[squirrelmail.git] / class / deliver / Deliver_SMTP.class.php

<?php

/**
 * Deliver_SMTP.class.php
 *
 * SMTP delivery backend for the Deliver class.
 *
 * @copyright &copy; 1999-2009 The SquirrelMail Project Team
 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
 * @version $Id$
 * @package squirrelmail
 */

/** @ignore */
if (!defined('SM_PATH')) define('SM_PATH','../../');

/** This of course depends upon Deliver */
include_once(SM_PATH . 'class/deliver/Deliver.class.php');

/**
 * Deliver messages using SMTP
 * @package squirrelmail
 */
class Deliver_SMTP extends Deliver {
    /**
     * Array keys are uppercased ehlo keywords
     * array key values are ehlo params. If ehlo-param contains space, it is splitted into array. 
     * @var array ehlo
     * @since 1.5.1
     */
    var $ehlo = array();
    /**
     * @var string domain
     * @since 1.5.1
     */
    var $domain = '';
    /**
     * SMTP STARTTLS rfc: "Both the client and the server MUST know if there 
     * is a TLS session active."
     * Variable should be set to true, when encryption is turned on.
     * @var boolean
     * @since 1.5.1 
     */
    var $tls_enabled = false;
    /**
     * Private var
     * var stream $stream
     * @todo don't pass stream resource in class method arguments.
     */
    //var $stream = false;
    /** @var string delivery error message */
    var $dlv_msg = '';
    /** @var integer delivery error number from server */
    var $dlv_ret_nr = '';
    /** @var string delivery error message from server */
    var $dlv_server_msg = '';

    function preWriteToStream(&$s) {
        if ($s) {
            if ($s{0} == '.')   $s = '.' . $s;
            $s = str_replace("\n.","\n..",$s);
        }
    }

    function initStream($message, $domain, $length=0, $host='', $port='', $user='', $pass='', $authpop=false, $pop_host='') {
        global $use_smtp_tls,$smtp_auth_mech;

        if ($authpop) {
            $this->authPop($pop_host, '', $user, $pass);
        }

        $rfc822_header = $message->rfc822_header;

        $from = $rfc822_header->from[0];
        $to =   $rfc822_header->to;
        $cc =   $rfc822_header->cc;
        $bcc =  $rfc822_header->bcc;
        $content_type  = $rfc822_header->content_type;

        // MAIL FROM: <from address> MUST be empty in cae of MDN (RFC2298)
        if ($content_type->type0 == 'multipart' &&
            $content_type->type1 == 'report' &&
            isset($content_type->properties['report-type']) &&
            $content_type->properties['report-type']=='disposition-notification') {
            // reinitialize the from object because otherwise the from header somehow
            // is affected. This $from var is used for smtp command MAIL FROM which
            // is not the same as what we put in the rfc822 header.
            $from = new AddressStructure();
            $from->host = '';
            $from->mailbox = '';
        }

        if ($use_smtp_tls == 1) {
            if ((check_php_version(4,3)) && (extension_loaded('openssl'))) {
                $stream = @fsockopen('tls://' . $host, $port, $errorNumber, $errorString);
                $this->tls_enabled = true;
            } else {
                /**
                 * don't connect to server when user asks for smtps and 
                 * PHP does not support it.
                 */
                $errorNumber = '';
                $errorString = _("Secure SMTP (TLS) is enabled in SquirrelMail configuration, but used PHP version does not support it.");
            }
        } else {
            $stream = @fsockopen($host, $port, $errorNumber, $errorString);
        }

        if (!$stream) {
            // reset tls state var to default value, if connection fails
            $this->tls_enabled = false;
            // set error messages
            $this->dlv_msg = $errorString;
            $this->dlv_ret_nr = $errorNumber;
            $this->dlv_server_msg = _("Can't open SMTP stream.");
            return(0);
        }
        // get server greeting
        $tmp = fgets($stream, 1024);
        if ($this->errorCheck($tmp, $stream)) {
            return(0);
        }

        /*
         * If $_SERVER['HTTP_HOST'] is set, use that in our HELO to the SMTP
         * server.  This should fix the DNS issues some people have had
         */
        if (sqgetGlobalVar('HTTP_HOST', $HTTP_HOST, SQ_SERVER)) { // HTTP_HOST is set
            // optionally trim off port number
            if($p = strrpos($HTTP_HOST, ':')) {
                $HTTP_HOST = substr($HTTP_HOST, 0, $p);
            }
            $helohost = $HTTP_HOST;
        } else { // For some reason, HTTP_HOST is not set - revert to old behavior
            $helohost = $domain;
        }

        // if the host is an IPv4 address, enclose it in brackets
        //
        if (preg_match('/^\d+\.\d+\.\d+\.\d+$/', $helohost))
            $helohost = '[' . $helohost . ']';

        /* Lets introduce ourselves */
        fputs($stream, "EHLO $helohost\r\n");
        // Read ehlo response
        $tmp = $this->parse_ehlo_response($stream);
        if ($this->errorCheck($tmp,$stream)) {
            // fall back to HELO if EHLO is not supported (error 5xx)
            if ($this->dlv_ret_nr{0} == '5') {
                fputs($stream, "HELO $helohost\r\n");
                $tmp = fgets($stream,1024);
                if ($this->errorCheck($tmp,$stream)) {
                    return(0);
                }
            } else {
                return(0);
            }
        }

