e1ee60fe |
1 | <?php |
4b4abf93 |
2 | |
5b8fd093 |
3 | /** |
4b4abf93 |
4 | * Deliver_SMTP.class.php |
5 | * |
a15f9d93 |
6 | * SMTP delivery backend for the Deliver class. |
4b4abf93 |
7 | * |
47ccfad4 |
8 | * @copyright © 1999-2006 The SquirrelMail Project Team |
4b4abf93 |
9 | * @license http://opensource.org/licenses/gpl-license.php GNU Public License |
10 | * @version $Id$ |
11 | * @package squirrelmail |
12 | */ |
e1ee60fe |
13 | |
a15f9d93 |
14 | /** @ignore */ |
15 | if (!defined('SM_PATH')) define('SM_PATH','../../'); |
16 | |
2b646597 |
17 | /** This of course depends upon Deliver */ |
a15f9d93 |
18 | include_once(SM_PATH . 'class/deliver/Deliver.class.php'); |
e1ee60fe |
19 | |
2b646597 |
20 | /** |
4b4abf93 |
21 | * Deliver messages using SMTP |
22 | * @package squirrelmail |
23 | */ |
e1ee60fe |
24 | class Deliver_SMTP extends Deliver { |
a15f9d93 |
25 | /** |
26 | * Array keys are uppercased ehlo keywords |
27 | * array key values are ehlo params. If ehlo-param contains space, it is splitted into array. |
28 | * @var array ehlo |
29 | * @since 1.5.1 |
30 | */ |
31 | var $ehlo = array(); |
32 | /** |
33 | * @var string domain |
34 | * @since 1.5.1 |
35 | */ |
36 | var $domain = ''; |
37 | /** |
38 | * SMTP STARTTLS rfc: "Both the client and the server MUST know if there |
39 | * is a TLS session active." |
40 | * Variable should be set to true, when encryption is turned on. |
41 | * @var boolean |
42 | * @since 1.5.1 |
43 | */ |
44 | var $tls_enabled = false; |
45 | /** |
46 | * Private var |
47 | * var stream $stream |
48 | * @todo don't pass stream resource in class method arguments. |
49 | */ |
50 | //var $stream = false; |
51 | /** @var string delivery error message */ |
52 | var $dlv_msg = ''; |
53 | /** @var integer delivery error number from server */ |
54 | var $dlv_ret_nr = ''; |
55 | /** @var string delivery error message from server */ |
56 | var $dlv_server_msg = ''; |
e1ee60fe |
57 | |
5fe73b9f |
58 | function preWriteToStream(&$s) { |
eeb17be5 |
59 | if ($s) { |
60 | if ($s{0} == '.') $s = '.' . $s; |
61 | $s = str_replace("\n.","\n..",$s); |
62 | } |
5fe73b9f |
63 | } |
91e0dccc |
64 | |
5fe73b9f |
65 | function initStream($message, $domain, $length=0, $host='', $port='', $user='', $pass='', $authpop=false) { |
eeb17be5 |
66 | global $use_smtp_tls,$smtp_auth_mech; |
91e0dccc |
67 | |
eeb17be5 |
68 | if ($authpop) { |
69 | $this->authPop($host, '', $user, $pass); |
22bd1baf |
70 | } |
91e0dccc |
71 | |
eeb17be5 |
72 | $rfc822_header = $message->rfc822_header; |
91e0dccc |
73 | |
eeb17be5 |
74 | $from = $rfc822_header->from[0]; |
75 | $to = $rfc822_header->to; |
76 | $cc = $rfc822_header->cc; |
77 | $bcc = $rfc822_header->bcc; |
78 | $content_type = $rfc822_header->content_type; |
33feaaec |
79 | |
eeb17be5 |
80 | // MAIL FROM: <from address> MUST be empty in cae of MDN (RFC2298) |
91e0dccc |
81 | if ($content_type->type0 == 'multipart' && |
eeb17be5 |
82 | $content_type->type1 == 'report' && |
83 | isset($content_type->properties['report-type']) && |
84 | $content_type->properties['report-type']=='disposition-notification') { |
85 | $from->host = ''; |
86 | $from->mailbox = ''; |
91e0dccc |
87 | } |
88 | |
a15f9d93 |
89 | if ($use_smtp_tls == 1) { |
