Skip to content

Instantly share code, notes, and snippets.



Last active Jan 9, 2019
What would you like to do?
--- mod_tls.lua.orig 2019-01-09 08:27:05.743608146 -0500
+++ mod_tls.lua 2019-01-09 08:45:59.734927400 -0500
@@ -14,6 +14,7 @@
local s2s_require_encryption = module:get_option("s2s_require_encryption");
local allow_s2s_tls = module:get_option("s2s_allow_encryption") ~= false;
local s2s_secure_auth = module:get_option("s2s_secure_auth");
+local dialback_only_domains = module:get_option_set("s2s_dialback_only_domains", {})._items;
if s2s_secure_auth and s2s_require_encryption == false then
module:log("warn", "s2s_secure_auth implies s2s_require_encryption, but s2s_require_encryption is set to false");
@@ -65,7 +66,8 @@
module:hook_global("config-reloaded", module.load);
local function can_do_tls(session)
- if not session.conn.starttls then
+ session.log("debug", "can_do_tls: %s -> %s", session.to_host, session.from_host);
+ if not session.conn.starttls or dialback_only_domains[session.to_host] or dialback_only_domains[session.from_host] then
if not then
session.log("debug", "Underlying connection does not support STARTTLS");
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.