Followed that thread through which ended up here. However, in those instructions, the following command failed on my system:
Regardless, I restarted zimbra and now get:
root@node:~# cp /opt/zimbra/ssl/ssl/server/tomcat.pem /opt/zimbra/conf/smtpd.crt
cp: cannot stat `/opt/zimbra/ssl/ssl/server/tomcat.pem': No such file or directory
...which I expected. So I redployed the mta certificate as per the original wiki article and now am back to the original error. Strangley the "starttls" command returns a 220:
Nov 20 14:38:52 node postfix/smtpd: warning: cannot get private key from file /opt/zimbra/conf/smtpd.key
Nov 20 14:38:52 node postfix/smtpd: warning: TLS library problem: 20409:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:399:
Nov 20 14:38:52 node postfix/smtpd: cannot load RSA certificate and key data
I've googled this up the whazoo for 48 hours now, and still can't find any answers.
$ telnet localhost 25
Connected to localhost.
Escape character is '^]'.
220 node.gray.net.au ESMTP Postfix
220 Ready to start TLS