Sorry for not replying to the original thread, I just subscribed. We have witnessed the same issue on one of our mailservers. Both servers are the same (postfix/debian), with the same config, both have letsencrypt certificates.
However we got customer complaints only for 1 server. Renewing the cert did not help, but trying the cert from the other server helped (of course showing warning about wrong domain) and affected clients were again able to connect using TLS. Any idea why it works with the other cert? I can provide privately postfix host/port for both working and non-working certs. Tcpdump maybe only tomorrow/Monday as I don't have direct access to any affected Windows/Outlook machine. Can I safely turn off smtpd_tls_always_issue_session_ids as mentioned earlier? It won't have any negative impact (except performance)? -- Bye, Marki
