From bd6f15673058c4253ee0bbaaa03f70711b572a6f Mon Sep 17 00:00:00 2001
From: Paul J Stevens
Date: Wed, 18 Feb 2015 21:26:38 +0100
Subject: [PATCH] login_disabled option before starttls for pop3
---
dbmail.conf | 5 +++++
src/pop3.c | 16 ++++++++++++++++
2 files changed, 21 insertions(+)
diff --git a/dbmail.conf b/dbmail.conf
index 946e0642..bf16d160 100644
--- a/dbmail.conf
+++ b/dbmail.conf
@@ -227,6 +227,11 @@ port = 110
# You can set an alternate banner to display when connecting to the service
# banner = DBMAIL pop3 server ready to rock
+# If TLS is enabled, login before starttls is normally
+# allowed. Use login_disabled=yes to change this
+#
+# login_disabled = no
+
#
# If yes, allows SMTP access from the host IP connecting by POP3.
# This requires addition configuration of your MTA
diff --git a/src/pop3.c b/src/pop3.c
index cc0863bf..d03f71a1 100644
--- a/src/pop3.c
+++ b/src/pop3.c
@@ -366,6 +366,7 @@ int pop3(ClientSession_T *session, const char *buffer)
int found = 0;
//int indx = 0;
int validate_result;
+ bool login_disabled = FALSE;
uint64_t result, top_lines, top_messageid, user_idnr;
unsigned char *md5_apop_he;
struct message *msg;
@@ -431,6 +432,15 @@ int pop3(ClientSession_T *session, const char *buffer)
}
}
+ if (state == CLIENTSTATE_INITIAL_CONNECT) {
+ if (server_conf->ssl) {
+ Field_T val;
+ GETCONFIGVALUE("login_disabled", "POP", val);
+ if (SMATCH(val, "yes"))
+ login_disabled = TRUE;
+ }
+ }
+
switch (cmdtype) {
case POP3_QUIT:
@@ -459,6 +469,9 @@ int pop3(ClientSession_T *session, const char *buffer)
if (state != CLIENTSTATE_INITIAL_CONNECT)
return pop3_error(session, "-ERR wrong command mode\r\n");
+ if (login_disabled && ! session->ci->sock->ssl_state)
+ return pop3_error(session, "-ERR try STLS\r\n");
+
if (session->username != NULL) {
/* reset username */
g_free(session->username);
@@ -478,6 +491,9 @@ int pop3(ClientSession_T *session, const char *buffer)
if (state != CLIENTSTATE_INITIAL_CONNECT)
return pop3_error(session, "-ERR wrong command mode\r\n");
+ if (login_disabled && ! session->ci->sock->ssl_state)
+ return pop3_error(session, "-ERR try STLS\r\n");
+
if (session->password != NULL) {
g_free(session->password);
session->password = NULL;