> hello Ken. It may be that the RFC says the client need not >present a valid certificate, but I have found that smtp clients I >manage that want to send mail to Microsoft managed domains cannot set >up an SSL encrypted smtp session unless the client presents a valid >certificate as part of the key negotiation process.
But wait, that's not exactly what I meant. I could see that Microsoft would reject a random self-signed certificate presented by a client, but I was saying that I don't believe they require ANY certificate at all. As in, "don't configure your SMTP server to send a client certificate"; You didn't say that you tried that. --Ken