90 | if ((check_php_version(4,3)) && (extension_loaded('openssl'))) { |
91 | $stream = @fsockopen('tls://' . $host, $port, $errorNumber, $errorString); |
92 | $this->tls_enabled = true; |
93 | } else { |
94 | /** |
95 | * don't connect to server when user asks for smtps and |
96 | * PHP does not support it. |
97 | */ |
98 | $errorNumber = ''; |
99 | $errorString = _("Secure SMTP (TLS) is enabled in SquirrelMail configuration, but used PHP version does not support it."); |
100 | } |
eeb17be5 |
101 | } else { |
feb5a839 |
102 | $stream = @fsockopen($host, $port, $errorNumber, $errorString); |
eeb17be5 |
103 | } |
91e0dccc |
104 | |
eeb17be5 |
105 | if (!$stream) { |
a15f9d93 |
106 | // reset tls state var to default value, if connection fails |
107 | $this->tls_enabled = false; |
108 | // set error messages |
eeb17be5 |
109 | $this->dlv_msg = $errorString; |
110 | $this->dlv_ret_nr = $errorNumber; |
c585e898 |
111 | $this->dlv_server_msg = _("Can't open SMTP stream."); |
eeb17be5 |
112 | return(0); |
113 | } |
a15f9d93 |
114 | // get server greeting |
eeb17be5 |
115 | $tmp = fgets($stream, 1024); |
116 | if ($this->errorCheck($tmp, $stream)) { |
117 | return(0); |
118 | } |
91e0dccc |
119 | |
120 | /* |
4b4abf93 |
121 | * If $_SERVER['HTTP_HOST'] is set, use that in our HELO to the SMTP |
122 | * server. This should fix the DNS issues some people have had |
123 | */ |
eeb17be5 |
124 | if (sqgetGlobalVar('HTTP_HOST', $HTTP_HOST, SQ_SERVER)) { // HTTP_HOST is set |
125 | // optionally trim off port number |
126 | if($p = strrpos($HTTP_HOST, ':')) { |
127 | $HTTP_HOST = substr($HTTP_HOST, 0, $p); |
128 | } |
129 | $helohost = $HTTP_HOST; |
130 | } else { // For some reason, HTTP_HOST is not set - revert to old behavior |
131 | $helohost = $domain; |
132 | } |
91e0dccc |
133 | |
eeb17be5 |
134 | /* Lets introduce ourselves */ |
135 | fputs($stream, "EHLO $helohost\r\n"); |
a15f9d93 |
136 | // Read ehlo response |
137 | $tmp = $this->parse_ehlo_response($stream); |
eeb17be5 |
138 | if ($this->errorCheck($tmp,$stream)) { |
df3a8577 |
139 | // fall back to HELO if EHLO is not supported |
06709b31 |
140 | if ($this->dlv_ret_nr == '500') { |
df3a8577 |
141 | fputs($stream, "HELO $helohost\r\n"); |
142 | $tmp = fgets($stream,1024); |
143 | if ($this->errorCheck($tmp,$stream)) { |
144 | return(0); |
145 | } |
146 | } else { |
147 | return(0); |
148 | } |
eeb17be5 |
149 | } |
91e0dccc |
150 | |
a15f9d93 |
151 | /** |
152 | * Implementing SMTP STARTTLS (rfc2487) in php 5.1.0+ |
153 | * http://www.php.net/stream-socket-enable-crypto |
154 | */ |
c4de9863 |
155 | if ($use_smtp_tls === 2) { |
a15f9d93 |
156 | if (function_exists('stream_socket_enable_crypto')) { |
157 | // don't try starting tls, when client thinks that it is already active |
158 | if ($this->tls_enabled) { |
159 | $this->dlv_msg = _("TLS session is already activated."); |
160 | return 0; |
161 | } elseif (!array_key_exists('STARTTLS',$this->ehlo)) { |
162 | // check for starttls in ehlo response |
163 | $this->dlv_msg = _("SMTP STARTTLS is enabled in SquirrelMail configuration, but used SMTP server does not support it"); |
164 | return 0; |
165 | } |
166 | |
167 | // issue starttls command |
168 | fputs($stream, "STARTTLS\r\n"); |
