New config option: set smtp_advertise_starttls to nonzero to advertise STARTTLS in...

[citadel.git] / citadel / server / modules / smtp / serv_smtp.c

diff --git a/citadel/server/modules/smtp/serv_smtp.c b/citadel/server/modules/smtp/serv_smtp.c
index e58c4ff6ffd79d0acab81505c3abca902a19a0be..005f5b5d7746fc5eb814f82500dc5256ed5086dd 100644 (file)
--- a/citadel/server/modules/smtp/serv_smtp.c
+++ b/citadel/server/modules/smtp/serv_smtp.c
@@ -215,10 +215,12 @@ void smtp_hello(int which_command) {
                cprintf("250-SIZE %ld\r\n", CtdlGetConfigLong("c_maxmsglen"));
 
 #ifdef HAVE_OPENSSL
-               // Offer TLS, but only if TLS is not already active.
-               // Furthermore, only offer TLS when running on the SMTP-MSA port, not on the SMTP-MTA port,
-               // because if our server doesn't have a trusted certificate, some mailers will refuse to talk to it.
-               if ( (!CC->redirect_ssl) && (SMTP->is_msa) ) {
+               // Offer the STARTTLS option...
+               if (    (!CC->redirect_ssl)                                                     // not if we're already TLS
+                       && (    (SMTP->is_msa)                                                  // Always on port 587
+                               || (CtdlGetConfigInt("smtp_advertise_starttls") != 0)           // On port 25 only if enabled
+                       )
+               ) {
                        cprintf("250-STARTTLS\r\n");
                }
 #endif