projects / squirrelmail.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
fsf changes, meant to be rebased on upstream
[squirrelmail.git] / class / deliver / Deliver_SMTP.class.php
1 <?php
2
3 /**
4 * Deliver_SMTP.class.php
5 *
6 * SMTP delivery backend for the Deliver class.
7 *
8 * @copyright 1999-2022 The SquirrelMail Project Team
9 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
10 * @version $Id$
11 * @package squirrelmail
12 */
13
14 /** @ignore */
15 if (!defined('SM_PATH')) define('SM_PATH','../../');
16
17 /** This of course depends upon Deliver */
18 include_once(SM_PATH . 'class/deliver/Deliver.class.php');
19
20 /**
21 * Deliver messages using SMTP
22 * @package squirrelmail
23 */
24 class Deliver_SMTP extends Deliver {
25 /**
26 * Array keys are uppercased ehlo keywords
27 * array key values are ehlo params. If ehlo-param contains space, it is splitted into array.
28 * @var array ehlo
29 * @since 1.5.1
30 */
31 var $ehlo = array();
32 /**
33 * @var string domain
34 * @since 1.5.1
35 */
36 var $domain = '';
37 /**
38 * SMTP STARTTLS rfc: "Both the client and the server MUST know if there
39 * is a TLS session active."
40 * Variable should be set to true, when encryption is turned on.
41 * @var boolean
42 * @since 1.5.1
43 */
44 var $tls_enabled = false;
45 /**
46 * Private var
47 * var stream $stream
48 * @todo don't pass stream resource in class method arguments.
49 */
50 //var $stream = false;
51 /** @var string delivery error message */
52 var $dlv_msg = '';
53 /** @var integer delivery error number from server */
54 var $dlv_ret_nr = '';
55 /** @var string delivery error message from server */
56 var $dlv_server_msg = '';
57
58 function preWriteToStream(&$s) {
59 if ($s) {
60 if ($s[0] == '.') $s = '.' . $s;
61 $s = str_replace("\n.","\n..",$s);
62 }
63 }
64
65 function initStream($message, $domain, $length=0, $host='', $port='', $user='', $pass='', $authpop=false, $pop_host='', $stream_options=array()) {
66 global $use_smtp_tls,$smtp_auth_mech;
67
68 if ($authpop) {
69 $this->authPop($user, $pass, $pop_host, '');
70 }
71
72 $rfc822_header = $message->rfc822_header;
73
74 $from = $rfc822_header->from[0];
75 $to = $rfc822_header->to;
76 $cc = $rfc822_header->cc;
77 $bcc = $rfc822_header->bcc;
78 $content_type = $rfc822_header->content_type;
79
80 // MAIL FROM: <from address> MUST be empty in cae of MDN (RFC2298)
81 if ($content_type->type0 == 'multipart' &&
82 $content_type->type1 == 'report' &&
83 isset($content_type->properties['report-type']) &&
84 $content_type->properties['report-type']=='disposition-notification') {
85 // reinitialize the from object because otherwise the from header somehow
86 // is affected. This $from var is used for smtp command MAIL FROM which
87 // is not the same as what we put in the rfc822 header.
88 $from = new AddressStructure();
89 $from->host = '';
90 $from->mailbox = '';
91 }
92
93 // NB: Using "ssl://" ensures the highest possible TLS version
94 // will be negotiated with the server (whereas "tls://" only
95 // uses TLS version 1.0)
96 //
97 if ($use_smtp_tls == 1) {
98 if ((check_php_version(4,3)) && (extension_loaded('openssl'))) {
99 if (function_exists('stream_socket_client')) {
100 $server_address = 'ssl://' . $host . ':' . $port;
101 $ssl_context = @stream_context_create($stream_options);
102 $connect_timeout = ini_get('default_socket_timeout');
103 // null timeout is broken
104 if ($connect_timeout == 0)
105 $connect_timeout = 30;
106 $stream = @stream_socket_client($server_address, $errorNumber, $errorString, $connect_timeout, STREAM_CLIENT_CONNECT, $ssl_context);
107 } else {
108 $stream = @fsockopen('ssl://' . $host, $port, $errorNumber, $errorString);
109 }
110 $this->tls_enabled = true;
111 } else {
112 /**
113 * don't connect to server when user asks for smtps and
114 * PHP does not support it.