        /**
         * Implementing SMTP STARTTLS (rfc2487) in php 5.1.0+
         * http://www.php.net/stream-socket-enable-crypto
         */
        if ($use_smtp_tls === 2) {
            if (function_exists('stream_socket_enable_crypto')) {
                // don't try starting tls, when client thinks that it is already active
                if ($this->tls_enabled) {
                    $this->dlv_msg = _("TLS session is already activated.");
                    return 0;
                } elseif (!array_key_exists('STARTTLS',$this->ehlo)) {
                    // check for starttls in ehlo response
                    $this->dlv_msg = _("SMTP STARTTLS is enabled in SquirrelMail configuration, but used SMTP server does not support it");
                    return 0;
                }

                // issue starttls command
                fputs($stream, "STARTTLS\r\n");
                // get response
                $tmp = fgets($stream,1024);
                if ($this->errorCheck($tmp,$stream)) {
                    return 0;
                }

                // start crypto on connection. suppress function errors.
                if (@stream_socket_enable_crypto($stream,true,STREAM_CRYPTO_METHOD_TLS_CLIENT)) {
                    // starttls was successful (rfc2487 5.2 Result of the STARTTLS Command)
                    // get new EHLO response
                    fputs($stream, "EHLO $helohost\r\n");
                    // Read ehlo response
                    $tmp = $this->parse_ehlo_response($stream);
                    if ($this->errorCheck($tmp,$stream)) {
                        // don't revert to helo here. server must support ESMTP
                        return 0;
                    }
                    // set information about started tls
                    $this->tls_enabled = true;
                } else {
                    /**
                     * stream_socket_enable_crypto() call failed.
                     */
                    $this->dlv_msg = _("Unable to start TLS.");
                    return 0;
                    // Bug: can't get error message. See comments in sqimap_create_stream().
                }
            } else {
                // php install does not support stream_socket_enable_crypto() function
                $this->dlv_msg = _("SMTP STARTTLS is enabled in SquirrelMail configuration, but used PHP version does not support functions that allow to enable encryption on open socket.");
                return 0;
            }
        }

        // FIXME: check ehlo response before using authentication
        if (( $smtp_auth_mech == 'cram-md5') or ( $smtp_auth_mech == 'digest-md5' )) {
            // Doing some form of non-plain auth
            if ($smtp_auth_mech == 'cram-md5') {
                fputs($stream, "AUTH CRAM-MD5\r\n");
            } elseif ($smtp_auth_mech == 'digest-md5') {
                fputs($stream, "AUTH DIGEST-MD5\r\n");
            }

            $tmp = fgets($stream,1024);

            if ($this->errorCheck($tmp,$stream)) {
                return(0);
            }

            // At this point, $tmp should hold "334 <challenge string>"
            $chall = substr($tmp,4);
            // Depending on mechanism, generate response string
            if ($smtp_auth_mech == 'cram-md5') {
                $response = cram_md5_response($user,$pass,$chall);
            } elseif ($smtp_auth_mech == 'digest-md5') {
                $response = digest_md5_response($user,$pass,$chall,'smtp',$host);
            }
            fputs($stream, $response);

            // Let's see what the server had to say about that
            $tmp = fgets($stream,1024);
            if ($this->errorCheck($tmp,$stream)) {
                return(0);
            }

            // CRAM-MD5 is done at this point.  If DIGEST-MD5, there's a bit more to go
            if ($smtp_auth_mech == 'digest-md5') {
                // $tmp contains rspauth, but I don't store that yet. (No need yet)
                fputs($stream,"\r\n");
                $tmp = fgets($stream,1024);

                if ($this->errorCheck($tmp,$stream)) {
                return(0);
                }
            }
        // CRAM-MD5 and DIGEST-MD5 code ends here
        } elseif ($smtp_auth_mech == 'none') {
        // No auth at all, just send helo and then send the mail
        // We already said hi earlier, nothing more is needed.
        } elseif ($smtp_auth_mech == 'login') {
            // The LOGIN method
            fputs($stream, "AUTH LOGIN\r\n");
            $tmp = fgets($stream, 1024);

            if ($this->errorCheck($tmp, $stream)) {
                return(0);
            }
            fputs($stream, base64_encode ($user) . "\r\n");
            $tmp = fgets($stream, 1024);
            if ($this->errorCheck($tmp, $stream)) {
                return(0);
            }

            fputs($stream, base64_encode($pass) . "\r\n");
            $tmp = fgets($stream, 1024);
            if ($this->errorCheck($tmp, $stream)) {
                return(0);
            }
        } elseif ($smtp_auth_mech == "plain") {
            /* SASL Plain */
            $auth = base64_encode("$user\0$user\0$pass");

            $query = "AUTH PLAIN\r\n";
            fputs($stream, $query);
            $read=fgets($stream, 1024);

            if (substr($read,0,3) == '334') { // OK so far..
                fputs($stream, "$auth\r\n");
                $read = fgets($stream, 1024);
            }

