Method 1 – openssl

#!/bin/bash
SERVERNAME=mail.example.com
printf 'quit\n' | openssl s_client -connect $SERVERNAME:25 -starttls smtp | openssl x509 -enddate -noout

Method 2 – Google Chrome

Run Google Chrome and bypass the ERR_UNSAFE_PORT error by specifying the --explicitly-allowed-ports=465 option on the command line. The following command is for MacOS

/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --explicitly-allowed-ports=465

Open the link to the SSL port of the email server. i.e https://mail.example.com:465 And you get a nice GUI displaying the trust chain and expiry date.

Refs: