Comment 2 for bug 118963

I'd suggest that this should probably be addressed in Ubuntu documentation. Checking the valididty of certificates for TLS is not a standard practice and so in the corner case of someone wanting to do that, addressing it in documentation would be largely sufficient I would think. Postfix is always going to take a certain amount of manual configuration for special cases.