Please see:
http://seclists.org/oss-sec/2017/q2/145
## Summary
LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if
SSL_get_verify_result is relied upon for a later check of a
verification result, in a use case where a user-provided verification
callback returns 1, as demonstrated by acceptance of invalid
certificates by nginx.
This also affects Postfix, and will make all connections appear to be
"Trusted" or "Verified" even when certificate verification actually
failed.
Postfix is only supported with OpenSSL and not LibreSSL. If, nevertheless
you are using LibreSSL with Postfix, consider switching back to OpenSSL, or,
if that's not possible, upgrade to a later version of LibreSSL.
--
Viktor.
