diff -r 639ad985a75b sys/man/8/smtp
--- a/sys/man/8/smtp	Mon Jul 20 18:58:52 2020 -0700
+++ b/sys/man/8/smtp	Wed Jul 29 09:24:42 2020 +0200
@@ -6,7 +6,7 @@
 .ti -0.5i
 .B upas/smtp
 [
-.B -aAdfipst
+.B -aACdfipst
 ] [
 .B -b
 .I busted-mx
@@ -81,6 +81,9 @@
 when trying MX hosts.
 May be repeated.
 .TP
+.B -C
+ignore bad thumbprints for TLS connections.
+.TP
 .B -d
 turn on debugging to standard error.
 .TP
diff -r 639ad985a75b sys/src/cmd/upas/smtp/smtp.c
--- a/sys/src/cmd/upas/smtp/smtp.c	Mon Jul 20 18:58:52 2020 -0700
+++ b/sys/src/cmd/upas/smtp/smtp.c	Wed Jul 29 09:24:42 2020 +0200
@@ -46,6 +46,7 @@
 int	quitting;	/* when error occurs in quit */
 int	tryauth;	/* Try to authenticate, if supported */
 int	trysecure;	/* Try to use TLS if the other side supports it */
+int	nocertcheck; /* ignore unrecognized certs. Still logged */
 
 char	*quitrv;	/* deferred return value when in quit */
 char	ddomain[1024];	/* domain name of destination machine */
@@ -85,7 +86,7 @@
 void
 usage(void)
 {
-	fprint(2, "usage: smtp [-aAdfipst] [-b busted-mx] [-g gw] [-h host] "
+	fprint(2, "usage: smtp [-aACdfipst] [-b busted-mx] [-g gw] [-h host] "
 		"[-u user] [.domain] net!host[!service] sender rcpt-list\n");
 	exits(Giveup);
 }
@@ -185,6 +186,9 @@
 	case 'u':
 		user = EARGF(usage());
 		break;
+	case 'C':
+		nocertcheck = 1;
+		break;
 	default:
 		usage();
 		break;
@@ -413,6 +417,12 @@
 	Bterm(&bin);
 	Binit(&bin, fd, OREAD);
 
+	if (nocertcheck) {
+		syslog(0, "smtp", "ignoring cert for %s", ddomain);
+		err = nil;
+		goto Out;
+	}
+
 	goodcerts = initThumbprints(smtpthumbs, smtpexclthumbs, "x509");
 	if (goodcerts == nil) {
 		syslog(0, "smtp", "bad thumbprints in %s", smtpthumbs);