After making some configuration changes on my server, I ran into an odd problem. The next time I tried to send an e-mail with Thunderbird, I received an instant "timeout" error. This was rather unexpected and annoying. What the bleep is going on?
Attempting to telnet to port 465, the standard port associated with SMTP using SSL/TLS, left me only a little wiser:
454 4.3.3 TLS not available: error generating SSL handle
Checking the system logs was also not particularly enlightening:
SSL routines:SSL_new:null ssl ctx:ssl/ssl_lib.c:683:
Fortunately, I remembered something and a quick Google search confirmed it. A few hours prior, I made the private key of my SSL certificate world-readable. This was necessary as a temporary measure because some other unprivileged software needed it and this was a shortcut solution. (Yes, I am aware of the implications. The system in question has no users other than myself, so it was an acceptable short-term risk.)
What I did not know is that sendmail does not tolerate this and simply refuses to communicate over TLS with a world-readable private key.
I changed the permissions on /etc/letsencrypt/.../privkey1.pem
to 0640 and restarted sendmail and now, all is well.