Email messages to domains configured for TLS delivery are queued or delivered without encryption
2010 Jun 9 13:11:08 MDT (info) ecelerity:  Subject Common Name does not match host name
2010 Jun 9 13:11:08 MDT (info) ecelerity:  DNS Subject Alternative Name does not match host name
2010 Jun 9 13:11:08 MDT (notice) ecelerity:  ec_ssl_ctx 0x952d8f08 tls_verify_validca failed
The Brightmail Gateway MTA is failing to verify some otherwise valid TLS certificates. In some configurations this will cause negotiation of the transport layer security to fail.
This issue has been addressed with the Brightmail Gateway 9.0.2 release.
For earlier versions, as a workaround, TLS delivery can be configured to ignore failures in certificate validation.
The mta will attempt to validate the certificate but ignore failures and continue to negotiate an encrypted connection.