Encryption (TLS/SSL)

I am trying to set up an Exim server that uses a self-signed certificate to enable my clients to use TLS. However, clients other than Exim refuse to accept this certificate. What's wrong?

How can I arrange for Exim to advertise support for SMTP authentication only when the session is encrypted?

I have some legacy clients that don't use STARTTLS, but which expect to negotiate a TLS session automatically on connection to the ssmtp port (465). Can Exim handle this?

When my Outlook Express 6.0 client sends a STARTTLS command to begin a TLS session, Exim doesn't seem to receive it.

I have listed some hosts in tls_try_verify_hosts, but when they connect, no data appears in $tls_peerdn.

I have listed some hosts in tls_verify_hosts and provided them with certificates, but their connections are always rejected.

I am trying to use TLS with Evolution as a client, and keep seeing this error: SMTP protocol violation: synchronization error (next input sent too soon): rejected "\200F^AC". What does it mean?

I trying to use TLS with Outlook as a client on a box that is running Norton Antivirus, but all my email is being rejected with Unsupported command errors. Why?