115 */
116 $errorNumber = '';
117 $errorString = _("Secure SMTP (TLS) is enabled in SquirrelMail configuration, but used PHP version does not support it.");
118 }
119 } else {
120 $stream = @fsockopen($host, $port, $errorNumber, $errorString);
121 }
122
123 if (!$stream) {
124 // reset tls state var to default value, if connection fails
125 $this->tls_enabled = false;
126 // set error messages
127 $this->dlv_msg = $errorString;
128 $this->dlv_ret_nr = $errorNumber;
129 $this->dlv_server_msg = _("Can't open SMTP stream.");
130 return(0);
131 }
132 // get server greeting
133 $tmp = fgets($stream, 1024);
134 if ($this->errorCheck($tmp, $stream)) {
135 return(0);
136 }
137
138 /*
139 * If $_SERVER['HTTP_HOST'] is set, use that in our HELO to the SMTP
140 * server. This should fix the DNS issues some people have had
141 */
142 if (sqgetGlobalVar('HTTP_HOST', $HTTP_HOST, SQ_SERVER)) { // HTTP_HOST is set
143 // optionally trim off port number
144 if($p = strrpos($HTTP_HOST, ':')) {
145 $HTTP_HOST = substr($HTTP_HOST, 0, $p);
146 }
147 $helohost = $HTTP_HOST;
148 } else { // For some reason, HTTP_HOST is not set - revert to old behavior
149 $helohost = $domain;
150 }
151
152 // if the host is an IPv4 address, enclose it in brackets
153 //
154 if (preg_match('/^\d+\.\d+\.\d+\.\d+$/', $helohost))
155 $helohost = '[' . $helohost . ']';
156
157 $hook_result = do_hook('smtp_helo_override', $helohost);
158 if (!empty($hook_result)) $helohost = $hook_result;
159
160 /* Lets introduce ourselves */
161 fputs($stream, "EHLO $helohost\r\n");
162 // Read ehlo response
163 $tmp = $this->parse_ehlo_response($stream);
164 if ($this->errorCheck($tmp,$stream)) {
165 // fall back to HELO if EHLO is not supported (error 5xx)
166 if ($this->dlv_ret_nr[0] == '5') {
167 fputs($stream, "HELO $helohost\r\n");
168 $tmp = fgets($stream,1024);
169 if ($this->errorCheck($tmp,$stream)) {
170 return(0);
171 }
172 } else {
173 return(0);
174 }
175 }
176
177 /**
178 * Implementing SMTP STARTTLS (rfc2487) in php 5.1.0+
179 * http://www.php.net/stream-socket-enable-crypto
180 */
181 if ($use_smtp_tls === 2) {
182 if (function_exists('stream_socket_enable_crypto')) {
183 // don't try starting tls, when client thinks that it is already active
184 if ($this->tls_enabled) {
185 $this->dlv_msg = _("TLS session is already activated.");
186 return 0;
187 } elseif (!array_key_exists('STARTTLS',$this->ehlo)) {
188 // check for starttls in ehlo response
189 $this->dlv_msg = _("SMTP STARTTLS is enabled in SquirrelMail configuration, but used SMTP server does not support it");
190 return 0;
191 }
192
193 // issue starttls command
194 fputs($stream, "STARTTLS\r\n");
195 // get response
196 $tmp = fgets($stream,1024);
197 if ($this->errorCheck($tmp,$stream)) {
198 return 0;
199 }
200
201 // start crypto on connection. suppress function errors.
