login_disabled option before starttls for pop3

dbmail.conf

@@ -227,6 +227,11 @@ port                  = 110
 # You can set an alternate banner to display when connecting to the service
 # banner = DBMAIL pop3 server ready to rock
 
+# If TLS is enabled, login before starttls is normally
+# allowed. Use login_disabled=yes to change this
+#
+# login_disabled        = no
+
 # 
 # If yes, allows SMTP access from the host IP connecting by POP3.
 # This requires addition configuration of your MTA

src/pop3.c

@@ -366,6 +366,7 @@ int pop3(ClientSession_T *session, const char *buffer)
 	int found = 0;
 	//int indx = 0;
 	int validate_result;
+    bool login_disabled = FALSE;
 	uint64_t result, top_lines, top_messageid, user_idnr;
 	unsigned char *md5_apop_he;
 	struct message *msg;
@@ -431,6 +432,15 @@ int pop3(ClientSession_T *session, const char *buffer)
 		}
 	}
 
+    if (state == CLIENTSTATE_INITIAL_CONNECT) {
+        if (server_conf->ssl) {
+            Field_T val;
+            GETCONFIGVALUE("login_disabled", "POP", val);
+            if (SMATCH(val, "yes"))
+                login_disabled = TRUE;
+        }
+    }
+
 	switch (cmdtype) {
 
 	case POP3_QUIT:
@@ -459,6 +469,9 @@ int pop3(ClientSession_T *session, const char *buffer)
 		if (state != CLIENTSTATE_INITIAL_CONNECT)
 			return pop3_error(session, "-ERR wrong command mode\r\n");
 
+        if (login_disabled && ! session->ci->sock->ssl_state)
+            return pop3_error(session, "-ERR try STLS\r\n");
+
 		if (session->username != NULL) {
 			/* reset username */
 			g_free(session->username);
@@ -478,6 +491,9 @@ int pop3(ClientSession_T *session, const char *buffer)
 		if (state != CLIENTSTATE_INITIAL_CONNECT)
 			return pop3_error(session, "-ERR wrong command mode\r\n");
 
+        if (login_disabled && ! session->ci->sock->ssl_state)
+            return pop3_error(session, "-ERR try STLS\r\n");
+
 		if (session->password != NULL) {
 			g_free(session->password);
 			session->password = NULL;