            $results=explode(" ",$read,3);
            $response=$results[1];
            $message=$results[2];
        } else {
            /* Right here, they've reached an unsupported auth mechanism.
            This is the ugliest hack I've ever done, but it'll do till I can fix
            things up better tomorrow.  So tired... */
            if ($this->errorCheck("535 Unable to use this auth type",$stream)) {
                return(0);
            }
        }

        /* Ok, who is sending the message? */
        $fromaddress = (strlen($from->mailbox) && $from->host) ?
            $from->mailbox.'@'.$from->host : '';
        fputs($stream, 'MAIL FROM:<'.$fromaddress.">\r\n");
        $tmp = fgets($stream, 1024);
        if ($this->errorCheck($tmp, $stream)) {
            return(0);
        }

        /* send who the recipients are */
        for ($i = 0, $cnt = count($to); $i < $cnt; $i++) {
            if (!$to[$i]->host) $to[$i]->host = $domain;
            if (strlen($to[$i]->mailbox)) {
                fputs($stream, 'RCPT TO:<'.$to[$i]->mailbox.'@'.$to[$i]->host.">\r\n");
                $tmp = fgets($stream, 1024);
                if ($this->errorCheck($tmp, $stream)) {
                    return(0);
                }
            }
        }

        for ($i = 0, $cnt = count($cc); $i < $cnt; $i++) {
            if (!$cc[$i]->host) $cc[$i]->host = $domain;
            if (strlen($cc[$i]->mailbox)) {
                fputs($stream, 'RCPT TO:<'.$cc[$i]->mailbox.'@'.$cc[$i]->host.">\r\n");
                $tmp = fgets($stream, 1024);
                if ($this->errorCheck($tmp, $stream)) {
                    return(0);
                }
            }
        }

        for ($i = 0, $cnt = count($bcc); $i < $cnt; $i++) {
            if (!$bcc[$i]->host) $bcc[$i]->host = $domain;
            if (strlen($bcc[$i]->mailbox)) {
                fputs($stream, 'RCPT TO:<'.$bcc[$i]->mailbox.'@'.$bcc[$i]->host.">\r\n");
                $tmp = fgets($stream, 1024);
                if ($this->errorCheck($tmp, $stream)) {
                    return(0);
                }
            }
        }
        /* Lets start sending the actual message */
        fputs($stream, "DATA\r\n");
        $tmp = fgets($stream, 1024);
        if ($this->errorCheck($tmp, $stream)) {
                return(0);
        }
        return $stream;
    }

    function finalizeStream($stream) {
        fputs($stream, "\r\n.\r\n"); /* end the DATA part */
        $tmp = fgets($stream, 1024);
        $this->errorCheck($tmp, $stream);
        if ($this->dlv_ret_nr != 250) {
                return(0);
        }
        fputs($stream, "QUIT\r\n"); /* log off */
        fclose($stream);
        return true;
    }

    /* check if an SMTP reply is an error and set an error message) */
    function errorCheck($line, $smtpConnection) {

        $err_num = substr($line, 0, 3);
        $this->dlv_ret_nr = $err_num;
        $server_msg = substr($line, 4);

        while(substr($line, 0, 4) == ($err_num.'-')) {
            $line = fgets($smtpConnection, 1024);
            $server_msg .= substr($line, 4);
        }

        if ( ((int) $err_num{0}) < 4) {
            return false;
        }

        switch ($err_num) {
        case '421': $message = _("Service not available, closing channel");
            break;
        case '432': $message = _("A password transition is needed");
            break;
        case '450': $message = _("Requested mail action not taken: mailbox unavailable");
            break;
        case '451': $message = _("Requested action aborted: error in processing");
            break;
        case '452': $message = _("Requested action not taken: insufficient system storage");
            break;
        case '454': $message = _("Temporary authentication failure");
            break;
        case '500': $message = _("Syntax error; command not recognized");
            break;
        case '501': $message = _("Syntax error in parameters or arguments");
            break;
        case '502': $message = _("Command not implemented");
            break;
        case '503': $message = _("Bad sequence of commands");
            break;
        case '504': $message = _("Command parameter not implemented");
            break;
        case '530': $message = _("Authentication required");
            break;
        case '534': $message = _("Authentication mechanism is too weak");
            break;
        case '535': $message = _("Authentication failed");
            break;
        case '538': $message = _("Encryption required for requested authentication mechanism");
            break;
        case '550': $message = _("Requested action not taken: mailbox unavailable");
            break;
        case '551': $message = _("User not local; please try forwarding");
            break;
        case '552': $message = _("Requested mail action aborted: exceeding storage allocation");
            break;
        case '553': $message = _("Requested action not taken: mailbox name not allowed");
            break;
        case '554': $message = _("Transaction failed");
            break;
        default:    $message = _("Unknown response");
            break;
        }

        $this->dlv_msg = $message;
        $this->dlv_server_msg = $server_msg;

        return true;
    }

    function authPop($pop_server='', $pop_port='', $user, $pass) {
        if (!$pop_port) {
            $pop_port = 110;
        }
        if (!$pop_server) {
            $pop_server = 'localhost';
        }
        $popConnection = @fsockopen($pop_server, $pop_port, $err_no, $err_str);
        if (!$popConnection) {
            error_log("Error connecting to POP Server ($pop_server:$pop_port)"
                . " $err_no : $err_str");
            return false;
        } else {
            $tmp = fgets($popConnection, 1024); /* banner */
            if (substr($tmp, 0, 3) != '+OK') {
                return false;
            }
            fputs($popConnection, "USER $user\r\n");
            $tmp = fgets($popConnection, 1024);
            if (substr($tmp, 0, 3) != '+OK') {
                return false;
            }
            fputs($popConnection, 'PASS ' . $pass . "\r\n");
            $tmp = fgets($popConnection, 1024);
            if (substr($tmp, 0, 3) != '+OK') {
                return false;
            }
            fputs($popConnection, "QUIT\r\n"); /* log off */
            fclose($popConnection);
        }
        return true;
    }

