rewrite[15099]: error: dict_ldap_connect: U
nable to set STARTTLS: -11: Connect error
Feb 13 00:00:33 mail postfix/trivial-rewrite[15099]: error: dict_ldap_connect: U
nable to set STARTTLS: -11: Connect error
Feb 13 00:00:33 mail postfix/trivial-rewrite[15100]: error: dict_ldap_connect: U
nable to set STARTTLS: -11: Connect error
Although there are several issues that may cause this, the solution that worked for me was hidden away in Bugzilla Bug 23666 "STARTTLS connect error to LDAP after upgrade" in comment #6:
------- Additional Comment #6 From Quanah Gibson-Mount 2008-01-15 13:51 PST [reply] -------
User created /opt/zimbra/conf/ca/bak directory. Postfix trivial-rewrite chokes
on this additional directory existing (no idea why). Solution is to not create
anything in /opt/zimbra/conf/ca except certs and keys.
BTW - this bug is marked as RESOLVED with solution WONTFIX
