[squirrelmail.git] / class / deliver / Deliver_SMTP.class.php

<?php

/**
 * Deliver_SMTP.class.php
 *
 * SMTP delivery backend for the Deliver class.
 *
 * @copyright &copy; 1999-2007 The SquirrelMail Project Team
 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
 * @version $Id$
 * @package squirrelmail
 */

/** @ignore */
if (!defined('SM_PATH')) define('SM_PATH','../../');

/** This of course depends upon Deliver */
include_once(SM_PATH . 'class/deliver/Deliver.class.php');

/**
 * Deliver messages using SMTP
 * @package squirrelmail
 */
class Deliver_SMTP extends Deliver {
    /**
     * Array keys are uppercased ehlo keywords
     * array key values are ehlo params. If ehlo-param contains space, it is splitted into array. 
     * @var array ehlo
     * @since 1.5.1
     */
    var $ehlo = array();
    /**
     * @var string domain
     * @since 1.5.1
     */
    var $domain = '';
    /**
     * SMTP STARTTLS rfc: "Both the client and the server MUST know if there 
     * is a TLS session active."
     * Variable should be set to true, when encryption is turned on.
     * @var boolean
     * @since 1.5.1 
     */
    var $tls_enabled = false;
    /**
     * Private var
     * var stream $stream
     * @todo don't pass stream resource in class method arguments.
     */
    //var $stream = false;
    /** @var string delivery error message */
    var $dlv_msg = '';
    /** @var integer delivery error number from server */
    var $dlv_ret_nr = '';
    /** @var string delivery error message from server */
    var $dlv_server_msg = '';

    function preWriteToStream(&$s) {
        if ($s) {
            if ($s{0} == '.')   $s = '.' . $s;
            $s = str_replace("\n.","\n..",$s);
        }
    }

    function initStream($message, $domain, $length=0, $host='', $port='', $user='', $pass='', $authpop=false, $pop_host='') {
        global $use_smtp_tls,$smtp_auth_mech;

        if ($authpop) {
            $this->authPop($pop_host, '', $user, $pass);
        }

        $rfc822_header = $message->rfc822_header;

        $from = $rfc822_header->from[0];
        $to =   $rfc822_header->to;
        $cc =   $rfc822_header->cc;
        $bcc =  $rfc822_header->bcc;
        $content_type  = $rfc822_header->content_type;

        // MAIL FROM: <from address> MUST be empty in cae of MDN (RFC2298)
        if ($content_type->type0 == 'multipart' &&
            $content_type->type1 == 'report' &&
            isset($content_type->properties['report-type']) &&
            $content_type->properties['report-type']=='disposition-notification') {
            // reinitialize the from object because otherwise the from header somehow
            // is affected. This $from var is used for smtp command MAIL FROM which
            // is not the same as what we put in the rfc822 header.
            $from = new AddressStructure();
            $from->host = '';
            $from->mailbox = '';
        }

        if ($use_smtp_tls == 1) {
            if ((check_php_version(4,3)) && (extension_loaded('openssl'))) {
                $stream = @fsockopen('tls://' . $host, $port, $errorNumber, $errorString);
                $this->tls_enabled = true;
            } else {
                /**
                 * don't connect to server when user asks for smtps and 
                 * PHP does not support it.
                 */
                $errorNumber = '';
                $errorString = _("Secure SMTP (TLS) is enabled in SquirrelMail configuration, but used PHP version does not support it.");
            }
        } else {
            $stream = @fsockopen($host, $port, $errorNumber, $errorString);
        }

        if (!$stream) {
            // reset tls state var to default value, if connection fails
            $this->tls_enabled = false;
            // set error messages
            $this->dlv_msg = $errorString;
            $this->dlv_ret_nr = $errorNumber;
            $this->dlv_server_msg = _("Can't open SMTP stream.");
            return(0);
        }
        // get server greeting
        $tmp = fgets($stream, 1024);
        if ($this->errorCheck($tmp, $stream)) {
            return(0);
        }

