--- acl_.c      2007-11-11 12:57:19.000000000 +0100
+++ acl.c       2008-02-19 15:02:19.000000000 +0100
@@ -773,13 +773,19 @@
        char *verify;
        char *dn;

-       if (((verify = smfi_getsymval(priv->priv_ctx, "{verify}")) == NULL) ||
-           (strcmp(verify, "OK") != 0) ||
-           ((dn = smfi_getsymval(priv->priv_ctx, "{cert_subject}")) == NULL))
+       if ((verify = smfi_getsymval(priv->priv_ctx, "{verify}")) != NULL) {
+           // "racl tls any" support - match anyone willing to STARTTLS - even those MTA's without a private certificate to present
+           if ((strcmp("any", ad->string) == 0) &&
+               ((strcmp(verify, "OK") != 0) || (strcmp(verify, "NO") != 0)))
+               return 1;
+
+           if ((strcmp(verify, "OK") != 0) ||
+               ((dn = smfi_getsymval(priv->priv_ctx, "{cert_subject}")) == NULL))
                return 0;

-       if (strcmp(dn, ad->string) == 0)
+           if (strcmp(dn, ad->string) == 0)
                return 1;
+       }

        return 0;
 }