Index: trac/notification.py
===================================================================
--- trac/notification.py	(revision 3327)
+++ trac/notification.py	(working copy)
@@ -70,9 +70,12 @@
         
         If this option is disabled (the default), recipients are put on BCC
         (''since 0.10'').""")
+        
+    use_tls = BoolOption('notification', 'use_tls', 'false',
+        """Use SSL/TLS to send notifications (''since 0.10'').""")
 
     maxheaderlen = Option('notification', 'maxheaderlen', '76',
-        """Maximum length of SMTP headers. (''since 0.10'').""")
+        """Maximum length of SMTP headers (''since 0.10'').""")
 
 
 class Notify(object):
@@ -134,6 +137,7 @@
     def __init__(self, env):
         Notify.__init__(self, env)
 
+        self._use_tls = self.env.config.getbool('notification', 'use_tls')
         self._init_pref_encoding()
         # Get the email addresses of all known users
         self.email_map = {}
@@ -251,6 +255,13 @@
 
     def begin_send(self):
         self.server = smtplib.SMTP(self.smtp_server, self.smtp_port)
+        # self.server.set_debuglevel(True)
+        if self._use_tls:
+            self.server.ehlo()
+            if not self.server.esmtp_features.has_key('starttls'):
+                raise TracError, "TLS enabled but server does not support TLS"
+            self.server.starttls()
+            self.server.ehlo()
         if self.user_name:
             self.server.login(self.user_name, self.password)
 
@@ -328,4 +339,13 @@
         self.server.sendmail(msg['From'], recipients, msgtext)
 
     def finish_send(self):
-        self.server.quit()
+        if self._use_tls:
+            # avoid false failure detection when the server closes
+            # the SMTP connection with TLS enabled
+            import socket
+            try:
+                self.server.quit()
+            except socket.sslerror:
+                pass
+        else:
+            self.server.quit()