After installing the most recent courier on a Debian Sarge clients trying STARTTLS were rejected with with this message:
courieresmtpd: courieresmtpd: STARTTLS failed: Unexpected SSL connection shutdown.
This is not a rejection message. This is a diagnostic message, which is reported if the client disconnects instead of completing the TLS handshake.
The TLS handshake began, but at some point the client gave up and disconnect. But the reason for disconnecting lies with the client.
Finally the problem was solved by downgrading to SSLv2 on the server and now works this way.
The client is probably Eudora. Eudora has a known broken STARTTLS implementation.
pgp00000.pgp
Description: PGP signature