169 | // get response |
170 | $tmp = fgets($stream,1024); |
171 | if ($this->errorCheck($tmp,$stream)) { |
172 | return 0; |
173 | } |
174 | |
175 | // start crypto on connection. suppress function errors. |
176 | if (@stream_socket_enable_crypto($stream,true,STREAM_CRYPTO_METHOD_TLS_CLIENT)) { |
177 | // starttls was successful (rfc2487 5.2 Result of the STARTTLS Command) |
178 | // get new EHLO response |
179 | fputs($stream, "EHLO $helohost\r\n"); |
180 | // Read ehlo response |
181 | $tmp = $this->parse_ehlo_response($stream); |
182 | if ($this->errorCheck($tmp,$stream)) { |
183 | // don't revert to helo here. server must support ESMTP |
184 | return 0; |
185 | } |
186 | // set information about started tls |
187 | $this->tls_enabled = true; |
188 | } else { |
189 | /** |
190 | * stream_socket_enable_crypto() call failed. |
191 | */ |
192 | $this->dlv_msg = _("Unable to start TLS."); |
193 | return 0; |
194 | // Bug: can't get error message. See comments in sqimap_create_stream(). |
195 | } |
196 | } else { |
197 | // php install does not support stream_socket_enable_crypto() function |
198 | $this->dlv_msg = _("SMTP STARTTLS is enabled in SquirrelMail configuration, but used PHP version does not support functions that allow to enable encryption on open socket."); |
199 | return 0; |
200 | } |
201 | } |
202 | |
203 | // FIXME: check ehlo response before using authentication |
eeb17be5 |
204 | if (( $smtp_auth_mech == 'cram-md5') or ( $smtp_auth_mech == 'digest-md5' )) { |
205 | // Doing some form of non-plain auth |
206 | if ($smtp_auth_mech == 'cram-md5') { |
207 | fputs($stream, "AUTH CRAM-MD5\r\n"); |
208 | } elseif ($smtp_auth_mech == 'digest-md5') { |
209 | fputs($stream, "AUTH DIGEST-MD5\r\n"); |
210 | } |
91e0dccc |
211 | |
eeb17be5 |
212 | $tmp = fgets($stream,1024); |
91e0dccc |
213 | |
eeb17be5 |
214 | if ($this->errorCheck($tmp,$stream)) { |
215 | return(0); |
216 | } |
91e0dccc |
217 | |
eeb17be5 |
218 | // At this point, $tmp should hold "334 <challenge string>" |
219 | $chall = substr($tmp,4); |
91e0dccc |
220 | // Depending on mechanism, generate response string |
eeb17be5 |
221 | if ($smtp_auth_mech == 'cram-md5') { |
222 | $response = cram_md5_response($user,$pass,$chall); |
223 | } elseif ($smtp_auth_mech == 'digest-md5') { |
224 | $response = digest_md5_response($user,$pass,$chall,'smtp',$host); |
225 | } |
226 | fputs($stream, $response); |
91e0dccc |
227 | |
eeb17be5 |
228 | // Let's see what the server had to say about that |
229 | $tmp = fgets($stream,1024); |
230 | if ($this->errorCheck($tmp,$stream)) { |
231 | return(0); |
232 | } |
91e0dccc |
233 | |
eeb17be5 |
234 | // CRAM-MD5 is done at this point. If DIGEST-MD5, there's a bit more to go |
235 | if ($smtp_auth_mech == 'digest-md5') { |
236 | // $tmp contains rspauth, but I don't store that yet. (No need yet) |
237 | fputs($stream,"\r\n"); |
238 | $tmp = fgets($stream,1024); |
91e0dccc |
239 | |
eeb17be5 |
240 | if ($this->errorCheck($tmp,$stream)) { |
241 | return(0); |
242 | } |
243 | } |
244 | // CRAM-MD5 and DIGEST-MD5 code ends here |
245 | } elseif ($smtp_auth_mech == 'none') { |
246 | // No auth at all, just send helo and then send the mail |
247 | // We already said hi earlier, nothing more is needed. |
