Could it be that the certificate (or intermediate) is
allowed for S/MIME? in other words, is the "Extended Key Usage" set and
does it contain "emailProtection"?
Extended Key Usage for the certificate issued by the local CA: emailProtection,
Extended Key Usage for the certificate issued by StartSSL: emailProtection, clientAuth
If you want you can send me the public cert (directly
to me) and I can
take a look.
thank you, it's on its way.