    /**
     * Parses ESMTP EHLO response (rfc1869)
     *
     * Reads SMTP response to EHLO command and fills class variables 
     * (ehlo array and domain string). Returns last line.
     * @param stream $stream smtp connection stream.
     * @return string last ehlo line
     * @since 1.5.1
     */
    function parse_ehlo_response($stream) {
        // don't cache ehlo information
        $this->ehlo=array();
        $ret = '';
        $firstline = true;
        /**
         * ehlo mailclient.example.org
         * 250-mail.example.org
         * 250-PIPELINING
         * 250-SIZE 52428800
         * 250-DATAZ
         * 250-STARTTLS
         * 250-AUTH LOGIN PLAIN
         * 250 8BITMIME
         */
        while ($line=fgets($stream, 1024)){
            // match[1] = first symbol after 250
            // match[2] = domain or ehlo-keyword
            // match[3] = greeting or ehlo-param
            // match space after keyword in ehlo-keyword CR LF
            if (preg_match("/^250(-|\s)(\S*)\s+(\S.*)\r\n/",$line,$match)||
                preg_match("/^250(-|\s)(\S*)\s*\r\n/",$line,$match)) {
                if ($firstline) {
                    // first ehlo line (250[-\ ]domain SP greeting)
                    $this->domain = $match[2];
                    $firstline=false;
                } elseif (!isset($match[3])) {
                    // simple one word extension
                    $this->ehlo[strtoupper($match[2])]='';
                } elseif (!preg_match("/\s/",trim($match[3]))) {
                    // extension with one option
                    // yes, I know about ctype extension. no, i don't want to depend on it
                    $this->ehlo[strtoupper($match[2])]=trim($match[3]);
                } else {
                    // ehlo-param with spaces
                    $this->ehlo[strtoupper($match[2])]=explode(' ',trim($match[3]));
                }
                if ($match[1]==' ') {
                    // stop while cycle, if we reach last 250 line
                    $ret = $line;
                    break;
                }
            } else {
                // this is not 250 response
                $ret = $line;
                break;
            }
        }
        return $ret;
    }
}
Commit	Line	Data
e1ee60fe	1	<?php
4b4abf93	2
5b8fd093	3	/**
4b4abf93	4	* Deliver_SMTP.class.php
4b4abf93	5	*
a15f9d93	6	* SMTP delivery backend for the Deliver class.
4b4abf93	7	*
d4e46166	8	* @copyright © 1999-2009 The SquirrelMail Project Team
4b4abf93	9	* @license http://opensource.org/licenses/gpl-license.php GNU Public License
	10	* @version $Id$
	11	* @package squirrelmail
	12	*/
e1ee60fe	13
a15f9d93	14	/** @ignore */
	15	if (!defined('SM_PATH')) define('SM_PATH','../../');
	16
2b646597	17	/** This of course depends upon Deliver */
a15f9d93	18	include_once(SM_PATH . 'class/deliver/Deliver.class.php');
e1ee60fe	19
2b646597	20	/**
4b4abf93	21	* Deliver messages using SMTP
	22	* @package squirrelmail
	23	*/
e1ee60fe	24	class Deliver_SMTP extends Deliver {
a15f9d93	25	/**
	26	* Array keys are uppercased ehlo keywords
	27	* array key values are ehlo params. If ehlo-param contains space, it is splitted into array.
	28	* @var array ehlo
	29	* @since 1.5.1
	30	*/
	31	var $ehlo = array();
	32	/**
	33	* @var string domain
	34	* @since 1.5.1
	35	*/
	36	var $domain = '';
	37	/**
	38	* SMTP STARTTLS rfc: "Both the client and the server MUST know if there
	39	* is a TLS session active."
	40	* Variable should be set to true, when encryption is turned on.
	41	* @var boolean
	42	* @since 1.5.1
	43	*/
	44	var $tls_enabled = false;
	45	/**
	46	* Private var
	47	* var stream $stream
	48	* @todo don't pass stream resource in class method arguments.
	49	*/
	50	//var $stream = false;
	51	/** @var string delivery error message */
	52	var $dlv_msg = '';
	53	/** @var integer delivery error number from server */
	54	var $dlv_ret_nr = '';
	55	/** @var string delivery error message from server */
	56	var $dlv_server_msg = '';
e1ee60fe	57
5fe73b9f	58	function preWriteToStream(&$s) {
eeb17be5	59	if ($s) {
	60	if ($s{0} == '.') $s = '.' . $s;