202 if (@stream_socket_enable_crypto($stream,true,STREAM_CRYPTO_METHOD_TLS_CLIENT)) {
203 // starttls was successful (rfc2487 5.2 Result of the STARTTLS Command)
204 // get new EHLO response
205 fputs($stream, "EHLO $helohost\r\n");
206 // Read ehlo response
207 $tmp = $this->parse_ehlo_response($stream);
208 if ($this->errorCheck($tmp,$stream)) {
209 // don't revert to helo here. server must support ESMTP
210 return 0;
211 }
212 // set information about started tls
213 $this->tls_enabled = true;
214 } else {
215 /**
216 * stream_socket_enable_crypto() call failed.
217 */
218 $this->dlv_msg = _("Unable to start TLS.");
219 return 0;
220 // Bug: can't get error message. See comments in sqimap_create_stream().
221 }
222 } else {
223 // php install does not support stream_socket_enable_crypto() function
224 $this->dlv_msg = _("SMTP STARTTLS is enabled in SquirrelMail configuration, but used PHP version does not support functions that allow to enable encryption on open socket.");
225 return 0;
226 }
227 }
228
229 // FIXME: check ehlo response before using authentication
230
231 // Try authentication by a plugin
232 //
233 // NOTE: there is another hook in functions/auth.php called "smtp_auth"
234 // that allows a plugin to specify a different set of login credentials
235 // (so is slightly mis-named, but is too old to change), so be careful
236 // that you do not confuse your hook names.
237 //
238 $smtp_auth_args = array(
239 'auth_mech' => $smtp_auth_mech,
240 'user' => $user,
241 'pass' => $pass,
242 'host' => $host,
243 'port' => $port,
244 'stream' => $stream,
245 );
246 if (boolean_hook_function('smtp_authenticate', $smtp_auth_args, 1)) {
247 // authentication succeeded
248 } else if (( $smtp_auth_mech == 'cram-md5') or ( $smtp_auth_mech == 'digest-md5' )) {
249 // Doing some form of non-plain auth
250 if ($smtp_auth_mech == 'cram-md5') {
251 fputs($stream, "AUTH CRAM-MD5\r\n");
252 } elseif ($smtp_auth_mech == 'digest-md5') {
253 fputs($stream, "AUTH DIGEST-MD5\r\n");
254 }
255
256 $tmp = fgets($stream,1024);
257
258 if ($this->errorCheck($tmp,$stream)) {
259 return(0);
260 }
261
262 // At this point, $tmp should hold "334 <challenge string>"
263 $chall = substr($tmp,4);
264 // Depending on mechanism, generate response string
265 if ($smtp_auth_mech == 'cram-md5') {
266 $response = cram_md5_response($user,$pass,$chall);
267 } elseif ($smtp_auth_mech == 'digest-md5') {
268 $response = digest_md5_response($user,$pass,$chall,'smtp',$host);
269 }
270 fputs($stream, $response);
271
272 // Let's see what the server had to say about that
273 $tmp = fgets($stream,1024);
274 if ($this->errorCheck($tmp,$stream)) {
275 return(0);
276 }
277
278 // CRAM-MD5 is done at this point. If DIGEST-MD5, there's a bit more to go
279 if ($smtp_auth_mech == 'digest-md5') {
280 // $tmp contains rspauth, but I don't store that yet. (No need yet)
281 fputs($stream,"\r\n");
282 $tmp = fgets($stream,1024);
283
284 if ($this->errorCheck($tmp,$stream)) {
285 return(0);
286 }
287 }
288 // CRAM-MD5 and DIGEST-MD5 code ends here
289 } elseif ($smtp_auth_mech == 'none') {
290 // No auth at all, just send helo and then send the mail
291 // We already said hi earlier, nothing more is needed.
