X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=class%2Fdeliver%2FDeliver_SMTP.class.php;h=e565ca8442c5d1abab95e4f3cf80776af102a40d;hb=8c53808472ccfdb378e6054d177a75d9ca5cb142;hp=1042d38361fe86c6ee62e0cba0959847f436fd12;hpb=8d8da447778a43b78bc95f9601b385416ad84477;p=squirrelmail.git

diff --git a/class/deliver/Deliver_SMTP.class.php b/class/deliver/Deliver_SMTP.class.php
index 1042d383..e565ca84 100644
--- a/class/deliver/Deliver_SMTP.class.php
+++ b/class/deliver/Deliver_SMTP.class.php
@@ -1,24 +1,59 @@
 <?php
+
 /**
-* Deliver_SMTP.class.php
-*
-* Copyright (c) 1999-2004 The SquirrelMail Project Team
-* Licensed under the GNU GPL. For full terms see the file COPYING.
-*
-* Delivery backend for the Deliver class.
-*
-* @version $Id$
-* @package squirrelmail
-*/
+ * Deliver_SMTP.class.php
+ *
+ * SMTP delivery backend for the Deliver class.
+ *
+ * @copyright &copy; 1999-2006 The SquirrelMail Project Team
+ * @license http://opensource.org/licenses/gpl-license.php GNU Public License
+ * @version $Id$
+ * @package squirrelmail
+ */
+
+/** @ignore */
+if (!defined('SM_PATH')) define('SM_PATH','../../');
 
 /** This of course depends upon Deliver */
-require_once(SM_PATH . 'class/deliver/Deliver.class.php');
+include_once(SM_PATH . 'class/deliver/Deliver.class.php');
 
 /**
-* Deliver messages using SMTP
-* @package squirrelmail
-*/
+ * Deliver messages using SMTP
+ * @package squirrelmail
+ */
 class Deliver_SMTP extends Deliver {
+    /**
+     * Array keys are uppercased ehlo keywords
+     * array key values are ehlo params. If ehlo-param contains space, it is splitted into array. 
+     * @var array ehlo
+     * @since 1.5.1
+     */
+    var $ehlo = array();
+    /**
+     * @var string domain
+     * @since 1.5.1
+     */
+    var $domain = '';
+    /**
+     * SMTP STARTTLS rfc: "Both the client and the server MUST know if there 
+     * is a TLS session active."
+     * Variable should be set to true, when encryption is turned on.
+     * @var boolean
+     * @since 1.5.1 
+     */
+    var $tls_enabled = false;
+    /**
+     * Private var
+     * var stream $stream
+     * @todo don't pass stream resource in class method arguments.
+     */
+    //var $stream = false;
+    /** @var string delivery error message */
+    var $dlv_msg = '';
+    /** @var integer delivery error number from server */
+    var $dlv_ret_nr = '';
+    /** @var string delivery error message from server */
+    var $dlv_server_msg = '';
 
     function preWriteToStream(&$s) {
         if ($s) {
@@ -26,16 +61,16 @@ class Deliver_SMTP extends Deliver {
             $s = str_replace("\n.","\n..",$s);
         }
     }
-    
+
     function initStream($message, $domain, $length=0, $host='', $port='', $user='', $pass='', $authpop=false) {
         global $use_smtp_tls,$smtp_auth_mech;
-    
+
         if ($authpop) {
             $this->authPop($host, '', $user, $pass);
         }
-    
+
         $rfc822_header = $message->rfc822_header;
-        
+
         $from = $rfc822_header->from[0];
         $to =   $rfc822_header->to;
         $cc =   $rfc822_header->cc;
@@ -43,34 +78,53 @@ class Deliver_SMTP extends Deliver {
         $content_type  = $rfc822_header->content_type;
 