	61	$s = str_replace("\n.","\n..",$s);
	62	}
5fe73b9f	63	}
91e0dccc	64
783e926e	65	function initStream($message, $domain, $length=0, $host='', $port='', $user='', $pass='', $authpop=false, $pop_host='') {
eeb17be5	66	global $use_smtp_tls,$smtp_auth_mech;
91e0dccc	67
eeb17be5	68	if ($authpop) {
783e926e	69	$this->authPop($pop_host, '', $user, $pass);
22bd1baf	70	}
91e0dccc	71
eeb17be5	72	$rfc822_header = $message->rfc822_header;
91e0dccc	73
eeb17be5	74	$from = $rfc822_header->from[0];
	75	$to = $rfc822_header->to;
	76	$cc = $rfc822_header->cc;
	77	$bcc = $rfc822_header->bcc;
	78	$content_type = $rfc822_header->content_type;
33feaaec	79
eeb17be5	80	// MAIL FROM: <from address> MUST be empty in cae of MDN (RFC2298)
91e0dccc	81	if ($content_type->type0 == 'multipart' &&
eeb17be5	82	$content_type->type1 == 'report' &&
	83	isset($content_type->properties['report-type']) &&
	84	$content_type->properties['report-type']=='disposition-notification') {
93ae5eaf	85	// reinitialize the from object because otherwise the from header somehow
	86	// is affected. This $from var is used for smtp command MAIL FROM which
	87	// is not the same as what we put in the rfc822 header.
	88	$from = new AddressStructure();
eeb17be5	89	$from->host = '';
eeb17be5	90	$from->mailbox = '';
91e0dccc	91	}
91e0dccc	92
a15f9d93	93	if ($use_smtp_tls == 1) {
	94	if ((check_php_version(4,3)) && (extension_loaded('openssl'))) {
	95	$stream = @fsockopen('tls://' . $host, $port, $errorNumber, $errorString);
	96	$this->tls_enabled = true;
	97	} else {
	98	/**
	99	* don't connect to server when user asks for smtps and
	100	* PHP does not support it.
	101	*/
	102	$errorNumber = '';
	103	$errorString = _("Secure SMTP (TLS) is enabled in SquirrelMail configuration, but used PHP version does not support it.");
	104	}
eeb17be5	105	} else {
feb5a839	106	$stream = @fsockopen($host, $port, $errorNumber, $errorString);
eeb17be5	107	}
91e0dccc	108
eeb17be5	109	if (!$stream) {
a15f9d93	110	// reset tls state var to default value, if connection fails
	111	$this->tls_enabled = false;
	112	// set error messages
eeb17be5	113	$this->dlv_msg = $errorString;
eeb17be5	114	$this->dlv_ret_nr = $errorNumber;
c585e898	115	$this->dlv_server_msg = _("Can't open SMTP stream.");
eeb17be5	116	return(0);
eeb17be5	117	}
a15f9d93	118	// get server greeting
eeb17be5	119	$tmp = fgets($stream, 1024);
	120	if ($this->errorCheck($tmp, $stream)) {
	121	return(0);
	122	}
91e0dccc	123
91e0dccc	124	/*
4b4abf93	125	* If $_SERVER['HTTP_HOST'] is set, use that in our HELO to the SMTP
	126	* server. This should fix the DNS issues some people have had
	127	*/
eeb17be5	128	if (sqgetGlobalVar('HTTP_HOST', $HTTP_HOST, SQ_SERVER)) { // HTTP_HOST is set
	129	// optionally trim off port number
	130	if($p = strrpos($HTTP_HOST, ':')) {
	131	$HTTP_HOST = substr($HTTP_HOST, 0, $p);
	132	}
	133	$helohost = $HTTP_HOST;
	134	} else { // For some reason, HTTP_HOST is not set - revert to old behavior
	135	$helohost = $domain;
	136	}
91e0dccc	137
a820ac9d	138	// if the host is an IPv4 address, enclose it in brackets
a820ac9d	139	//
870ffc40	140	if (preg_match('/^\d+\.\d+\.\d+\.\d+$/', $helohost))
a820ac9d	141	$helohost = '[' . $helohost . ']';
a820ac9d	142
eeb17be5	143	/* Lets introduce ourselves */
eeb17be5	144	fputs($stream, "EHLO $helohost\r\n");
a15f9d93	145	// Read ehlo response
a15f9d93	146	$tmp = $this->parse_ehlo_response($stream);
eeb17be5	147	if ($this->errorCheck($tmp,$stream)) {
4e38bc70	148	// fall back to HELO if EHLO is not supported (error 5xx)
4e38bc70	149	if ($this->dlv_ret_nr{0} == '5') {
df3a8577	150	fputs($stream, "HELO $helohost\r\n");
	151	$tmp = fgets($stream,1024);
	152	if ($this->errorCheck($tmp,$stream)) {
	153	return(0);
	154	}
	155	} else {
	156	return(0);
	157	}
eeb17be5	158	}
91e0dccc	159
a15f9d93	160	/**
	161	* Implementing SMTP STARTTLS (rfc2487) in php 5.1.0+
	162	* http://www.php.net/stream-socket-enable-crypto
	163	*/
c4de9863	164	if ($use_smtp_tls === 2) {
a15f9d93	165	if (function_exists('stream_socket_enable_crypto')) {
	166	// don't try starting tls, when client thinks that it is already active
	167	if ($this->tls_enabled) {