292 } elseif ($smtp_auth_mech == 'login') {
293 // The LOGIN method
294 fputs($stream, "AUTH LOGIN\r\n");
295 $tmp = fgets($stream, 1024);
296
297 if ($this->errorCheck($tmp, $stream)) {
298 return(0);
299 }
300 fputs($stream, base64_encode ($user) . "\r\n");
301 $tmp = fgets($stream, 1024);
302 if ($this->errorCheck($tmp, $stream)) {
303 return(0);
304 }
305
306 fputs($stream, base64_encode($pass) . "\r\n");
307 $tmp = fgets($stream, 1024);
308 if ($this->errorCheck($tmp, $stream)) {
309 return(0);
310 }
311 } elseif ($smtp_auth_mech == "plain") {
312 /* SASL Plain */
313 $auth = base64_encode("$user\0$user\0$pass");
314
315 $query = "AUTH PLAIN\r\n";
316 fputs($stream, $query);
317 $read=fgets($stream, 1024);
318
319 if (substr($read,0,3) == '334') { // OK so far..
320 fputs($stream, "$auth\r\n");
321 $read = fgets($stream, 1024);
322 }
323
324 $results=explode(" ",$read,3);
325 $response=$results[1];
326 $message=$results[2];
327 } else {
328 /* Right here, they've reached an unsupported auth mechanism.
329 This is the ugliest hack I've ever done, but it'll do till I can fix
330 things up better tomorrow. So tired... */
331 if ($this->errorCheck("535 Unable to use this auth type",$stream)) {
332 return(0);
333 }
334 }
335
336 /* Ok, who is sending the message? */
337 $fromaddress = (strlen($from->mailbox) && $from->host) ?
338 $from->mailbox.'@'.$from->host : '';
339 fputs($stream, 'MAIL FROM:<'.$fromaddress.">\r\n");
340 $tmp = fgets($stream, 1024);
341 if ($this->errorCheck($tmp, $stream)) {
342 return(0);
343 }
344
345 /* send who the recipients are */
346 for ($i = 0, $cnt = count($to); $i < $cnt; $i++) {
347 if (!$to[$i]->host) $to[$i]->host = $domain;
348 if (strlen($to[$i]->mailbox)) {
349 // Ask for DSN if user has requested such and remote server supports it
350 if (isset($rfc822_header->dsn) && $rfc822_header->dsn
351 && array_key_exists('DSN',$this->ehlo)) {
352 // TODO: Make the DSN parameters configurable by admin? user?
353 fputs($stream, 'RCPT TO:<'.$to[$i]->mailbox.'@'.$to[$i]->host."> NOTIFY=SUCCESS,DELAY,FAILURE\r\n");
354 // Retry without DSN fields for cranky MTAs
355 if ($this->errorCheck($tmp, $stream)) {
356 fputs($stream, 'RCPT TO:<'.$to[$i]->mailbox.'@'.$to[$i]->host.">\r\n");
357 }
358 }
359 else
360 fputs($stream, 'RCPT TO:<'.$to[$i]->mailbox.'@'.$to[$i]->host.">\r\n");
361 $tmp = fgets($stream, 1024);
362 if ($this->errorCheck($tmp, $stream)) {
363 return(0);
364 }
365 }
366 }
367
368 for ($i = 0, $cnt = count($cc); $i < $cnt; $i++) {
369 if (!$cc[$i]->host) $cc[$i]->host = $domain;
370 if (strlen($cc[$i]->mailbox)) {
371 // Ask for DSN if user has requested such and remote server supports it
372 if (isset($rfc822_header->dsn) && $rfc822_header->dsn
373 && array_key_exists('DSN',$this->ehlo)) {
374 // TODO: Make the DSN parameters configurable by admin? user?