         // MAIL FROM: <from address> MUST be empty in cae of MDN (RFC2298)
-        if ($content_type->type0 == 'multipart' && 
+        if ($content_type->type0 == 'multipart' &&
             $content_type->type1 == 'report' &&
             isset($content_type->properties['report-type']) &&
             $content_type->properties['report-type']=='disposition-notification') {
+            // reinitialize the from object because otherwise the from header somehow
+            // is affected. This $from var is used for smtp command MAIL FROM which
+            // is not the same as what we put in the rfc822 header.
+            $from = new AddressStructure();
             $from->host = '';
             $from->mailbox = '';
-        } 
-            
-        if (($use_smtp_tls == true) and (check_php_version(4,3)) and (extension_loaded('openssl'))) {
-            $stream = fsockopen('tls://' . $host, $port, $errorNumber, $errorString);
+        }
+
+        if ($use_smtp_tls == 1) {
+            if ((check_php_version(4,3)) && (extension_loaded('openssl'))) {
+                $stream = @fsockopen('tls://' . $host, $port, $errorNumber, $errorString);
+                $this->tls_enabled = true;
+            } else {
+                /**
+                 * don't connect to server when user asks for smtps and 
+                 * PHP does not support it.
+                 */
+                $errorNumber = '';
+                $errorString = _("Secure SMTP (TLS) is enabled in SquirrelMail configuration, but used PHP version does not support it.");
+            }
         } else {
-            $stream = fsockopen($host, $port, $errorNumber, $errorString);
+            $stream = @fsockopen($host, $port, $errorNumber, $errorString);
         }
-    
+
         if (!$stream) {
+            // reset tls state var to default value, if connection fails
+            $this->tls_enabled = false;
+            // set error messages
             $this->dlv_msg = $errorString;
             $this->dlv_ret_nr = $errorNumber;
+            $this->dlv_server_msg = _("Can't open SMTP stream.");
             return(0);
         }
+        // get server greeting
         $tmp = fgets($stream, 1024);
         if ($this->errorCheck($tmp, $stream)) {
             return(0);
         }
-    
-        /* 
-        * If $_SERVER['HTTP_HOST'] is set, use that in our HELO to the SMTP
-        * server.  This should fix the DNS issues some people have had 
-        */
+
+        /*
+         * If $_SERVER['HTTP_HOST'] is set, use that in our HELO to the SMTP
+         * server.  This should fix the DNS issues some people have had
+         */
         if (sqgetGlobalVar('HTTP_HOST', $HTTP_HOST, SQ_SERVER)) { // HTTP_HOST is set
             // optionally trim off port number
             if($p = strrpos($HTTP_HOST, ':')) {
@@ -80,10 +134,11 @@ class Deliver_SMTP extends Deliver {
         } else { // For some reason, HTTP_HOST is not set - revert to old behavior
             $helohost = $domain;
         }
-        
+
         /* Lets introduce ourselves */
         fputs($stream, "EHLO $helohost\r\n");
-        $tmp = fgets($stream,1024);
+        // Read ehlo response
+        $tmp = $this->parse_ehlo_response($stream);
         if ($this->errorCheck($tmp,$stream)) {
             // fall back to HELO if EHLO is not supported
             if ($this->dlv_ret_nr == '500') {
@@ -96,7 +151,60 @@ class Deliver_SMTP extends Deliver {
                 return(0);
             }
         }
-    
+
+        /**
+         * Implementing SMTP STARTTLS (rfc2487) in php 5.1.0+
+         * http://www.php.net/stream-socket-enable-crypto
+         */
+        if ($use_smtp_tls === 2) {
+            if (function_exists('stream_socket_enable_crypto')) {
+                // don't try starting tls, when client thinks that it is already active
+                if ($this->tls_enabled) {
+                    $this->dlv_msg = _("TLS session is already activated.");
+                    return 0;
+                } elseif (!array_key_exists('STARTTLS',$this->ehlo)) {
+                    // check for starttls in ehlo response
+                    $this->dlv_msg = _("SMTP STARTTLS is enabled in SquirrelMail configuration, but used SMTP server does not support it");
+                    return 0;
+                }
+
+                // issue starttls command
+                fputs($stream, "STARTTLS\r\n");
+                // get response
+                $tmp = fgets($stream,1024);
+                if ($this->errorCheck($tmp,$stream)) {
+                    return 0;
+                }
+
+                // start crypto on connection. suppress function errors.
+                if (@stream_socket_enable_crypto($stream,true,STREAM_CRYPTO_METHOD_TLS_CLIENT)) {
+                    // starttls was successful (rfc2487 5.2 Result of the STARTTLS Command)
+                    // get new EHLO response
+                    fputs($stream, "EHLO $helohost\r\n");
+                    // Read ehlo response
+                    $tmp = $this->parse_ehlo_response($stream);
+                    if ($this->errorCheck($tmp,$stream)) {
+                        // don't revert to helo here. server must support ESMTP
+                        return 0;
+                    }
+                    // set information about started tls
+                    $this->tls_enabled = true;
+                } else {
+                    /**
+                     * stream_socket_enable_crypto() call failed.
+                     */