        /*
         * If $_SERVER['HTTP_HOST'] is set, use that in our HELO to the SMTP
         * server.  This should fix the DNS issues some people have had
         */
        if (sqgetGlobalVar('HTTP_HOST', $HTTP_HOST, SQ_SERVER)) { // HTTP_HOST is set
            // optionally trim off port number
            if($p = strrpos($HTTP_HOST, ':')) {
                $HTTP_HOST = substr($HTTP_HOST, 0, $p);
            }
            $helohost = $HTTP_HOST;
        } else { // For some reason, HTTP_HOST is not set - revert to old behavior
            $helohost = $domain;
        }

        /* Lets introduce ourselves */
        fputs($stream, "EHLO $helohost\r\n");
        // Read ehlo response
        $tmp = $this->parse_ehlo_response($stream);
        if ($this->errorCheck($tmp,$stream)) {
            // fall back to HELO if EHLO is not supported (error 5xx)
            if ($this->dlv_ret_nr{0} == '5') {
                fputs($stream, "HELO $helohost\r\n");
                $tmp = fgets($stream,1024);
                if ($this->errorCheck($tmp,$stream)) {
                    return(0);
                }
            } else {
                return(0);
            }
        }

        /**
         * Implementing SMTP STARTTLS (rfc2487) in php 5.1.0+
         * http://www.php.net/stream-socket-enable-crypto
         */
        if ($use_smtp_tls === 2) {
            if (function_exists('stream_socket_enable_crypto')) {
                // don't try starting tls, when client thinks that it is already active
                if ($this->tls_enabled) {
                    $this->dlv_msg = _("TLS session is already activated.");
                    return 0;
                } elseif (!array_key_exists('STARTTLS',$this->ehlo)) {
                    // check for starttls in ehlo response
                    $this->dlv_msg = _("SMTP STARTTLS is enabled in SquirrelMail configuration, but used SMTP server does not support it");
                    return 0;
                }

                // issue starttls command
                fputs($stream, "STARTTLS\r\n");
                // get response
                $tmp = fgets($stream,1024);
                if ($this->errorCheck($tmp,$stream)) {
                    return 0;
                }

                // start crypto on connection. suppress function errors.
                if (@stream_socket_enable_crypto($stream,true,STREAM_CRYPTO_METHOD_TLS_CLIENT)) {
                    // starttls was successful (rfc2487 5.2 Result of the STARTTLS Command)
                    // get new EHLO response
                    fputs($stream, "EHLO $helohost\r\n");
                    // Read ehlo response
                    $tmp = $this->parse_ehlo_response($stream);
                    if ($this->errorCheck($tmp,$stream)) {
                        // don't revert to helo here. server must support ESMTP
                        return 0;
                    }
                    // set information about started tls
                    $this->tls_enabled = true;
                } else {
                    /**
                     * stream_socket_enable_crypto() call failed.
                     */
                    $this->dlv_msg = _("Unable to start TLS.");
                    return 0;
                    // Bug: can't get error message. See comments in sqimap_create_stream().
                }
            } else {
                // php install does not support stream_socket_enable_crypto() function
                $this->dlv_msg = _("SMTP STARTTLS is enabled in SquirrelMail configuration, but used PHP version does not support functions that allow to enable encryption on open socket.");
                return 0;
            }
        }

        // FIXME: check ehlo response before using authentication
        if (( $smtp_auth_mech == 'cram-md5') or ( $smtp_auth_mech == 'digest-md5' )) {
            // Doing some form of non-plain auth
            if ($smtp_auth_mech == 'cram-md5') {
                fputs($stream, "AUTH CRAM-MD5\r\n");
            } elseif ($smtp_auth_mech == 'digest-md5') {
                fputs($stream, "AUTH DIGEST-MD5\r\n");
            }

