We have recently released the new version of UniFi Network Controller that fixes vulnerabilities found in v5.10.21 and prior, according to the description below:
SMTP MITM refers to a malicious actor setting up an SMTP proxy server between the user and their actual SMTP server to record their SMTP credentials for malicious use later.
These vulnerabilities were fixed in the UniFi Controller v5.6.42 and v5.10.22 which are available for download at Ubiquiti´s download page. This is also fixed in v5.11.18 which is an Unstable release found in Beta section.
In controller versions, prior to the fixed versions, the controller was using an insecure method of SSL certificate verification that did not verify SSL hosts. This allowed a man-in-the-middle attack wherein a malicious server could use a false SSL certificate to acquire SMTP credentials.
UniFi Controller prior to v.5.10.22 and v5.11 prior to v5.11.18 (excluding 5.6.42)
Disable SMTP mail in the controller site options until you have upgraded to 5.6.42, 5.10.22+ or 5.11.18+.