375 fputs($stream, 'RCPT TO:<'.$cc[$i]->mailbox.'@'.$cc[$i]->host."> NOTIFY=SUCCESS,DELAY,FAILURE\r\n");
376 // Retry without DSN fields for cranky MTAs
377 if ($this->errorCheck($tmp, $stream)) {
378 fputs($stream, 'RCPT TO:<'.$cc[$i]->mailbox.'@'.$cc[$i]->host.">\r\n");
379 }
380 }
381 else
382 fputs($stream, 'RCPT TO:<'.$cc[$i]->mailbox.'@'.$cc[$i]->host.">\r\n");
383 $tmp = fgets($stream, 1024);
384 if ($this->errorCheck($tmp, $stream)) {
385 return(0);
386 }
387 }
388 }
389
390 for ($i = 0, $cnt = count($bcc); $i < $cnt; $i++) {
391 if (!$bcc[$i]->host) $bcc[$i]->host = $domain;
392 if (strlen($bcc[$i]->mailbox)) {
393 // Ask for DSN if user has requested such and remote server supports it
394 if (isset($rfc822_header->dsn) && $rfc822_header->dsn
395 && array_key_exists('DSN',$this->ehlo)) {
396 // TODO: Make the DSN parameters configurable by admin? user?
397 fputs($stream, 'RCPT TO:<'.$bcc[$i]->mailbox.'@'.$bcc[$i]->host."> NOTIFY=SUCCESS,DELAY,FAILURE\r\n");
398 // Retry without DSN fields for cranky MTAs
399 if ($this->errorCheck($tmp, $stream)) {
400 fputs($stream, 'RCPT TO:<'.$bcc[$i]->mailbox.'@'.$bcc[$i]->host.">\r\n");
401 }
402 }
403 else
404 fputs($stream, 'RCPT TO:<'.$bcc[$i]->mailbox.'@'.$bcc[$i]->host.">\r\n");
405 $tmp = fgets($stream, 1024);
406 if ($this->errorCheck($tmp, $stream)) {
407 return(0);
408 }
409 }
410 }
411 /* Lets start sending the actual message */
412 fputs($stream, "DATA\r\n");
413 $tmp = fgets($stream, 1024);
414 if ($this->errorCheck($tmp, $stream)) {
415 return(0);
416 }
417 return $stream;
418 }
419
420 function finalizeStream($stream) {
421 fputs($stream, "\r\n.\r\n"); /* end the DATA part */
422 $tmp = fgets($stream, 1024);
423 $this->errorCheck($tmp, $stream);
424 if ($this->dlv_ret_nr != 250) {
425 return(0);
426 }
427 fputs($stream, "QUIT\r\n"); /* log off */
428 fclose($stream);
429 return true;
430 }
431
432 /* check if an SMTP reply is an error and set an error message) */
433 function errorCheck($line, $smtpConnection) {
434
435 $err_num = substr($line, 0, 3);
436 $this->dlv_ret_nr = $err_num;
437 $server_msg = substr($line, 4);
438
439 while(substr($line, 0, 4) == ($err_num.'-')) {
440 $line = fgets($smtpConnection, 1024);
441 $server_msg .= substr($line, 4);
442 }
443
444 if ( ((int) $err_num[0]) < 4) {
445 return false;
446 }
447
448 switch ($err_num) {
449 case '421': $message = _("Service not available, closing channel");
450 break;
451 case '432': $message = _("A password transition is needed");
452 break;
453 case '450': $message = _("Requested mail action not taken: mailbox unavailable");
454 break;
455 case '451': $message = _("Requested action aborted: error in processing");
456 break;
457 case '452': $message = _("Requested action not taken: insufficient system storage");
458 break;
459 case '454': $message = _("Temporary authentication failure");
460 break;
461 case '500': $message = _("Syntax error; command not recognized");
462 break;
463 case '501': $message = _("Syntax error in parameters or arguments");
464 break;
465 case '502': $message = _("Command not implemented");
466 break;
467 case '503': $message = _("Bad sequence of commands");
468 break;
469 case '504': $message = _("Command parameter not implemented");
470 break;
471 case '530': $message = _("Authentication required");
472 break;
473 case '534': $message = _("Authentication mechanism is too weak");
474 break;
475 case '535': $message = _("Authentication failed");
476 break;
