[1] http://www.postfix.org/TLS_README.html#client_tls_may
With opportunistic TLS, mail delivery continues even if
the server certificate is untrusted or bears the wrong
name. When the TLS handshake fails for an opportunistic
TLS session, rather than give up on mail delivery, the
Postfix SMTP client retries the transaction with TLS
disabled. Trying an unencrypted connection makes it possible
to deliver mail to sites with non-interoperable server TLS
implementations.
The implementation and documentation of this was joint work with
Wietse back in early 2006. These days, when STARTTLS fails, Postfix
tries other MX hosts first and if they all fail, defers the mail
initially. Cleartext fallback kicks in on the second delivery
attempt if STARTTLS fails again.
Actually, I consider this approach as unacceptable unless the second delivery
attempt occurs within a minute or two. (Which, incidentally, is a much shorter
retry period after deferral than the standards recommend.)
Ned