From: Peter Pentchev <roam@ringlet.net>
Date: Tue, 25 Jan 2011 09:18:32 +0000 (+0200)
Subject: Fix straight SSL/TLS delivery to remote MX's.
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ec04827a270e68ff23194ea809223c7dfedbe3a4;p=people%2Fms%2Fdma.git

Fix straight SSL/TLS delivery to remote MX's.

If the SECURETRANS option is enabled but STARTTLS is not, this ought
to mean that dma should start talking SSL to the remote MX straight
away, without waiting for its greeting.  Thus, postpone waiting for
the SMTP banner in this case until after the SSL connection has been
successfully initialized.
---

diff --git a/net.c b/net.c
index 1622b7c..985c539 100644
--- a/net.c
+++ b/net.c
@@ -379,10 +379,13 @@ deliver_to_host(struct qitem *it, struct mx_hostentry *host)
 	}
 
 	/* Check first reply from remote host */
-	config.features |= NOSSL;
-	READ_REMOTE_CHECK("connect", 2);
+	if ((config.features & SECURETRANS) == 0 ||
+	    (config.features & STARTTLS) != 0) {
+		config.features |= NOSSL;
+		READ_REMOTE_CHECK("connect", 2);
 
-	config.features &= ~NOSSL;
+		config.features &= ~NOSSL;
+	}
 
 	if ((config.features & SECURETRANS) != 0) {
 		error = smtp_init_crypto(fd, config.features);
@@ -390,6 +393,9 @@ deliver_to_host(struct qitem *it, struct mx_hostentry *host)
 			syslog(LOG_DEBUG, "SSL initialization successful");
 		else
 			goto out;
+
+		if ((config.features & STARTTLS) == 0)
+			READ_REMOTE_CHECK("connect", 2);
 	}
 
 	/* XXX allow HELO fallback */