Today I found out that 90% of my problems with TLS stemmed from users
who had Norton Anti-Virus, knowingly or unknowningly, on their systems
to scan outgoing/incoming mail. Once turned off, SMTP users could
easily authenticate and send.
Only after I knew about this from experience and luck (good/bad) did i
know what to search the archives for -- and find a few references to
this problem.
It would be nice if future versions of the documentation contained a
line like "MUAs on machines with certain firewalls or anti-virus
products, like Norton Anti Virus, can disrupt SSL connections and ...'