X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=class%2Fdeliver%2FDeliver_SMTP.class.php;h=f7365b07d42b970028553854a6a9c2882629b4cc;hb=177f93ea0a5e4f1ed25091e0b0834194aea3035c;hp=3c69b8c9a22ff7349fcb15005c7f0245dfa9c616;hpb=1977ab5587905d225c6288141b82f7a6e3d29d02;p=squirrelmail.git diff --git a/class/deliver/Deliver_SMTP.class.php b/class/deliver/Deliver_SMTP.class.php index 3c69b8c9..f7365b07 100644 --- a/class/deliver/Deliver_SMTP.class.php +++ b/class/deliver/Deliver_SMTP.class.php @@ -5,7 +5,7 @@ * * SMTP delivery backend for the Deliver class. * - * @copyright 1999-2010 The SquirrelMail Project Team + * @copyright 1999-2016 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package squirrelmail @@ -62,7 +62,7 @@ class Deliver_SMTP extends Deliver { } } - function initStream($message, $domain, $length=0, $host='', $port='', $user='', $pass='', $authpop=false, $pop_host='') { + function initStream($message, $domain, $length=0, $host='', $port='', $user='', $pass='', $authpop=false, $pop_host='', $stream_options=array()) { global $use_smtp_tls,$smtp_auth_mech; if ($authpop) { @@ -90,9 +90,23 @@ class Deliver_SMTP extends Deliver { $from->mailbox = ''; } + // NB: Using "ssl://" ensures the highest possible TLS version + // will be negotiated with the server (whereas "tls://" only + // uses TLS version 1.0) + // if ($use_smtp_tls == 1) { if ((check_php_version(4,3)) && (extension_loaded('openssl'))) { - $stream = @fsockopen('tls://' . $host, $port, $errorNumber, $errorString); + if (function_exists('stream_socket_client')) { + $server_address = 'ssl://' . $host . ':' . $port; + $ssl_context = @stream_context_create($stream_options); + $connect_timeout = ini_get('default_socket_timeout'); + // null timeout is broken + if ($connect_timeout == 0) + $connect_timeout = 30; + $stream = @stream_socket_client($server_address, $errorNumber, $errorString, $connect_timeout, STREAM_CLIENT_CONNECT, $ssl_context); + } else { + $stream = @fsockopen('ssl://' . $host, $port, $errorNumber, $errorString); + } $this->tls_enabled = true; } else { /** @@ -140,6 +154,9 @@ class Deliver_SMTP extends Deliver { if (preg_match('/^\d+\.\d+\.\d+\.\d+$/', $helohost)) $helohost = '[' . $helohost . ']'; + $hook_result = do_hook('smtp_helo_override', $helohost); + if (!empty($hook_result)) $helohost = $hook_result; + /* Lets introduce ourselves */ fputs($stream, "EHLO $helohost\r\n"); // Read ehlo response @@ -210,7 +227,25 @@ class Deliver_SMTP extends Deliver { } // FIXME: check ehlo response before using authentication - if (( $smtp_auth_mech == 'cram-md5') or ( $smtp_auth_mech == 'digest-md5' )) { + + // Try authentication by a plugin + // + // NOTE: there is another hook in functions/auth.php called "smtp_auth" + // that allows a plugin to specify a different set of login credentials + // (so is slightly mis-named, but is too old to change), so be careful + // that you do not confuse your hook names. + // + $smtp_auth_args = array( + 'auth_mech' => $smtp_auth_mech, + 'user' => $user, + 'pass' => $pass, + 'host' => $host, + 'port' => $port, + 'stream' => $stream, + ); + if (boolean_hook_function('smtp_authenticate', $smtp_auth_args, 1)) { + // authentication succeeded + } else if (( $smtp_auth_mech == 'cram-md5') or ( $smtp_auth_mech == 'digest-md5' )) { // Doing some form of non-plain auth if ($smtp_auth_mech == 'cram-md5') { fputs($stream, "AUTH CRAM-MD5\r\n");