taken from 2.7.3 diff -Naurp postfix-2.7.0/src/smtp/smtp_proto.c postfix-2.7.0.oden/src/smtp/smtp_proto.c --- postfix-2.7.0/src/smtp/smtp_proto.c 2009-11-11 01:48:13.000000000 +0000 +++ postfix-2.7.0.oden/src/smtp/smtp_proto.c 2011-03-10 07:13:58.000000000 +0000 @@ -812,6 +812,9 @@ static int smtp_start_tls(SMTP_STATE *st SMTP_RESP_FAKE(&fake, "4.7.5"), "Server certificate not verified")); + /* At this point there must not be any pending plaintext. */ + vstream_fpurge(session->stream, VSTREAM_PURGE_BOTH); + /* * At this point we have to re-negotiate the "EHLO" to reget the * feature-list. diff -Naurp postfix-2.7.0/src/smtpd/smtpd.c postfix-2.7.0.oden/src/smtpd/smtpd.c --- postfix-2.7.0/src/smtpd/smtpd.c 2010-02-14 01:50:21.000000000 +0000 +++ postfix-2.7.0.oden/src/smtpd/smtpd.c 2011-03-10 07:14:03.000000000 +0000 @@ -4096,6 +4096,8 @@ static int starttls_cmd(SMTPD_STATE *sta smtpd_chat_reply(state, "220 2.0.0 Ready to start TLS"); /* Flush before we switch the stream's read/write routines. */ smtp_flush(state->client); + /* At this point there must not be any pending plaintext. */ + vstream_fpurge(state->client, VSTREAM_PURGE_BOTH); /* * Reset all inputs to the initial state.