--- qmail-smtpd.c	2003-11-02 20:46:50.000000000 +0200
+++ /root/qmail-smtpd.c	2003-10-18 18:39:12.000000000 +0300
@@ -41,7 +41,7 @@
 
 #define BMCHECK_BMF 0
 #define BMCHECK_BMT 1
-#define AUTHCRAM
+//#define AUTHCRAM
 #define MAXHOPS 100
 unsigned int databytes = 0;
 int timeout = 1200;
@@ -483,15 +483,16 @@
 void smtp_ehlo(arg) char *arg;
 {
   smtp_greet("250-");
-#ifdef AUTHCRAM
-  out("\r\n250-AUTH LOGIN CRAM-MD5 PLAIN");
-  out("\r\n250-AUTH=LOGIN CRAM-MD5 PLAIN");
-#else
-  out("\r\n250-AUTH LOGIN PLAIN");
-  out("\r\n250-AUTH=LOGIN PLAIN");
-#endif
 #ifdef TLS
   if (!ssl) out("\r\n250-STARTTLS");
+  else
+#endif
+#ifdef AUTHCRAM
+  out("\r\n250-AUTH LOGIN CRAM-MD5 PLAIN"
+      "\r\n250-AUTH=LOGIN CRAM-MD5 PLAIN");
+#else
+  out("\r\n250-AUTH LOGIN PLAIN"
+      "\r\n250-AUTH=LOGIN PLAIN");
 #endif
   smtp_size();
   out("\r\n250-PIPELINING\r\n250 8BITMIME\r\n");
@@ -879,6 +880,12 @@
 {
   int r;
 
+#ifdef TLS
+  if (!ssl) {
+    out("530 Must issue a STARTTLS command first (#5.7.0)\r\n");
+    return -1;
+  }
+#endif
   if (*arg) {
     if (r = b64decode(arg,str_len(arg),&user) == 1) return err_input();
   }
@@ -903,6 +910,12 @@
 {
   int r, id = 0;
 
+#ifdef TLS
+  if (!ssl) {
+    out("530 Must issue a STARTTLS command first (#5.7.0)\r\n");
+    return -1;
+  }
+#endif
   if (*arg) {
     if (r = b64decode(arg,str_len(arg),&slop) == 1) return err_input();
   }