Is it possible that outbound email messages secured by enforced TLS present the TLS certificate for verification? At the moment the certificate seems only to apply to incoming email.
Incoming:
2018-06-05T14:21:11.056403+01:00 <ext mail srv> sendmail[8463]: STARTTLS=client, relay=<our mail gw>, version=TLSv1.2, verify=OK, cipher=AES256-SHA256, bits=256/256
Outgoing:
[2018-06-05 13:49:40.165595 +0000] info s=<ext mail srv> mod=smtpsrv cmd=starttls tls_version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM -SHA384 cipher_bits=256 verify=NO
This thread was automatically locked due to age.