initial starttls support in mta, this allows:

	accept for domain "openbsd.org" relay via tls "mx.example.org"

to ensure the relaying of mail for whoever@openbsd.org will happen through
a secure tls (STARTTLS) session. failure to establish a tls session will be
considered as a permanent failure. As a side effect:

	accept for domain "openbsd.org" relay via ssl "mx.example.org"

can now work as well and ensure that the relaying happens through ssmtp OR
tls, but never through an unsafe channel. no need to specify a port, they
are automatically detected if not specified.

still a work in progress, don't expect that it will work flawlessly.

1 files changed, 3 insertions, 2 deletions

diff --git a/usr.sbin/smtpd/smtpd.h b/usr.sbin/smtpd/smtpd.h
index ae124674101..c3a588594f5 100644
--- a/usr.sbin/smtpd/smtpd.h
+++ b/usr.sbin/smtpd/smtpd.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: smtpd.h,v 1.58 2009/01/29 13:00:12 gilles Exp $	*/
+/*	$OpenBSD: smtpd.h,v 1.59 2009/01/29 14:25:55 gilles Exp $	*/
 
 /*
  * Copyright (c) 2008 Gilles Chehade <gilles@openbsd.org>
@@ -568,7 +568,8 @@ enum session_flags {
 	F_QUIT		= 0x2,
 	F_8BITMIME	= 0x4,
 	F_SECURE	= 0x8,
-	F_AUTHENTICATED	= 0x10
+	F_AUTHENTICATED	= 0x10,
+	F_PEERHASTLS	= 0x20
 };
 
 struct session {