From 5fcd9e7a32af3dfd5570ac08b9f951c08bf187fa Mon Sep 17 00:00:00 2001 From: Eric Faurot Date: Tue, 27 Mar 2012 12:53:34 +0000 Subject: Do not try STARTTLS if the server does not advertise support for it (it apparently triggers very bizarre behaviour on some servers). Also make sure we are not using AUTH over a clear channel. ok gilles@ --- usr.sbin/smtpd/mta.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) (limited to 'usr.sbin/smtpd') diff --git a/usr.sbin/smtpd/mta.c b/usr.sbin/smtpd/mta.c index 6eacc235889..6475b80287c 100644 --- a/usr.sbin/smtpd/mta.c +++ b/usr.sbin/smtpd/mta.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mta.c,v 1.128 2012/03/25 08:44:24 eric Exp $ */ +/* $OpenBSD: mta.c,v 1.129 2012/03/27 12:53:33 eric Exp $ */ /* * Copyright (c) 2008 Pierre-Yves Ritschard @@ -560,14 +560,21 @@ mta_enter_state(struct mta_session *s, int newstate) case MTA_SMTP_STARTTLS: if (s->flags & MTA_TLS) /* already started */ mta_enter_state(s, MTA_SMTP_AUTH); + else if ((s->ext & MTA_EXT_STARTTLS) == 0) + /* server doesn't support starttls, do not use it */ + mta_enter_state(s, MTA_SMTP_AUTH); else mta_send(s, "STARTTLS"); break; case MTA_SMTP_AUTH: - if (s->secret) + if (s->secret && s->flags & MTA_TLS) mta_send(s, "AUTH PLAIN %s", s->secret); - else + else if (s->secret) { + log_debug("mta: %p: not using AUTH on non-TLS session", + s); + mta_enter_state(s, MTA_CONNECT); + } else mta_enter_state(s, MTA_SMTP_READY); break; -- cgit v1.2.3