From ec04827a270e68ff23194ea809223c7dfedbe3a4 Mon Sep 17 00:00:00 2001 From: Peter Pentchev Date: Tue, 25 Jan 2011 11:18:32 +0200 Subject: [PATCH] Fix straight SSL/TLS delivery to remote MX's. If the SECURETRANS option is enabled but STARTTLS is not, this ought to mean that dma should start talking SSL to the remote MX straight away, without waiting for its greeting. Thus, postpone waiting for the SMTP banner in this case until after the SSL connection has been successfully initialized. --- net.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/net.c b/net.c index 1622b7c..985c539 100644 --- a/net.c +++ b/net.c @@ -379,10 +379,13 @@ deliver_to_host(struct qitem *it, struct mx_hostentry *host) } /* Check first reply from remote host */ - config.features |= NOSSL; - READ_REMOTE_CHECK("connect", 2); + if ((config.features & SECURETRANS) == 0 || + (config.features & STARTTLS) != 0) { + config.features |= NOSSL; + READ_REMOTE_CHECK("connect", 2); - config.features &= ~NOSSL; + config.features &= ~NOSSL; + } if ((config.features & SECURETRANS) != 0) { error = smtp_init_crypto(fd, config.features); @@ -390,6 +393,9 @@ deliver_to_host(struct qitem *it, struct mx_hostentry *host) syslog(LOG_DEBUG, "SSL initialization successful"); else goto out; + + if ((config.features & STARTTLS) == 0) + READ_REMOTE_CHECK("connect", 2); } /* XXX allow HELO fallback */ -- 2.47.3