I've just tried another test here and seen what looks like a problem. If I point spam to an openssl test connection it fails in the following way.
root@myserver:~# openssl s_server -accept 989 -cert /etc/ssl/certs/myserver_ldap_cert.pem -key /etc/ssl/private/myserver_ldap_key.pem Using default temp DH parameters Using default temp ECDH parameters ACCEPT ERROR 7447:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:578: shutting down SSL CONNECTION CLOSED ACCEPT This looks like DSPAM doesn't speak the right protocol, no?