From: David Levine <levinedl@acm.org>
Date: Wed, 9 Jul 2014 00:58:12 +0000 (-0500)
Subject: If the user didn't specify any of the tls switches to post(8), try to
X-Git-Url: https://diplodocus.org/git/nmh/commitdiff_plain/19238e87f359e78f6c28f9d9f5ecd23a023135f6?ds=sidebyside;hp=-c

If the user didn't specify any of the tls switches to post(8), try to
help them by implying -initialtls if they're using port 465 (smtps,
until IANA revoked that registration in 1998).
---

19238e87f359e78f6c28f9d9f5ecd23a023135f6
diff --git a/man/post.man b/man/post.man
index 8ea92332..a1fb3160 100644
--- a/man/post.man
+++ b/man/post.man
@@ -1,4 +1,4 @@
-.TH POST %manext8% "April 14, 2013" "%nmhversion%"
+.TH POST %manext8% "July 8, 2014" "%nmhversion%"
 .\"
 .\" %nmhwarning%
 .\"
@@ -249,6 +249,12 @@ switch.
 The
 .B \-notls
 switch will disable all attempts to negotiate TLS.
+.PP
+If port 465 is specified and none of the TLS switches were enabled,
+.B \-initialtls
+will be implied if TLS support was compiled in.  Though port 465 for
+SMTPS (SMTP over SSL) was deregistered by IANA in 1998, it is still
+used for that service.
 .SH FILES
 .fc ^ ~
 .nf
diff --git a/man/send.man b/man/send.man
index c8346c34..6e22bba2 100644
--- a/man/send.man
+++ b/man/send.man
@@ -1,7 +1,7 @@
 .\"
 .\" %nmhwarning%
 .\"
-.TH SEND %manext1% "January 23, 2014" "%nmhversion%"
+.TH SEND %manext1% "July 8, 2014" "%nmhversion%"
 .SH NAME
 send \- send a message
 .SH SYNOPSIS
@@ -436,6 +436,12 @@ The
 .B \-notls
 switch will disable all attempts to negotiate TLS.
 .PP
+If port 465 is specified and none of the TLS switches were enabled,
+.B \-initialtls
+will be implied if TLS support was compiled in.  Though port 465 for
+SMTPS (SMTP over SSL) was deregistered by IANA in 1998, it is still
+used for that service.
+.PP
 The files specified by the profile entry \*(lqAliasfile:\*(rq and any
 additional alias files given by the
 .B \-alias
diff --git a/uip/post.c b/uip/post.c
index ef9c8803..16121359 100644
--- a/uip/post.c
+++ b/uip/post.c
@@ -201,7 +201,7 @@ static int saslssf=-1;		/* Our maximum SSF for SASL              */
 static char *saslmech=NULL;	/* Force use of particular SASL mech     */
 static char *user=NULL;		/* Authenticate as this user             */
 static char *port="submission";	/* Name of server port for SMTP submission */
-static int tls=0;		/* Use TLS for encryption		 */
+static int tls=-1;		/* Use TLS for encryption		 */
 static int fromcount=0;		/* Count of addresses on From: header	 */
 static int seensender=0;	/* Have we seen a Sender: header?	 */
 
@@ -602,6 +602,21 @@ main (int argc, char **argv)
     	envelope = from;
     }
 
+    if (tls == -1) {
+#ifdef TLS_SUPPORT
+	/*
+	 * The user didn't specify any of the tls switches.  Try to
+	 * help them by implying -initialtls if they're using port 465
+	 * (smtps, until IANA revoked that registration in 1998).
+	 */
+	tls = ! strcmp (port, "465")  ||  ! strcasecmp (port, "smtps")
+	    ?  2
+	    :  0;
+#else  /* ! TLS_SUPPORT */
+	tls = 0;
+#endif /* ! TLS_SUPPORT */
+    }
+
     /* If we are doing a "whom" check */
     if (whomsw) {
 	/* This won't work with MTS_SENDMAIL_PIPE. */