+                    $this->dlv_msg = _("Unable to start TLS.");
+                    return 0;
+                    // Bug: can't get error message. See comments in sqimap_create_stream().
+                }
+            } else {
+                // php install does not support stream_socket_enable_crypto() function
+                $this->dlv_msg = _("SMTP STARTTLS is enabled in SquirrelMail configuration, but used PHP version does not support functions that allow to enable encryption on open socket.");
+                return 0;
+            }
+        }
+
+        // FIXME: check ehlo response before using authentication
         if (( $smtp_auth_mech == 'cram-md5') or ( $smtp_auth_mech == 'digest-md5' )) {
             // Doing some form of non-plain auth
             if ($smtp_auth_mech == 'cram-md5') {
@@ -104,35 +212,35 @@ class Deliver_SMTP extends Deliver {
             } elseif ($smtp_auth_mech == 'digest-md5') {
                 fputs($stream, "AUTH DIGEST-MD5\r\n");
             }
-        
+
             $tmp = fgets($stream,1024);
-            
+
             if ($this->errorCheck($tmp,$stream)) {
                 return(0);
             }
-            
+
             // At this point, $tmp should hold "334 <challenge string>"
             $chall = substr($tmp,4);
-            // Depending on mechanism, generate response string 
+            // Depending on mechanism, generate response string
             if ($smtp_auth_mech == 'cram-md5') {
                 $response = cram_md5_response($user,$pass,$chall);
             } elseif ($smtp_auth_mech == 'digest-md5') {
                 $response = digest_md5_response($user,$pass,$chall,'smtp',$host);
             }
             fputs($stream, $response);
-            
+
             // Let's see what the server had to say about that
             $tmp = fgets($stream,1024);
             if ($this->errorCheck($tmp,$stream)) {
                 return(0);
             }
-            
+
             // CRAM-MD5 is done at this point.  If DIGEST-MD5, there's a bit more to go
             if ($smtp_auth_mech == 'digest-md5') {
                 // $tmp contains rspauth, but I don't store that yet. (No need yet)
                 fputs($stream,"\r\n");
                 $tmp = fgets($stream,1024);
-                
+
                 if ($this->errorCheck($tmp,$stream)) {
                 return(0);
                 }
@@ -145,7 +253,7 @@ class Deliver_SMTP extends Deliver {
             // The LOGIN method
             fputs($stream, "AUTH LOGIN\r\n");
             $tmp = fgets($stream, 1024);
-        
+
             if ($this->errorCheck($tmp, $stream)) {
                 return(0);
             }
@@ -154,7 +262,7 @@ class Deliver_SMTP extends Deliver {
             if ($this->errorCheck($tmp, $stream)) {
                 return(0);
             }
-        
+
             fputs($stream, base64_encode($pass) . "\r\n");
             $tmp = fgets($stream, 1024);
             if ($this->errorCheck($tmp, $stream)) {
@@ -163,16 +271,16 @@ class Deliver_SMTP extends Deliver {
         } elseif ($smtp_auth_mech == "plain") {
             /* SASL Plain */
             $auth = base64_encode("$user\0$user\0$pass");
-                        
+
             $query = "AUTH PLAIN\r\n";
             fputs($stream, $query);
             $read=fgets($stream, 1024);
-        
+
             if (substr($read,0,3) == '334') { // OK so far..
                 fputs($stream, "$auth\r\n");
                 $read = fgets($stream, 1024);
             }
-                        
+
             $results=explode(" ",$read,3);
             $response=$results[1];
             $message=$results[2];
@@ -184,16 +292,16 @@ class Deliver_SMTP extends Deliver {
                 return(0);
             }
         }
-        
+
         /* Ok, who is sending the message? */
-        $fromaddress = ($from->mailbox && $from->host) ? 
+        $fromaddress = ($from->mailbox && $from->host) ?
             $from->mailbox.'@'.$from->host : '';
         fputs($stream, 'MAIL FROM:<'.$fromaddress.">\r\n");
         $tmp = fgets($stream, 1024);
         if ($this->errorCheck($tmp, $stream)) {
             return(0);
         }
-    
+
         /* send who the recipients are */
         for ($i = 0, $cnt = count($to); $i < $cnt; $i++) {
             if (!$to[$i]->host) $to[$i]->host = $domain;
@@ -205,8 +313,8 @@ class Deliver_SMTP extends Deliver {
                 }
             }
         }
-        
-        for ($i = 0, $cnt = count($cc); $i < $cnt; $i++) {	
+
+        for ($i = 0, $cnt = count($cc); $i < $cnt; $i++) {
             if (!$cc[$i]->host) $cc[$i]->host = $domain;
             if ($cc[$i]->mailbox) {
                 fputs($stream, 'RCPT TO:<'.$cc[$i]->mailbox.'@'.$cc[$i]->host.">\r\n");
@@ -216,7 +324,7 @@ class Deliver_SMTP extends Deliver {
                 }
             }
         }
-    
+
         for ($i = 0, $cnt = count($bcc); $i < $cnt; $i++) {
             if (!$bcc[$i]->host) $bcc[$i]->host = $domain;
             if ($bcc[$i]->mailbox) {
@@ -235,7 +343,7 @@ class Deliver_SMTP extends Deliver {
         }
         return $stream;
     }
-    
+
     function finalizeStream($stream) {
         fputs($stream, "\r\n.\r\n"); /* end the DATA part */
         $tmp = fgets($stream, 1024);
@@ -247,7 +355,7 @@ class Deliver_SMTP extends Deliver {
         fclose($stream);
         return true;
     }
-    
+
     /* check if an SMTP reply is an error and set an error message) */
     function errorCheck($line, $smtpConnection) {
 
