From b53d620dd5680148cd67deae1fa09dd9247ee26f Mon Sep 17 00:00:00 2001
From: Bernhard Froehlich <decke@bluelife.at>
Date: Tue, 11 Dec 2018 15:30:12 +0000
Subject: [PATCH] Do not share Server instance with multiple listeners to avoid
 mixing TLS and non TLS configurations in the same server.

---
 main.go        | 14 +++++++-------
 smtp-proxy.ini |  3 +--
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/main.go b/main.go
index 43d2d79..5e8bdd7 100644
--- a/main.go
+++ b/main.go
@@ -41,18 +41,17 @@ func main() {
 
 	iniflags.Parse()
 
-	server := &smtpd.Server{
-		Hostname:	*hostName,
-		WelcomeMessage: *welcomeMsg,
-		Handler:        handler,
-		ForceTLS:	*localForceTLS,
-	}
-
 	listeners := strings.Split(*listen, " ")
 
 	for i := range(listeners) {
 		listener := listeners[i]
 
+		server := &smtpd.Server{
+			Hostname:	*hostName,
+			WelcomeMessage: *welcomeMsg,
+			Handler:        handler,
+		}
+
 		if strings.Index(listeners[i], "://") == -1 {
 			;
 		} else if strings.HasPrefix(listeners[i], "tls://") || strings.HasPrefix(listeners[i], "starttls://") {
@@ -69,6 +68,7 @@ func main() {
 				log.Fatal(err)
 			}
 
+			server.ForceTLS = *localForceTLS
 			server.TLSConfig = &tls.Config {
 				Certificates: [] tls.Certificate{cert},
 			}
diff --git a/smtp-proxy.ini b/smtp-proxy.ini
index 615adeb..980b63a 100644
--- a/smtp-proxy.ini
+++ b/smtp-proxy.ini
@@ -18,8 +18,7 @@
 ;local_key  = smtpd.key
 
 ; Enforce encrypted connection on STARTTLS ports before
-; accepting mails from client. Cannot be used with plain
-; non encrypted listeners.
+; accepting mails from client.
 ;local_forcetls = false
 
 ; Relay all mails to this SMTP server