Have you ever tried to remotely test an SSL/TLS certificate on an email server?
It is no easy task, unless you know the simple command. Most online SSL testing tools that work against an email server will report if the connection is encrypted, if the cert matches the expected server name etc. However one piece of information they fail to check is if the certificate is expired.
I found OpenSSL has an easy command you can use to connect to an SMTP server and pull the details of the certificate in use on that server.
openssl s_client -starttls smtp -crlf -connect 123.456.789.012:25