Often you might find yourself in a situation where you don’t know why a TLS connection to a SMTP server is failing.
Using openssl you can initiate a secure TLS connection and get some info back regarding the certificate of the SMTP server, it’s alternate names, if it’s selfsigned, the chain of trust etc.
$ openssl s_client -connect mail.example.com:25 -starttls smtp