477 case '538': $message = _("Encryption required for requested authentication mechanism");
478 break;
479 case '550': $message = _("Requested action not taken: mailbox unavailable");
480 break;
481 case '551': $message = _("User not local; please try forwarding");
482 break;
483 case '552': $message = _("Requested mail action aborted: exceeding storage allocation");
484 break;
485 case '553': $message = _("Requested action not taken: mailbox name not allowed");
486 break;
487 case '554': $message = _("Transaction failed");
488 break;
489 default: $message = _("Unknown response");
490 break;
491 }
492
493 $this->dlv_msg = $message;
494 $this->dlv_server_msg = $server_msg;
495
496 return true;
497 }
498
499 function authPop($user, $pass, $pop_server='', $pop_port='') {
500 if (!$pop_port) {
501 $pop_port = 110;
502 }
503 if (!$pop_server) {
504 $pop_server = 'localhost';
505 }
506 $popConnection = @fsockopen($pop_server, $pop_port, $err_no, $err_str);
507 if (!$popConnection) {
508 error_log("Error connecting to POP Server ($pop_server:$pop_port)"
509 . " $err_no : $err_str");
510 return false;
511 } else {
512 $tmp = fgets($popConnection, 1024); /* banner */
513 if (substr($tmp, 0, 3) != '+OK') {
514 return false;
515 }
516 fputs($popConnection, "USER $user\r\n");
517 $tmp = fgets($popConnection, 1024);
518 if (substr($tmp, 0, 3) != '+OK') {
519 return false;
520 }
521 fputs($popConnection, 'PASS ' . $pass . "\r\n");
522 $tmp = fgets($popConnection, 1024);
523 if (substr($tmp, 0, 3) != '+OK') {
524 return false;
525 }
526 fputs($popConnection, "QUIT\r\n"); /* log off */
527 fclose($popConnection);
528 }
529 return true;
530 }
531
532 /**
533 * Parses ESMTP EHLO response (rfc1869)
534 *
535 * Reads SMTP response to EHLO command and fills class variables
536 * (ehlo array and domain string). Returns last line.
537 * @param stream $stream smtp connection stream.
538 * @return string last ehlo line
539 * @since 1.5.1
540 */
541 function parse_ehlo_response($stream) {
542 // don't cache ehlo information
543 $this->ehlo=array();
544 $ret = '';
545 $firstline = true;
546 /**
547 * ehlo mailclient.example.org
548 * 250-mail.example.org
549 * 250-PIPELINING
550 * 250-SIZE 52428800
551 * 250-DATAZ
552 * 250-STARTTLS
553 * 250-AUTH LOGIN PLAIN
554 * 250 8BITMIME
555 */
556 while ($line=fgets($stream, 1024)){
557 // match[1] = first symbol after 250
558 // match[2] = domain or ehlo-keyword
559 // match[3] = greeting or ehlo-param
560 // match space after keyword in ehlo-keyword CR LF
561 if (preg_match("/^250(-|\s)(\S*)\s+(\S.*)\r\n/",$line,$match)||
562 preg_match("/^250(-|\s)(\S*)\s*\r\n/",$line,$match)) {
563 if ($firstline) {
564 // first ehlo line (250[-\ ]domain SP greeting)
565 $this->domain = $match[2];
566 $firstline=false;
567 } elseif (!isset($match[3])) {
568 // simple one word extension
569 $this->ehlo[strtoupper($match[2])]='';
570 } elseif (!preg_match("/\s/",trim($match[3]))) {
571 // extension with one option
572 // yes, I know about ctype extension. no, i don't want to depend on it
573 $this->ehlo[strtoupper($match[2])]=trim($match[3]);
574 } else {
575 // ehlo-param with spaces
576 $this->ehlo[strtoupper($match[2])]=explode(' ',trim($match[3]));
577 }
578 if ($match[1]==' ') {
579 // stop while cycle, if we reach last 250 line
580 $ret = $line;
581 break;
582 }
583 } else {
584 // this is not 250 response
585 $ret = $line;
586 break;
587 }
588 }
589 return $ret;
590 }
591 }
Unnamed repository; edit this file 'description' to name the repository.