Ah, the old mail server ssl/tls credential expired day before yesterday.
I did a brief interim patch with the self-signed version I used prior to becoming more 'official' in the smtp world.
Given that I was already down, the fact that my initial configuration failed due to an oversight on my part wasn't too disconcerting ...
However, this found me ending up 36 hours in arrears prior to finding the issue and resolving it pretty quickly as soon as I had realized my omission in the process.
Suffice it to say that I'm happy with the new 'two year' certificate and I plan to slap them on my three web servers very shortly.
There are worse things in life but having everybody reject your email over a certificate they don't like because it's SELF SIGNED doesn't have to be one of them!
Now ... for the SPF TXT record in DNS and I'll be totally pussed out for gmail and the rest of the internet butt holes.