248 | } elseif ($smtp_auth_mech == 'login') { |
249 | // The LOGIN method |
250 | fputs($stream, "AUTH LOGIN\r\n"); |
251 | $tmp = fgets($stream, 1024); |
91e0dccc |
252 | |
eeb17be5 |
253 | if ($this->errorCheck($tmp, $stream)) { |
254 | return(0); |
255 | } |
256 | fputs($stream, base64_encode ($user) . "\r\n"); |
257 | $tmp = fgets($stream, 1024); |
258 | if ($this->errorCheck($tmp, $stream)) { |
259 | return(0); |
260 | } |
91e0dccc |
261 | |
eeb17be5 |
262 | fputs($stream, base64_encode($pass) . "\r\n"); |
263 | $tmp = fgets($stream, 1024); |
264 | if ($this->errorCheck($tmp, $stream)) { |
265 | return(0); |
266 | } |
267 | } elseif ($smtp_auth_mech == "plain") { |
268 | /* SASL Plain */ |
269 | $auth = base64_encode("$user\0$user\0$pass"); |
91e0dccc |
270 | |
eeb17be5 |
271 | $query = "AUTH PLAIN\r\n"; |
272 | fputs($stream, $query); |
273 | $read=fgets($stream, 1024); |
91e0dccc |
274 | |
eeb17be5 |
275 | if (substr($read,0,3) == '334') { // OK so far.. |
276 | fputs($stream, "$auth\r\n"); |
277 | $read = fgets($stream, 1024); |
278 | } |
91e0dccc |
279 | |
eeb17be5 |
280 | $results=explode(" ",$read,3); |
281 | $response=$results[1]; |
282 | $message=$results[2]; |
283 | } else { |
284 | /* Right here, they've reached an unsupported auth mechanism. |
285 | This is the ugliest hack I've ever done, but it'll do till I can fix |
286 | things up better tomorrow. So tired... */ |
287 | if ($this->errorCheck("535 Unable to use this auth type",$stream)) { |
288 | return(0); |
289 | } |
290 | } |
91e0dccc |
291 | |
eeb17be5 |
292 | /* Ok, who is sending the message? */ |
91e0dccc |
293 | $fromaddress = ($from->mailbox && $from->host) ? |
eeb17be5 |
294 | $from->mailbox.'@'.$from->host : ''; |
295 | fputs($stream, 'MAIL FROM:<'.$fromaddress.">\r\n"); |
296 | $tmp = fgets($stream, 1024); |
297 | if ($this->errorCheck($tmp, $stream)) { |
298 | return(0); |
299 | } |
91e0dccc |
300 | |
eeb17be5 |
301 | /* send who the recipients are */ |
302 | for ($i = 0, $cnt = count($to); $i < $cnt; $i++) { |
303 | if (!$to[$i]->host) $to[$i]->host = $domain; |
304 | if ($to[$i]->mailbox) { |
305 | fputs($stream, 'RCPT TO:<'.$to[$i]->mailbox.'@'.$to[$i]->host.">\r\n"); |
306 | $tmp = fgets($stream, 1024); |
307 | if ($this->errorCheck($tmp, $stream)) { |
308 | return(0); |
309 | } |
310 | } |
311 | } |
91e0dccc |
312 | |
313 | for ($i = 0, $cnt = count($cc); $i < $cnt; $i++) { |
eeb17be5 |
314 | if (!$cc[$i]->host) $cc[$i]->host = $domain; |
315 | if ($cc[$i]->mailbox) { |
316 | fputs($stream, 'RCPT TO:<'.$cc[$i]->mailbox.'@'.$cc[$i]->host.">\r\n"); |
317 | $tmp = fgets($stream, 1024); |
318 | if ($this->errorCheck($tmp, $stream)) { |
319 | return(0); |
320 | } |
321 | } |
322 | } |
91e0dccc |
323 | |
eeb17be5 |
324 | for ($i = 0, $cnt = count($bcc); $i < $cnt; $i++) { |
325 | if (!$bcc[$i]->host) $bcc[$i]->host = $domain; |
326 | if ($bcc[$i]->mailbox) { |
327 | fputs($stream, 'RCPT TO:<'.$bcc[$i]->mailbox.'@'.$bcc[$i]->host.">\r\n"); |
328 | $tmp = fgets($stream, 1024); |
329 | if ($this->errorCheck($tmp, $stream)) { |
330 | return(0); |
331 | } |
332 | } |
333 | } |
334 | /* Lets start sending the actual message */ |
335 | fputs($stream, "DATA\r\n"); |
5fe73b9f |
336 | $tmp = fgets($stream, 1024); |
