[JasuM]

Its port 26 enforces TLS though.

[tankenmate]

But doesn't bother to check if the certs (local and remote server) have been signed by a trusted authority. Nor does it attempt to pin these certs.

It provides encryption, but no authentication nor authorisation. In short an ever so slight improvement over normal SMTP.

[i336_]

It's actively ten thousand times worse than that. From the article:

> The device uses self-signed certs throughout and they aren't even device specific. It's using the default ssl-cert-snakeoil.pem and ssl-cert-snakeoil.key in the Postfix config.