cprintf("250-SIZE %ld\r\n", CtdlGetConfigLong("c_maxmsglen"));
#ifdef HAVE_OPENSSL
- // Offer TLS, but only if TLS is not already active.
- // Furthermore, only offer TLS when running on the SMTP-MSA port, not on the SMTP-MTA port,
- // because if our server doesn't have a trusted certificate, some mailers will refuse to talk to it.
- if ( (!CC->redirect_ssl) && (SMTP->is_msa) ) {
+ // Offer the STARTTLS option...
+ if ( (!CC->redirect_ssl) // not if we're already TLS
+ && ( (SMTP->is_msa) // Always on port 587
+ || (CtdlGetConfigInt("smtp_advertise_starttls") != 0) // On port 25 only if enabled
+ )
+ ) {
cprintf("250-STARTTLS\r\n");
}
#endif