Have a cisco Ironport C190 that is using the default ESA certificate for Destination Control. What is the purpose of having a certificate for outbound emails? Typically if you connect to a server you would use their certificate, so why do I need one to send email to a remote server? Seems backwards to me.
The Destination Controls certificate would be used for certificate validation (when requested from the server) during the TLS handshake, if and when TLS is used. While this is not common, and you can most likely get away with a self-signed certificate during delivery, it is typically best practice to utilize a 3rd party signed and trusted certificate in case this is required.
You can read more about the Certificate Request during the handshake within the TLS RFC.