eeb17be5 |
337 | if ($this->errorCheck($tmp, $stream)) { |
338 | return(0); |
5fe73b9f |
339 | } |
eeb17be5 |
340 | return $stream; |
5fe73b9f |
341 | } |
91e0dccc |
342 | |
5fe73b9f |
343 | function finalizeStream($stream) { |
eeb17be5 |
344 | fputs($stream, "\r\n.\r\n"); /* end the DATA part */ |
345 | $tmp = fgets($stream, 1024); |
346 | $this->errorCheck($tmp, $stream); |
347 | if ($this->dlv_ret_nr != 250) { |
348 | return(0); |
349 | } |
350 | fputs($stream, "QUIT\r\n"); /* log off */ |
351 | fclose($stream); |
352 | return true; |
5fe73b9f |
353 | } |
91e0dccc |
354 | |
ca71b2db |
355 | /* check if an SMTP reply is an error and set an error message) */ |
5fe73b9f |
356 | function errorCheck($line, $smtpConnection) { |
ca71b2db |
357 | |
358 | $err_num = substr($line, 0, 3); |
359 | $this->dlv_ret_nr = $err_num; |
360 | $server_msg = substr($line, 4); |
361 | |
362 | while(substr($line, 0, 4) == ($err_num.'-')) { |
363 | $line = fgets($smtpConnection, 1024); |
364 | $server_msg .= substr($line, 4); |
365 | } |
366 | |
eeb17be5 |
367 | if ( ((int) $err_num{0}) < 4) { |
368 | return false; |
ca71b2db |
369 | } |
370 | |
371 | switch ($err_num) { |
372 | case '421': $message = _("Service not available, closing channel"); |
373 | break; |
374 | case '432': $message = _("A password transition is needed"); |
375 | break; |
376 | case '450': $message = _("Requested mail action not taken: mailbox unavailable"); |
377 | break; |
378 | case '451': $message = _("Requested action aborted: error in processing"); |
379 | break; |
380 | case '452': $message = _("Requested action not taken: insufficient system storage"); |
381 | break; |
382 | case '454': $message = _("Temporary authentication failure"); |
383 | break; |
384 | case '500': $message = _("Syntax error; command not recognized"); |
385 | break; |
386 | case '501': $message = _("Syntax error in parameters or arguments"); |
387 | break; |
388 | case '502': $message = _("Command not implemented"); |
389 | break; |
390 | case '503': $message = _("Bad sequence of commands"); |
391 | break; |
392 | case '504': $message = _("Command parameter not implemented"); |
91e0dccc |
393 | break; |
ca71b2db |
394 | case '530': $message = _("Authentication required"); |
395 | break; |
396 | case '534': $message = _("Authentication mechanism is too weak"); |
397 | break; |
398 | case '535': $message = _("Authentication failed"); |
399 | break; |
400 | case '538': $message = _("Encryption required for requested authentication mechanism"); |
401 | break; |
402 | case '550': $message = _("Requested action not taken: mailbox unavailable"); |
403 | break; |
404 | case '551': $message = _("User not local; please try forwarding"); |
405 | break; |
406 | case '552': $message = _("Requested mail action aborted: exceeding storage allocation"); |
407 | break; |
408 | case '553': $message = _("Requested action not taken: mailbox name not allowed"); |
409 | break; |
410 | case '554': $message = _("Transaction failed"); |
411 | break; |
412 | default: $message = _("Unknown response"); |
413 | break; |
414 | } |
415 | |
416 | $this->dlv_msg = $message; |
a15f9d93 |
417 | $this->dlv_server_msg = $server_msg; |
ca71b2db |
418 | |
5fe73b9f |
419 | return true; |
