As of mid-2011, gmail moved to using TLS more exclusively where available (we’re assuming, based on recent support requests). On many DA boxes, the /etc/exim.cert and /etc/exim.key files are not correctly setup, either permission or ownership, causing an error similar to:
(SSL_CTX_use_PrivateKey_file file=/etc/exim.key): error:0200100D:system library:fopen:Permission denied
in your /var/log/exim/mainlog.
The above error would be a non-readable key by “mail”, other cases are caused by empty exim.cert or exim.key files.
The solution is to ensure your exim.cert and exim.key are both readable by “mail” and have data in them.
You can use this guide to ensure they’re set correctly.
Other related error messages from google:
Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 454 454 TLS currently unavailable (state 9).