Although TLS encrypts messages when they are in transit, it does not keep messages encrypted at the destination (of network tranmission). This means that most servers store messages in plain text. A curious system administrator can very easily read messages that go through a specific SMTP server.
Unfortunately, there is little that end users can do to stop curious administrators. The only method is to use end-to-end encryption implemented as PGP (pretty-good-protection) or GPG (GNU privacy guard). This requires both the sender and recipient to have email client programs that can encrypt/decipher. The sender also needs to get the public key from the recipient in order to encrypt a message.