420 | } |
91e0dccc |
421 | |
5fe73b9f |
422 | function authPop($pop_server='', $pop_port='', $user, $pass) { |
423 | if (!$pop_port) { |
424 | $pop_port = 110; |
425 | } |
426 | if (!$pop_server) { |
427 | $pop_server = 'localhost'; |
428 | } |
429 | $popConnection = fsockopen($pop_server, $pop_port, $err_no, $err_str); |
430 | if (!$popConnection) { |
431 | error_log("Error connecting to POP Server ($pop_server:$pop_port)" |
eeb17be5 |
432 | . " $err_no : $err_str"); |
5fe73b9f |
433 | } else { |
434 | $tmp = fgets($popConnection, 1024); /* banner */ |
22bd1baf |
435 | if (substr($tmp, 0, 3) != '+OK') { |
5fe73b9f |
436 | return(0); |
437 | } |
438 | fputs($popConnection, "USER $user\r\n"); |
439 | $tmp = fgets($popConnection, 1024); |
22bd1baf |
440 | if (substr($tmp, 0, 3) != '+OK') { |
5fe73b9f |
441 | return(0); |
442 | } |
443 | fputs($popConnection, 'PASS ' . $pass . "\r\n"); |
444 | $tmp = fgets($popConnection, 1024); |
22bd1baf |
445 | if (substr($tmp, 0, 3) != '+OK') { |
5fe73b9f |
446 | return(0); |
447 | } |
448 | fputs($popConnection, "QUIT\r\n"); /* log off */ |
449 | fclose($popConnection); |
450 | } |
451 | } |
a15f9d93 |
452 | |
453 | /** |
454 | * Parses ESMTP EHLO response (rfc1869) |
455 | * |
456 | * Reads SMTP response to EHLO command and fills class variables |
457 | * (ehlo array and domain string). Returns last line. |
458 | * @param stream $stream smtp connection stream. |
459 | * @return string last ehlo line |
460 | * @since 1.5.1 |
461 | */ |
462 | function parse_ehlo_response($stream) { |
463 | // don't cache ehlo information |
464 | $this->ehlo=array(); |
465 | $ret = ''; |
466 | $firstline = true; |
467 | /** |
468 | * ehlo mailclient.example.org |
469 | * 250-mail.example.org |
470 | * 250-PIPELINING |
471 | * 250-SIZE 52428800 |
472 | * 250-DATAZ |
473 | * 250-STARTTLS |
474 | * 250-AUTH LOGIN PLAIN |
475 | * 250 8BITMIME |
476 | */ |
477 | while ($line=fgets($stream, 1024)){ |
478 | // match[1] = first symbol after 250 |
479 | // match[2] = domain or ehlo-keyword |
480 | // match[3] = greeting or ehlo-param |
481 | // match space after keyword in ehlo-keyword CR LF |
482 | if (preg_match("/^250(-|\s)(\S*)\s+(\S.*)\r\n/",$line,$match)|| |
483 | preg_match("/^250(-|\s)(\S*)\s*\r\n/",$line,$match)) { |
484 | if ($firstline) { |
485 | // first ehlo line (250[-\ ]domain SP greeting) |
486 | $this->domain = $match[2]; |
487 | $firstline=false; |
488 | } elseif (!isset($match[3])) { |
489 | // simple one word extension |
490 | $this->ehlo[strtoupper($match[2])]=''; |
491 | } elseif (!preg_match("/\s/",trim($match[3]))) { |
492 | // extension with one option |
493 | // yes, I know about ctype extension. no, i don't want to depend on it |
494 | $this->ehlo[strtoupper($match[2])]=trim($match[3]); |
495 | } else { |
496 | // ehlo-param with spaces |
497 | $this->ehlo[strtoupper($match[2])]=explode(' ',trim($match[3])); |
498 | } |
499 | if ($match[1]==' ') { |
500 | // stop while cycle, if we reach last 250 line |
501 | $ret = $line; |
502 | break; |
503 | } |
504 | } else { |
505 | // this is not 250 response |
506 | $ret = $line; |
507 | break; |
508 | } |
509 | } |
510 | return $ret; |
511 | } |
e1ee60fe |
512 | } |
5fe73b9f |
513 | |
c4de9863 |
514 | ?> |