summaryrefslogtreecommitdiff
path: root/usr.sbin/smtpd
diff options
context:
space:
mode:
authorEric Faurot <eric@cvs.openbsd.org>2012-03-27 12:53:34 +0000
committerEric Faurot <eric@cvs.openbsd.org>2012-03-27 12:53:34 +0000
commit5fcd9e7a32af3dfd5570ac08b9f951c08bf187fa (patch)
tree7ea1f2f7167b6d5408a2133e12133bedab8713b0 /usr.sbin/smtpd
parent66e4547bc0aa57d25b6b1f30ed4515d196f51677 (diff)
Do not try STARTTLS if the server does not advertise support
for it (it apparently triggers very bizarre behaviour on some servers). Also make sure we are not using AUTH over a clear channel. ok gilles@
Diffstat (limited to 'usr.sbin/smtpd')
-rw-r--r--usr.sbin/smtpd/mta.c13
1 files changed, 10 insertions, 3 deletions
diff --git a/usr.sbin/smtpd/mta.c b/usr.sbin/smtpd/mta.c
index 6eacc235889..6475b80287c 100644
--- a/usr.sbin/smtpd/mta.c
+++ b/usr.sbin/smtpd/mta.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mta.c,v 1.128 2012/03/25 08:44:24 eric Exp $ */
+/* $OpenBSD: mta.c,v 1.129 2012/03/27 12:53:33 eric Exp $ */
/*
* Copyright (c) 2008 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -560,14 +560,21 @@ mta_enter_state(struct mta_session *s, int newstate)
case MTA_SMTP_STARTTLS:
if (s->flags & MTA_TLS) /* already started */
mta_enter_state(s, MTA_SMTP_AUTH);
+ else if ((s->ext & MTA_EXT_STARTTLS) == 0)
+ /* server doesn't support starttls, do not use it */
+ mta_enter_state(s, MTA_SMTP_AUTH);
else
mta_send(s, "STARTTLS");
break;
case MTA_SMTP_AUTH:
- if (s->secret)
+ if (s->secret && s->flags & MTA_TLS)
mta_send(s, "AUTH PLAIN %s", s->secret);
- else
+ else if (s->secret) {
+ log_debug("mta: %p: not using AUTH on non-TLS session",
+ s);
+ mta_enter_state(s, MTA_CONNECT);
+ } else
mta_enter_state(s, MTA_SMTP_READY);
break;