MSA/SMTP.cpp in Trojita prior to 0.8 ignores certificate-verification errors, which allows man-in-the-middle malicious users to spoof SMTP servers.
trojita project trojita