	168	$this->dlv_msg = _("TLS session is already activated.");
	169	return 0;
	170	} elseif (!array_key_exists('STARTTLS',$this->ehlo)) {
	171	// check for starttls in ehlo response
	172	$this->dlv_msg = _("SMTP STARTTLS is enabled in SquirrelMail configuration, but used SMTP server does not support it");
	173	return 0;
	174	}
	175
	176	// issue starttls command
	177	fputs($stream, "STARTTLS\r\n");
	178	// get response
	179	$tmp = fgets($stream,1024);
	180	if ($this->errorCheck($tmp,$stream)) {
	181	return 0;
	182	}
	183
	184	// start crypto on connection. suppress function errors.
	185	if (@stream_socket_enable_crypto($stream,true,STREAM_CRYPTO_METHOD_TLS_CLIENT)) {
	186	// starttls was successful (rfc2487 5.2 Result of the STARTTLS Command)
	187	// get new EHLO response
	188	fputs($stream, "EHLO $helohost\r\n");
	189	// Read ehlo response
	190	$tmp = $this->parse_ehlo_response($stream);
	191	if ($this->errorCheck($tmp,$stream)) {
	192	// don't revert to helo here. server must support ESMTP
	193	return 0;
	194	}
	195	// set information about started tls
	196	$this->tls_enabled = true;
	197	} else {
	198	/**
	199	* stream_socket_enable_crypto() call failed.
	200	*/
	201	$this->dlv_msg = _("Unable to start TLS.");
	202	return 0;
	203	// Bug: can't get error message. See comments in sqimap_create_stream().
	204	}
	205	} else {
	206	// php install does not support stream_socket_enable_crypto() function
	207	$this->dlv_msg = _("SMTP STARTTLS is enabled in SquirrelMail configuration, but used PHP version does not support functions that allow to enable encryption on open socket.");
	208	return 0;
	209	}
	210	}
	211
	212	// FIXME: check ehlo response before using authentication
eeb17be5	213	if (( $smtp_auth_mech == 'cram-md5') or ( $smtp_auth_mech == 'digest-md5' )) {
	214	// Doing some form of non-plain auth
	215	if ($smtp_auth_mech == 'cram-md5') {
	216	fputs($stream, "AUTH CRAM-MD5\r\n");
	217	} elseif ($smtp_auth_mech == 'digest-md5') {
	218	fputs($stream, "AUTH DIGEST-MD5\r\n");
	219	}
91e0dccc	220
eeb17be5	221	$tmp = fgets($stream,1024);
91e0dccc	222
eeb17be5	223	if ($this->errorCheck($tmp,$stream)) {
	224	return(0);
	225	}
91e0dccc	226
eeb17be5	227	// At this point, $tmp should hold "334 <challenge string>"
eeb17be5	228	$chall = substr($tmp,4);
91e0dccc	229	// Depending on mechanism, generate response string
eeb17be5	230	if ($smtp_auth_mech == 'cram-md5') {
	231	$response = cram_md5_response($user,$pass,$chall);
	232	} elseif ($smtp_auth_mech == 'digest-md5') {
	233	$response = digest_md5_response($user,$pass,$chall,'smtp',$host);
	234	}
	235	fputs($stream, $response);
91e0dccc	236
eeb17be5	237	// Let's see what the server had to say about that
	238	$tmp = fgets($stream,1024);
	239	if ($this->errorCheck($tmp,$stream)) {
	240	return(0);
	241	}
91e0dccc	242
eeb17be5	243	// CRAM-MD5 is done at this point. If DIGEST-MD5, there's a bit more to go
	244	if ($smtp_auth_mech == 'digest-md5') {
	245	// $tmp contains rspauth, but I don't store that yet. (No need yet)
	246	fputs($stream,"\r\n");
	247	$tmp = fgets($stream,1024);
91e0dccc	248
eeb17be5	249	if ($this->errorCheck($tmp,$stream)) {
	250	return(0);
	251	}
	252	}
	253	// CRAM-MD5 and DIGEST-MD5 code ends here
	254	} elseif ($smtp_auth_mech == 'none') {
	255	// No auth at all, just send helo and then send the mail
	256	// We already said hi earlier, nothing more is needed.
	257	} elseif ($smtp_auth_mech == 'login') {
	258	// The LOGIN method
	259	fputs($stream, "AUTH LOGIN\r\n");
	260	$tmp = fgets($stream, 1024);
91e0dccc	261
eeb17be5	262	if ($this->errorCheck($tmp, $stream)) {
	263	return(0);
	264	}
	265	fputs($stream, base64_encode ($user) . "\r\n");
	266	$tmp = fgets($stream, 1024);
	267	if ($this->errorCheck($tmp, $stream)) {
	268	return(0);
	269	}
91e0dccc	270
eeb17be5	271	fputs($stream, base64_encode($pass) . "\r\n");
	272	$tmp = fgets($stream, 1024);
	273	if ($this->errorCheck($tmp, $stream)) {
	274	return(0);
	275	}
	276	} elseif ($smtp_auth_mech == "plain") {
	277	/* SASL Plain */
	278	$auth = base64_encode("$user\0$user\0$pass");
91e0dccc	279
eeb17be5	280	$query = "AUTH PLAIN\r\n";
