Forgive me, I may have missed something. If you’re using SERVER2 as your SMTP server, shouldn’t Postfix on SERVER1 be setup to deliver emails indirectly via SERVER2?
/etc/postfix/main.cf
# specify SMTP relay host
relayhost = [SERVER2]:587
The only other thing that occurred to me was that possibly the certificate that SERVER1 is presenting doesn’t match the host email address or whatever domain is indicated in the email’s header. Postfix has a way of handling virtual hosts that I’ve never quite understood.
I attempted to run my own email servers for a few years, but ultimately decided they were more trouble than they were worth. Postfix was easily the #1 target on my servers for hackers, it received a non-stop flood of auth requests, and Fail2Ban was largely powerless to slow them down. I considered going with a self-hosted solution that was designed specifically for email (https://mailinabox.email) but in the end I took the easier route and purchased a multi-tenant mail service from MXRoute. It only costs about $40/year for the amount of storage I need, and I can still offer my clients hosted email services with custom domains. I just set up the necessary DNS and autoconfig.xml settings in Virtualmin’s template so provisioning is still fairly automated. But from context it sounds like you may be depending on the sendmail function on SERVER1 (or some other kind of email delivery that doesn’t involve configuring application-specific SMTP settings).
Hope you get your issue resolved!