From 026d6c79538ad9dbe646f3ee5559470419583fe9 Mon Sep 17 00:00:00 2001
From: manuel <manuel@mausz.at>
Date: Thu, 19 May 2022 11:52:04 +0200
Subject: SMTP: add support for required TLS

---
 qmail-smtpd.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/qmail-smtpd.c b/qmail-smtpd.c
index 7867197..f038314 100644
--- a/qmail-smtpd.c
+++ b/qmail-smtpd.c
@@ -80,6 +80,7 @@ void tls_nogateway();
 int ssl_rfd = -1, ssl_wfd = -1; /* SSL_get_Xfd() are broken */
 stralloc proto = {0};
 int tls_before_auth = 0;
+int tls_require = 0;
 #endif
 
 #ifdef SMTPUTF8
@@ -345,6 +346,7 @@ void setup()
 
 #ifdef TLS
   if (env_get("TLSBEFOREAUTH")) tls_before_auth = 1;
+  if (env_get("TLSREQUIRE")) tls_require = 1;
   if (env_get("SMTPS")) { smtps = 1; tls_init(); }
   else
 #endif
@@ -724,6 +726,9 @@ void smtp_rset(arg) char *arg;
 void smtp_mail(arg) char *arg;
 {
   if (!seenhelo) { err_wanthelo(); return; }
+#if defined(TLS)
+  if (tls_require && !ssl) { err_wantstarttls(); return; }
+#endif
   if (!addrparse(arg)) { err_syntax(); return; }
   flagsize = 0;
   mailfrom_parms(arg);
-- 
cgit v1.2.3