	281	fputs($stream, $query);
	282	$read=fgets($stream, 1024);
91e0dccc	283
eeb17be5	284	if (substr($read,0,3) == '334') { // OK so far..
	285	fputs($stream, "$auth\r\n");
	286	$read = fgets($stream, 1024);
	287	}
91e0dccc	288
eeb17be5	289	$results=explode(" ",$read,3);
	290	$response=$results[1];
	291	$message=$results[2];
	292	} else {
	293	/* Right here, they've reached an unsupported auth mechanism.
	294	This is the ugliest hack I've ever done, but it'll do till I can fix
	295	things up better tomorrow. So tired... */
	296	if ($this->errorCheck("535 Unable to use this auth type",$stream)) {
	297	return(0);
	298	}
	299	}
91e0dccc	300
eeb17be5	301	/* Ok, who is sending the message? */
7d38dfae	302	$fromaddress = (strlen($from->mailbox) && $from->host) ?
eeb17be5	303	$from->mailbox.'@'.$from->host : '';
	304	fputs($stream, 'MAIL FROM:<'.$fromaddress.">\r\n");
	305	$tmp = fgets($stream, 1024);
	306	if ($this->errorCheck($tmp, $stream)) {
	307	return(0);
	308	}
91e0dccc	309
eeb17be5	310	/* send who the recipients are */
	311	for ($i = 0, $cnt = count($to); $i < $cnt; $i++) {
	312	if (!$to[$i]->host) $to[$i]->host = $domain;
7d38dfae	313	if (strlen($to[$i]->mailbox)) {
eeb17be5	314	fputs($stream, 'RCPT TO:<'.$to[$i]->mailbox.'@'.$to[$i]->host.">\r\n");
	315	$tmp = fgets($stream, 1024);
	316	if ($this->errorCheck($tmp, $stream)) {
	317	return(0);
	318	}
	319	}
	320	}
91e0dccc	321
91e0dccc	322	for ($i = 0, $cnt = count($cc); $i < $cnt; $i++) {
eeb17be5	323	if (!$cc[$i]->host) $cc[$i]->host = $domain;
7d38dfae	324	if (strlen($cc[$i]->mailbox)) {
eeb17be5	325	fputs($stream, 'RCPT TO:<'.$cc[$i]->mailbox.'@'.$cc[$i]->host.">\r\n");
	326	$tmp = fgets($stream, 1024);
	327	if ($this->errorCheck($tmp, $stream)) {
	328	return(0);
	329	}
	330	}
	331	}
91e0dccc	332
eeb17be5	333	for ($i = 0, $cnt = count($bcc); $i < $cnt; $i++) {
eeb17be5	334	if (!$bcc[$i]->host) $bcc[$i]->host = $domain;
7d38dfae	335	if (strlen($bcc[$i]->mailbox)) {
eeb17be5	336	fputs($stream, 'RCPT TO:<'.$bcc[$i]->mailbox.'@'.$bcc[$i]->host.">\r\n");
	337	$tmp = fgets($stream, 1024);
	338	if ($this->errorCheck($tmp, $stream)) {
	339	return(0);
	340	}
	341	}
	342	}
	343	/* Lets start sending the actual message */
	344	fputs($stream, "DATA\r\n");
5fe73b9f	345	$tmp = fgets($stream, 1024);
eeb17be5	346	if ($this->errorCheck($tmp, $stream)) {
eeb17be5	347	return(0);
5fe73b9f	348	}
eeb17be5	349	return $stream;
5fe73b9f	350	}
91e0dccc	351
5fe73b9f	352	function finalizeStream($stream) {
eeb17be5	353	fputs($stream, "\r\n.\r\n"); /* end the DATA part */
	354	$tmp = fgets($stream, 1024);
	355	$this->errorCheck($tmp, $stream);
	356	if ($this->dlv_ret_nr != 250) {
	357	return(0);
	358	}
	359	fputs($stream, "QUIT\r\n"); /* log off */
	360	fclose($stream);
	361	return true;
5fe73b9f	362	}
91e0dccc	363
ca71b2db	364	/* check if an SMTP reply is an error and set an error message) */
5fe73b9f	365	function errorCheck($line, $smtpConnection) {
ca71b2db	366
	367	$err_num = substr($line, 0, 3);
	368	$this->dlv_ret_nr = $err_num;
	369	$server_msg = substr($line, 4);
	370
	371	while(substr($line, 0, 4) == ($err_num.'-')) {
	372	$line = fgets($smtpConnection, 1024);
	373	$server_msg .= substr($line, 4);
	374	}
	375
eeb17be5	376	if ( ((int) $err_num{0}) < 4) {
eeb17be5	377	return false;
ca71b2db	378	}
	379
	380	switch ($err_num) {
	381	case '421': $message = _("Service not available, closing channel");
	382	break;
	383	case '432': $message = _("A password transition is needed");
	384	break;
	385	case '450': $message = _("Requested mail action not taken: mailbox unavailable");
	386	break;
	387	case '451': $message = _("Requested action aborted: error in processing");
	388	break;
	389	case '452': $message = _("Requested action not taken: insufficient system storage");
	390	break;
	391	case '454': $message = _("Temporary authentication failure");
	392	break;
	393	case '500': $message = _("Syntax error; command not recognized");
	394	break;
	395	case '501': $message = _("Syntax error in parameters or arguments");
	396	break;
	397	case '502': $message = _("Command not implemented");
	398	break;
	399	case '503': $message = _("Bad sequence of commands");