@@ -286,7 +394,7 @@ class Deliver_SMTP extends Deliver {
         case '503': $message = _("Bad sequence of commands");
             break;
         case '504': $message = _("Command parameter not implemented");
-            break;    
+            break;
         case '530': $message = _("Authentication required");
             break;
         case '534': $message = _("Authentication mechanism is too weak");
@@ -310,11 +418,11 @@ class Deliver_SMTP extends Deliver {
         }
 
         $this->dlv_msg = $message;
-        $this->dlv_server_msg = nl2br(htmlspecialchars($server_msg));
+        $this->dlv_server_msg = $server_msg;
 
         return true;
     }
-    
+
     function authPop($pop_server='', $pop_port='', $user, $pass) {
         if (!$pop_port) {
             $pop_port = 110;
@@ -345,6 +453,66 @@ class Deliver_SMTP extends Deliver {
             fclose($popConnection);
         }
     }
+
+    /**
+     * Parses ESMTP EHLO response (rfc1869)
+     *
+     * Reads SMTP response to EHLO command and fills class variables 
+     * (ehlo array and domain string). Returns last line.
+     * @param stream $stream smtp connection stream.
+     * @return string last ehlo line
+     * @since 1.5.1
+     */
+    function parse_ehlo_response($stream) {
+        // don't cache ehlo information
+        $this->ehlo=array();
+        $ret = '';
+        $firstline = true;
+        /**
+         * ehlo mailclient.example.org
+         * 250-mail.example.org
+         * 250-PIPELINING
+         * 250-SIZE 52428800
+         * 250-DATAZ
+         * 250-STARTTLS
+         * 250-AUTH LOGIN PLAIN
+         * 250 8BITMIME
+         */
+        while ($line=fgets($stream, 1024)){
+            // match[1] = first symbol after 250
+            // match[2] = domain or ehlo-keyword
+            // match[3] = greeting or ehlo-param
+            // match space after keyword in ehlo-keyword CR LF
+            if (preg_match("/^250(-|\s)(\S*)\s+(\S.*)\r\n/",$line,$match)||
+                preg_match("/^250(-|\s)(\S*)\s*\r\n/",$line,$match)) {
+                if ($firstline) {
+                    // first ehlo line (250[-\ ]domain SP greeting)
+                    $this->domain = $match[2];
+                    $firstline=false;
+                } elseif (!isset($match[3])) {
+                    // simple one word extension
+                    $this->ehlo[strtoupper($match[2])]='';
+                } elseif (!preg_match("/\s/",trim($match[3]))) {
+                    // extension with one option
+                    // yes, I know about ctype extension. no, i don't want to depend on it
+                    $this->ehlo[strtoupper($match[2])]=trim($match[3]);
+                } else {
+                    // ehlo-param with spaces
+                    $this->ehlo[strtoupper($match[2])]=explode(' ',trim($match[3]));
+                }
+                if ($match[1]==' ') {
+                    // stop while cycle, if we reach last 250 line
+                    $ret = $line;
+                    break;
+                }
+            } else {
+                // this is not 250 response
+                $ret = $line;
+                break;
+            }
+        }
+        return $ret;
+    }
 }
 
-?>
\ No newline at end of file
+?>