From ec74380db22e3d92641c972aa53823d02a56a5ad Mon Sep 17 00:00:00 2001
From: Paul J Stevens <p.stevens@lukkien.com>
Date: Wed, 18 Feb 2015 21:26:38 +0100
Subject: [PATCH 01/33] login_disabled option before starttls for pop3

---
 dbmail.conf |  5 +++++
 src/pop3.c  | 16 ++++++++++++++++
 2 files changed, 21 insertions(+)

diff --git dbmail.conf dbmail.conf
index 946e064..bf16d16 100644
--- dbmail.conf
+++ dbmail.conf
@@ -227,6 +227,11 @@ port                  = 110
 # You can set an alternate banner to display when connecting to the service
 # banner = DBMAIL pop3 server ready to rock
 
+# If TLS is enabled, login before starttls is normally
+# allowed. Use login_disabled=yes to change this
+#
+# login_disabled        = no
+
 # 
 # If yes, allows SMTP access from the host IP connecting by POP3.
 # This requires addition configuration of your MTA
diff --git src/pop3.c src/pop3.c
index cc0863b..d03f71a 100644
--- src/pop3.c
+++ src/pop3.c
@@ -366,6 +366,7 @@ int pop3(ClientSession_T *session, const char *buffer)
 	int found = 0;
 	//int indx = 0;
 	int validate_result;
+    bool login_disabled = FALSE;
 	uint64_t result, top_lines, top_messageid, user_idnr;
 	unsigned char *md5_apop_he;
 	struct message *msg;
@@ -431,6 +432,15 @@ int pop3(ClientSession_T *session, const char *buffer)
 		}
 	}
 
+    if (state == CLIENTSTATE_INITIAL_CONNECT) {
+        if (server_conf->ssl) {
+            Field_T val;
+            GETCONFIGVALUE("login_disabled", "POP", val);
+            if (SMATCH(val, "yes"))
+                login_disabled = TRUE;
+        }
+    }
+
 	switch (cmdtype) {
 		
 	case POP3_QUIT:
@@ -459,6 +469,9 @@ int pop3(ClientSession_T *session, const char *buffer)
 		if (state != CLIENTSTATE_INITIAL_CONNECT)
 			return pop3_error(session, "-ERR wrong command mode\r\n");
 
+        if (login_disabled && ! session->ci->sock->ssl_state)
+            return pop3_error(session, "-ERR try STLS\r\n");
+
 		if (session->username != NULL) {
 			/* reset username */
 			g_free(session->username);
@@ -478,6 +491,9 @@ int pop3(ClientSession_T *session, const char *buffer)
 		if (state != CLIENTSTATE_INITIAL_CONNECT)
 			return pop3_error(session, "-ERR wrong command mode\r\n");
 
+        if (login_disabled && ! session->ci->sock->ssl_state)
+            return pop3_error(session, "-ERR try STLS\r\n");
+
 		if (session->password != NULL) {
 			g_free(session->password);
 			session->password = NULL;
-- 
2.10.1 (Apple Git-78)