	400	break;
	401	case '504': $message = _("Command parameter not implemented");
91e0dccc	402	break;
ca71b2db	403	case '530': $message = _("Authentication required");
	404	break;
	405	case '534': $message = _("Authentication mechanism is too weak");
	406	break;
	407	case '535': $message = _("Authentication failed");
	408	break;
	409	case '538': $message = _("Encryption required for requested authentication mechanism");
	410	break;
	411	case '550': $message = _("Requested action not taken: mailbox unavailable");
	412	break;
	413	case '551': $message = _("User not local; please try forwarding");
	414	break;
	415	case '552': $message = _("Requested mail action aborted: exceeding storage allocation");
	416	break;
	417	case '553': $message = _("Requested action not taken: mailbox name not allowed");
	418	break;
	419	case '554': $message = _("Transaction failed");
	420	break;
	421	default: $message = _("Unknown response");
	422	break;
	423	}
	424
	425	$this->dlv_msg = $message;
a15f9d93	426	$this->dlv_server_msg = $server_msg;
ca71b2db	427
5fe73b9f	428	return true;
5fe73b9f	429	}
91e0dccc	430
5fe73b9f	431	function authPop($pop_server='', $pop_port='', $user, $pass) {
	432	if (!$pop_port) {
	433	$pop_port = 110;
	434	}
	435	if (!$pop_server) {
	436	$pop_server = 'localhost';
	437	}
85d3e98c	438	$popConnection = @fsockopen($pop_server, $pop_port, $err_no, $err_str);
5fe73b9f	439	if (!$popConnection) {
5fe73b9f	440	error_log("Error connecting to POP Server ($pop_server:$pop_port)"
eeb17be5	441	. " $err_no : $err_str");
85d3e98c	442	return false;
5fe73b9f	443	} else {
5fe73b9f	444	$tmp = fgets($popConnection, 1024); /* banner */
22bd1baf	445	if (substr($tmp, 0, 3) != '+OK') {
85d3e98c	446	return false;
5fe73b9f	447	}
	448	fputs($popConnection, "USER $user\r\n");
	449	$tmp = fgets($popConnection, 1024);
22bd1baf	450	if (substr($tmp, 0, 3) != '+OK') {
85d3e98c	451	return false;
5fe73b9f	452	}
	453	fputs($popConnection, 'PASS ' . $pass . "\r\n");
	454	$tmp = fgets($popConnection, 1024);
22bd1baf	455	if (substr($tmp, 0, 3) != '+OK') {
85d3e98c	456	return false;
5fe73b9f	457	}
	458	fputs($popConnection, "QUIT\r\n"); /* log off */
	459	fclose($popConnection);
	460	}
85d3e98c	461	return true;
5fe73b9f	462	}
a15f9d93	463
	464	/**
	465	* Parses ESMTP EHLO response (rfc1869)
	466	*
	467	* Reads SMTP response to EHLO command and fills class variables
	468	* (ehlo array and domain string). Returns last line.
	469	* @param stream $stream smtp connection stream.
	470	* @return string last ehlo line
	471	* @since 1.5.1
	472	*/
	473	function parse_ehlo_response($stream) {
	474	// don't cache ehlo information
	475	$this->ehlo=array();
	476	$ret = '';
	477	$firstline = true;
	478	/**
	479	* ehlo mailclient.example.org
	480	* 250-mail.example.org
	481	* 250-PIPELINING
	482	* 250-SIZE 52428800
	483	* 250-DATAZ
	484	* 250-STARTTLS
	485	* 250-AUTH LOGIN PLAIN
	486	* 250 8BITMIME
	487	*/
	488	while ($line=fgets($stream, 1024)){
	489	// match[1] = first symbol after 250
	490	// match[2] = domain or ehlo-keyword
	491	// match[3] = greeting or ehlo-param
	492	// match space after keyword in ehlo-keyword CR LF
	493	if (preg_match("/^250(-\|\s)(\S)\s+(\S.)\r\n/",$line,$match)\|\|
	494	preg_match("/^250(-\|\s)(\S)\s\r\n/",$line,$match)) {
	495	if ($firstline) {
	496	// first ehlo line (250[-\ ]domain SP greeting)
	497	$this->domain = $match[2];
	498	$firstline=false;
	499	} elseif (!isset($match[3])) {
	500	// simple one word extension
	501	$this->ehlo[strtoupper($match[2])]='';
	502	} elseif (!preg_match("/\s/",trim($match[3]))) {
	503	// extension with one option
	504	// yes, I know about ctype extension. no, i don't want to depend on it
	505	$this->ehlo[strtoupper($match[2])]=trim($match[3]);
	506	} else {
	507	// ehlo-param with spaces
	508	$this->ehlo[strtoupper($match[2])]=explode(' ',trim($match[3]));
	509	}
	510	if ($match[1]==' ') {
	511	// stop while cycle, if we reach last 250 line
	512	$ret = $line;
	513	break;
	514	}
	515	} else {
	516	// this is not 250 response
	517	$ret = $line;
	518	break;
	519	}
	520	}
	521	return $ret;
	522	}
e1ee60fe	523	}