I've got qmail-ldap running with qmail-smtpd offering STARTTLS and SMTP AUTH (with the smtp-auth patch). I want our users to be able to use the SMTP AUTH with qmail-smtpd in order to allow relaying, but if they request SMTP AUTH I want to insist that they also use STARTTLS so the authentication is encrypted (PLAIN style is a trivially reversable base64 encoding).
Right now I can tell Mozilla to "Never" use encryption for smtp but when it sees the server will support SMTP AUTH, it creates a popup and sends my user/password base64 encoded. Too risky for me. Is there a way to require the client to use TLS in the STARTTLS negotiation if the client requests SMTP AUTH? Thanks.
