From 37f4567f9a3e6fcb0201cede1541e6cb6e68b216 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Tue, 9 Aug 2022 11:04:40 +0200
Subject: [server] Send another EHLO after STARTTLS, as we SHOULD

https://www.rfc-editor.org/rfc/rfc2487
---
 .../src/main/java/org/openslx/bwlp/sat/mail/SmtpMailer.java   | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'dozentenmodulserver')

diff --git a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/mail/SmtpMailer.java b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/mail/SmtpMailer.java
index d7859f3c..c2faef9a 100644
--- a/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/mail/SmtpMailer.java
+++ b/dozentenmodulserver/src/main/java/org/openslx/bwlp/sat/mail/SmtpMailer.java
@@ -76,8 +76,15 @@ public class SmtpMailer {
 			if (!client.elogin("bwlehrpool.sat")) {
 				throw new LoginException("SMTP server rejected EHLO");
 			}
-			if (ssl == EncryptionMode.EXPLICIT && !client.execTLS()) {
-				throw new LoginException("STARTTLS (explicit TLS) failed");
+			if (ssl == EncryptionMode.EXPLICIT) {
+				if (!client.execTLS()) {
+					throw new LoginException("STARTTLS (explicit TLS) failed");
+				}
+				// Not checking result of this. We SHOULD do this according to RFC2487, and didn't previously, which
+				// worked fine for a long time. Now we stumbled upon a gateway that REQUIRES another EHLO after
+				// STARTTLS. If for some reason this fails, it might still be a valid session from the first EHLO
+				// I guess, so just try to keep going until something else breaks. :-/
+				client.elogin("bwlehrpool.sat");
 			}
 			if (!Util.isEmptyString(username)) {
 				boolean authed = false;
-- 
cgit v1.2.3-55-g7522