Fix straight SSL/TLS delivery to remote MX's.

If the SECURETRANS option is enabled but STARTTLS is not, this ought
to mean that dma should start talking SSL to the remote MX straight
away, without waiting for its greeting.  Thus, postpone waiting for
the SMTP banner in this case until after the SSL connection has been
successfully initialized.

diff --git a/net.c b/net.c
index 1622b7c72c897a56845782c5e778229049ecbb60..985c5393ac2ce073c1e2e406261cf73c459c362b 100644 (file)
--- a/net.c
+++ b/net.c
@@ -379,10 +379,13 @@ deliver_to_host(struct qitem *it, struct mx_hostentry *host)
        }
 
        /* Check first reply from remote host */
-       config.features |= NOSSL;
-       READ_REMOTE_CHECK("connect", 2);
+       if ((config.features & SECURETRANS) == 0 ||
+           (config.features & STARTTLS) != 0) {
+               config.features |= NOSSL;
+               READ_REMOTE_CHECK("connect", 2);
 
-       config.features &= ~NOSSL;
+               config.features &= ~NOSSL;
+       }
 
        if ((config.features & SECURETRANS) != 0) {
                error = smtp_init_crypto(fd, config.features);
@@ -390,6 +393,9 @@ deliver_to_host(struct qitem *it, struct mx_hostentry *host)
                        syslog(LOG_DEBUG, "SSL initialization successful");
                else
                        goto out;
+
+               if ((config.features & STARTTLS) == 0)
+                       READ_REMOTE_CHECK("connect", 2);
        }
 
        /* XXX allow HELO fallback */