Bingo. Thanks so much. I was following the instructions here: http://qmailrocks.org/qmail.htm which, otherwise, are excellent.
> Duh, I forgot that clientcert.pem is used by *qmail-remote*, not qmail-smtpd. qmail-remote can't make a TLS connection to a remote server that support STARTTLS because it can't read its client certificate. Try this (after re-creating your deleted certs): chown vpopmail:qmail /var/qmail/control/servercert.pem. This way, qmail-remote can read it too. This is exactly what my toaster patch set does at the end of "make cert". Regards, Bill
<<application/ms-tnef>>
