原因是/etc/postfix/main.cf里面没有配置smtpd_tls_CAfile。
smtpd_tls_CAfile指向https证书的ca-bundle文件，这个文件不能少。

smtpd_tls_cert_file = /xxx/purasbar.com.crt
smtpd_tls_key_file = /xxx/purasbar.com.key
smtpd_tls_CAfile = /xxx/purasbar.com.ca-bundle

缺少ca-bundle文件的话，ssl证书就会验证不通过，报下面的20和21错误。
$ echo QUIT | openssl s_client -crlf -starttls smtp -CAfile /home/oct1158/certificate/cacert-2024-03-11.pem -connect mail.purasbar.com:25
CONNECTED(00000003)
depth=0 CN = *.purasbar.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = *.purasbar.com
verify error:num=21:unable to verify the first certificate
verify return:1
depth=0 CN = *.purasbar.com
verify return:1

openssl的报错信息：
Warning: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed in /xxxx/class.smtp.php on line 281
Sending mail failed: SMTP connect() failed.

沃通SSL证书安装指南 - Postfix：
https://www.wosign.com/Support/SSLins/Postfix.htm