When the Secure Administration is configured for a CA certificate, it is applied to web administration traffic only. The device continues to use a self-signed certificate for message exchange using TLS. When a CA certificate is activated, it should be used in all contexts.
If a particular communication partner requires SMTP over TLS with a verifiable certificate, the Barracuda becomes unusable because of this oversight. Based on what I am reading in other forums, this is definitely occurring.