diff -Nur -x '*.orig' -x '*.rej' qpsmtpd-0.95/lib/Qpsmtpd/SMTP.pm mezzanine_patched_qpsmtpd-0.95/lib/Qpsmtpd/SMTP.pm
--- qpsmtpd-0.95/lib/Qpsmtpd/SMTP.pm	2015-02-11 23:00:25.000000000 +0100
+++ mezzanine_patched_qpsmtpd-0.95/lib/Qpsmtpd/SMTP.pm	2015-12-16 22:37:30.919445045 +0100
@@ -241,7 +241,8 @@
     }
 
     my $offer_auth = 1;
-    if ($self->transaction->notes('tls_enabled') && ($self->config('tls_before_auth'))[0]) {
+    if (($self->transaction->notes('tls_enabled') || $self->transaction->notes('tls_force_disabled')) &&
+        ($self->config('tls_before_auth'))[0]) {
         $offer_auth = 0;
     }
 
diff -Nur -x '*.orig' -x '*.rej' qpsmtpd-0.95/plugins/tls mezzanine_patched_qpsmtpd-0.95/plugins/tls
--- qpsmtpd-0.95/plugins/tls	2015-02-11 23:00:25.000000000 +0100
+++ mezzanine_patched_qpsmtpd-0.95/plugins/tls	2015-12-16 22:33:23.603427932 +0100
@@ -133,9 +133,15 @@
 }
 
 sub hook_ehlo {
-    my ($self, $transaction) = @_;
+    my ($self, $transaction, $host) = @_;
     return DECLINED unless $self->can_do_tls;
     return DECLINED if $self->connection->notes('tls_enabled');
+    return DECLINED unless $host;
+    if ($self->_is_in_notls($host)) {
+        $self->log(LOGINFO, "Disabling TLS as host matches one of the notls config file");
+        $self->connection->notes('tls_force_disabled', 1);
+        return DECLINED;
+    }
     return DENY, "Command refused due to lack of security"
       if $transaction->notes('ssl_failed');
     my $cap = $transaction->notes('capabilities') || [];
@@ -197,6 +203,22 @@
     return DECLINED;
 }
 
+sub _is_in_notls {
+    my ($self, $host) = @_;
+
+    $host = lc $host;
+    foreach my $line ($self->qp->config('notls')) {
+        # If line is a regex
+        if ($line =~ /[\{\}\[\]\(\)\^\$\|\*\+\?\\\!]/ && $host =~ /$line/) {
+            return 1;
+        }
+        if ($host eq lc $line) {
+            return 1;
+        }
+    }
+    return;
+}
+
 sub _convert_to_ssl {
     my ($self) = @_;