Comment # 1 on bug 1137181 from Per Jessen

(In reply to Martin Klein from comment #0)
> Looks like there is a bug in SuSE's implementation of postfix tls
> certificate handling.
> 
> smtp_tls_CAfile = Deutsche_Telekom_Root_CA_2.pem
> smtp_tls_CApath = /var/lib/ca-certificates/openssl
> 
> or any other combination of CApath and CAfile does not work.
> The certificate (the pem-file) cannot be found.
> 
> Simply do
> 
> 
> smtp_tls_CAfile =
> /var/lib/ca-certificates/openssl/Deutsche_Telekom_Root_CA_2.pem
> smtp_tls_CApath = /var/lib/ca-certificates/openssl
> 
> and all is well. :-)

Normally you use one or the other - CAfile or CApath.  CApath is not used as a
search path for CAfile. 
See http://www.postfix.org/postconf.5.html#smtpd_tls_CApath

What ought to work is this:

smtp_tls_CApath = /var/lib/ca-certificates/openssl

provided you have created the hashes.