1 files changed, 17 insertions, 1 deletions

diff --git a/qmail-remote.c b/qmail-remote.c
index 0e2377e..ee1906c 100644
--- a/qmail-remote.c
+++ b/qmail-remote.c
@@ -387,7 +387,7 @@ void tls_quit(const char *s1, const char *s2)
 }
 # define tls_quit_error(s) tls_quit(s, ssl_error())
 
-int match_partner(const char *s, int len)
+static int match_partner(const char *s, int len)
 {
   if (!case_diffb(partner_fqdn, len, s) && !partner_fqdn[len]) return 1;
   /* we also match if the name is *.domainname */
@@ -398,6 +398,14 @@ int match_partner(const char *s, int len)
   return 0;
 }
 
+static int match_suffix(const char *s, const char *suffix)
+{
+  int diff_len = str_len(s) - str_len(suffix);
+  if (diff_len >= 0 && !case_diffb(suffix, str_len(suffix), s + diff_len))
+    return 1;
+  return 0;
+}
+
 /* don't want to fail handshake if certificate can't be verified */
 int verify_cb(int preverify_ok, X509_STORE_CTX *ctx) { return 1; }
 
@@ -765,6 +773,14 @@ void smtp()
 #endif
 
   code = smtpcode();
+#ifdef TLS
+  if (code == 554 && partner_fqdn != NULL && (
+      match_suffix(partner_fqdn, "web.de") ||
+      match_suffix(partner_fqdn, "gmx.net") ||
+      match_suffix(partner_fqdn, "kundenserver.de"))) {
+    code = 454; /* 4xx, does not really matter */
+  }
+#endif
   if (code >= 500 && code < 600) quit("DConnected to "," but greeting failed");
   if (code >= 400 && code < 500) return; /* try next MX, see RFC-2821 */
   if (code != 220) quit("ZConnected to "," but greeting failed");