*** qmail-smtpd.c.orig	Thu Jan  9 16:24:52 2014
--- qmail-smtpd.c	Thu Jan  9 16:30:52 2014
***************
*** 42,47 ****
--- 42,48 ----
  int tls_verify();
  void tls_nogateway();
  int ssl_rfd = -1, ssl_wfd = -1; /* SSL_get_Xfd() are broken */
+ int forcetls = 0;
  #endif
  
  int safewrite(fd,buf,len) int fd; char *buf; int len;
***************
*** 700,705 ****
--- 701,709 ----
    if (!stralloc_0(&proto)) die_nomem();
    protocol = proto.s;
  
+   /* Check if we have to force users to use ssl when authenticating */
+   if(control_readint(&forcetls,"control/smtpforcetls") == -1) die_control();
+ 
    /* have to discard the pre-STARTTLS HELO/EHLO argument, if any */
    dohelo(remotehost);
  }
***************
*** 894,899 ****
--- 898,912 ----
      out("503 auth not available (#5.3.3)\r\n");
      return;
    }
+ #ifdef TLS
+   if (forcetls && !ssl)
+   {
+     out("538 auth not available without TLS (#5.3.3)\r\n");
+     flush();
+     die_read();
+   }
+ #endif
+ 
    if (authd) { err_authd(); return; }
    if (seenmail) { err_authmail(); return; }