Are we talking about using SMTP via the onion service, or just regular SMTP through an exit node? The onion service comes with its own crypto and would not need TLS on top of it (though you're free to use TLS anyway, like Facebook, if it makes sense because of how your infrastructure is set up). There's no exit node for hidden service connections (or any other node that sees the plaintext other than the hidden service itself).