If I can install something from the OS it shouldn’t come broken and insecure.
It just feels like such a strange platform to build a server on to me.
The "Features Removed or Deprecated in Windows Server 2012" page has mentioned SMTP since the OS was still called "Windows 8 server": https://web.archive.org/web/20120517025232/http://technet.mi...
I suppose you could've missed this if you moved directly from WS2008 to WS2022, but I don't know any OS that publishes "things we have removed or deprecated in the last three versions", it's usually just "what changed from the previous version to the current one".
Email use itself is waning and has never had privacy as a guaranteed feature.
This is an actual claim if someone is interested: https://www.hmailserver.com/state
On SHA-1: https://en.wikipedia.org/wiki/SHA-1
As of 2020, chosen-prefix attacks against SHA-1 are practical.[6][8] As such, it is recommended to remove SHA-1 from products as soon as possible and instead use SHA-2 or SHA-3. Replacing SHA-1 is urgent where it is used for digital signatures.
Digging further: https://www.hmailserver.com/forum/viewtopic.php?t=40568
Tl;dr: it uses sha256 by default and only has sha1 for backwards compatibility, which is considered insecure today. Critical updates are still there.
To my shock and horror, smtp service has been deprecated since server 2012, you can still install it but it comes with an extremely old version of IIS as a dependency and it’s broken out of the box.
To get it working you have to dig into some xml files and add parameters.
I really wonder how anyone can take a server OS seriously that doesn’t have out of the box first class functionality for smtp, one of the most ubiquitous protocols on the internet.