*) Does comment out "smtp_tls_security_level = may" solve this issue?
Yes, this seems to fix it, but I presume this is just disabling all TLS security so all emails are sent plain text even when TLS/SSL is available. I presume we would want to avoid this. Do you think there is another solution?
You can check what 'smtp_tls_security_level = may' means first: http://www.postfix.org/postconf.5.html# … rity_level
Opportunistic TLS. Use TLS if this is supported by the remote SMTP server, otherwise use plaintext.
If commenting out this parameter solves your issue, you can keep it.
*) Do you use self-signed SSL certificate or a purchased one?
It is self signed - "out of the box as created by your installer". Could this cause an issue? Should I use a purchased one? I did plan to upgrade to a paid certificate at some point and I have no issues doing so.
Not sure whether a paid certificate work with Postfix parameter 'smtp_tls_security_level = may' or not, but if you do plan to buy one, it worths a try, so that you get better security.