Having run a mail server that used to have a self-signed cert and that now doesn't offer starttls at all, I can tell you I experienced zero failed deliveries (well, nobody has ever complained, and I still get all the mail I expect to get). Maybe incoming mail will use starttls if available, but if it's not (mitm, fake mx record, etc.) the remote server isn't going to stop. It just delivers in plaintext.
I mean, it's trival to see this is true. Open up your mail server's configuration file. Where's the line that specifies trusted root CAs for relaying to remote servers? Oh, there isn't one? So how does it verify the chain of trust?
(I realize I didn't quite address your question. Solid answer: at least one. But I'm fairly confident the number of server configured as you suggest is extremely close to zero.)
I mean, it's trival to see this is true. Open up your mail server's configuration file. Where's the line that specifies trusted root CAs for relaying to remote servers? Oh, there isn't one? So how does it verify the chain of trust?
(I realize I didn't quite address your question. Solid answer: at least one. But I'm fairly confident the number of server configured as you suggest is extremely close to zero.)