X-Git-Url: https://code.citadel.org/?a=blobdiff_plain;f=citadel%2Fserver%2Fmodules%2Fsmtp%2Fserv_smtp.c;h=005f5b5d7746fc5eb814f82500dc5256ed5086dd;hb=ba196da6b1ae7bdd2e72558ff35fe17d8597d141;hp=e58c4ff6ffd79d0acab81505c3abca902a19a0be;hpb=5dace62b01176b22d2901ebdbfba6e07c93fa8b4;p=citadel.git

diff --git a/citadel/server/modules/smtp/serv_smtp.c b/citadel/server/modules/smtp/serv_smtp.c
index e58c4ff6f..005f5b5d7 100644
--- a/citadel/server/modules/smtp/serv_smtp.c
+++ b/citadel/server/modules/smtp/serv_smtp.c
@@ -215,10 +215,12 @@ void smtp_hello(int which_command) {
 		cprintf("250-SIZE %ld\r\n", CtdlGetConfigLong("c_maxmsglen"));
 
 #ifdef HAVE_OPENSSL
-		// Offer TLS, but only if TLS is not already active.
-		// Furthermore, only offer TLS when running on the SMTP-MSA port, not on the SMTP-MTA port,
-		// because if our server doesn't have a trusted certificate, some mailers will refuse to talk to it.
-		if ( (!CC->redirect_ssl) && (SMTP->is_msa) ) {
+		// Offer the STARTTLS option...
+		if (	(!CC->redirect_ssl)							// not if we're already TLS
+			&& (	(SMTP->is_msa)							// Always on port 587
+				|| (CtdlGetConfigInt("smtp_advertise_starttls") != 0)		// On port 25 only if enabled
+			)
+		) {
 			cprintf("250-STARTTLS\r\n");
 		}
 #endif