X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=class%2Fdeliver%2FDeliver_SMTP.class.php;h=4c128cd38b6757530ce2a03236a658b9a7bea5ca;hb=049dd3d14ad72a9d624f6b67826e82ad1015c9dc;hp=5ac04372047de524ff5a7872807e8230ec9b613b;hpb=7d38dfaebed3ec3878a9fb36186ee63280caa19f;p=squirrelmail.git diff --git a/class/deliver/Deliver_SMTP.class.php b/class/deliver/Deliver_SMTP.class.php index 5ac04372..4c128cd3 100644 --- a/class/deliver/Deliver_SMTP.class.php +++ b/class/deliver/Deliver_SMTP.class.php @@ -5,7 +5,7 @@ * * SMTP delivery backend for the Deliver class. * - * @copyright © 1999-2007 The SquirrelMail Project Team + * @copyright 1999-2017 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package squirrelmail @@ -62,11 +62,11 @@ class Deliver_SMTP extends Deliver { } } - function initStream($message, $domain, $length=0, $host='', $port='', $user='', $pass='', $authpop=false) { + function initStream($message, $domain, $length=0, $host='', $port='', $user='', $pass='', $authpop=false, $pop_host='', $stream_options=array()) { global $use_smtp_tls,$smtp_auth_mech; if ($authpop) { - $this->authPop($host, '', $user, $pass); + $this->authPop($pop_host, '', $user, $pass); } $rfc822_header = $message->rfc822_header; @@ -90,9 +90,23 @@ class Deliver_SMTP extends Deliver { $from->mailbox = ''; } + // NB: Using "ssl://" ensures the highest possible TLS version + // will be negotiated with the server (whereas "tls://" only + // uses TLS version 1.0) + // if ($use_smtp_tls == 1) { if ((check_php_version(4,3)) && (extension_loaded('openssl'))) { - $stream = @fsockopen('tls://' . $host, $port, $errorNumber, $errorString); + if (function_exists('stream_socket_client')) { + $server_address = 'ssl://' . $host . ':' . $port; + $ssl_context = @stream_context_create($stream_options); + $connect_timeout = ini_get('default_socket_timeout'); + // null timeout is broken + if ($connect_timeout == 0) + $connect_timeout = 30; + $stream = @stream_socket_client($server_address, $errorNumber, $errorString, $connect_timeout, STREAM_CLIENT_CONNECT, $ssl_context); + } else { + $stream = @fsockopen('ssl://' . $host, $port, $errorNumber, $errorString); + } $this->tls_enabled = true; } else { /** @@ -135,6 +149,14 @@ class Deliver_SMTP extends Deliver { $helohost = $domain; } + // if the host is an IPv4 address, enclose it in brackets + // + if (preg_match('/^\d+\.\d+\.\d+\.\d+$/', $helohost)) + $helohost = '[' . $helohost . ']'; + + $hook_result = do_hook('smtp_helo_override', $helohost); + if (!empty($hook_result)) $helohost = $hook_result; + /* Lets introduce ourselves */ fputs($stream, "EHLO $helohost\r\n"); // Read ehlo response @@ -205,7 +227,25 @@ class Deliver_SMTP extends Deliver { } // FIXME: check ehlo response before using authentication - if (( $smtp_auth_mech == 'cram-md5') or ( $smtp_auth_mech == 'digest-md5' )) { + + // Try authentication by a plugin + // + // NOTE: there is another hook in functions/auth.php called "smtp_auth" + // that allows a plugin to specify a different set of login credentials + // (so is slightly mis-named, but is too old to change), so be careful + // that you do not confuse your hook names. + // + $smtp_auth_args = array( + 'auth_mech' => $smtp_auth_mech, + 'user' => $user, + 'pass' => $pass, + 'host' => $host, + 'port' => $port, + 'stream' => $stream, + ); + if (boolean_hook_function('smtp_authenticate', $smtp_auth_args, 1)) { + // authentication succeeded + } else if (( $smtp_auth_mech == 'cram-md5') or ( $smtp_auth_mech == 'digest-md5' )) { // Doing some form of non-plain auth if ($smtp_auth_mech == 'cram-md5') { fputs($stream, "AUTH CRAM-MD5\r\n");