(via www.technoids.org)
Sending user names and passwords across the Internet in plain text is bad. Fortunately, sendmail provides another method of encrypting not only the user name and password, but the entire mail transmission, using Transport Layer Security (TLS)--which is only slightly different from its predecessor, Secure Socket Layer (SSL) version 3. Sendmail uses the STARTTLS command within an SMTP conversation to signal the beginning of an encrypted TLS conversation...
check certificate offered by server
Below is openssl command line that can be used to check if the server is setup correct and offering the ssl certificate.
openssl s_client -connect host.domain.tld:25 -starttls smtp </dev/null