Random idea but if there were some way to identify the client BEFORE presenting the certificate then it would be possible to present one of a number of certificates depending on the incoming client.... (don't fancy scraping SMTP server log files and matching back to IP addresses though...)
Ed W