            $tmp = fgets($stream,1024);

            if ($this->errorCheck($tmp,$stream)) {
                return(0);
            }

            // At this point, $tmp should hold "334 <challenge string>"
            $chall = substr($tmp,4);
            // Depending on mechanism, generate response string
            if ($smtp_auth_mech == 'cram-md5') {
                $response = cram_md5_response($user,$pass,$chall);
            } elseif ($smtp_auth_mech == 'digest-md5') {
                $response = digest_md5_response($user,$pass,$chall,'smtp',$host);
            }
            fputs($stream, $response);

            // Let's see what the server had to say about that
            $tmp = fgets($stream,1024);
            if ($this->errorCheck($tmp,$stream)) {
                return(0);
            }

            // CRAM-MD5 is done at this point.  If DIGEST-MD5, there's a bit more to go
            if ($smtp_auth_mech == 'digest-md5') {
                // $tmp contains rspauth, but I don't store that yet. (No need yet)
                fputs($stream,"\r\n");
                $tmp = fgets($stream,1024);

                if ($this->errorCheck($tmp,$stream)) {
                return(0);
                }
            }
        // CRAM-MD5 and DIGEST-MD5 code ends here
        } elseif ($smtp_auth_mech == 'none') {
        // No auth at all, just send helo and then send the mail
        // We already said hi earlier, nothing more is needed.
        } elseif ($smtp_auth_mech == 'login') {
            // The LOGIN method
            fputs($stream, "AUTH LOGIN\r\n");
            $tmp = fgets($stream, 1024);

            if ($this->errorCheck($tmp, $stream)) {
                return(0);
            }
            fputs($stream, base64_encode ($user) . "\r\n");
            $tmp = fgets($stream, 1024);
            if ($this->errorCheck($tmp, $stream)) {
                return(0);
            }

            fputs($stream, base64_encode($pass) . "\r\n");
            $tmp = fgets($stream, 1024);
            if ($this->errorCheck($tmp, $stream)) {
                return(0);
            }
        } elseif ($smtp_auth_mech == "plain") {
            /* SASL Plain */
            $auth = base64_encode("$user\0$user\0$pass");

            $query = "AUTH PLAIN\r\n";
            fputs($stream, $query);
            $read=fgets($stream, 1024);

            if (substr($read,0,3) == '334') { // OK so far..
                fputs($stream, "$auth\r\n");
                $read = fgets($stream, 1024);
            }

            $results=explode(" ",$read,3);
            $response=$results[1];
            $message=$results[2];
        } else {
            /* Right here, they've reached an unsupported auth mechanism.
            This is the ugliest hack I've ever done, but it'll do till I can fix
            things up better tomorrow.  So tired... */
            if ($this->errorCheck("535 Unable to use this auth type",$stream)) {
                return(0);
            }
        }

        /* Ok, who is sending the message? */
        $fromaddress = (strlen($from->mailbox) && $from->host) ?
            $from->mailbox.'@'.$from->host : '';
        fputs($stream, 'MAIL FROM:<'.$fromaddress.">\r\n");
        $tmp = fgets($stream, 1024);
        if ($this->errorCheck($tmp, $stream)) {
            return(0);
        }

        /* send who the recipients are */
        for ($i = 0, $cnt = count($to); $i < $cnt; $i++) {
            if (!$to[$i]->host) $to[$i]->host = $domain;
            if (strlen($to[$i]->mailbox)) {
                fputs($stream, 'RCPT TO:<'.$to[$i]->mailbox.'@'.$to[$i]->host.">\r\n");
                $tmp = fgets($stream, 1024);
                if ($this->errorCheck($tmp, $stream)) {
                    return(0);
                }
            }
        }

        for ($i = 0, $cnt = count($cc); $i < $cnt; $i++) {
            if (!$cc[$i]->host) $cc[$i]->host = $domain;
            if (strlen($cc[$i]->mailbox)) {
                fputs($stream, 'RCPT TO:<'.$cc[$i]->mailbox.'@'.$cc[$i]->host.">\r\n");
                $tmp = fgets($stream, 1024);
                if ($this->errorCheck($tmp, $stream)) {
                    return(0);
                }
            }
        }

        for ($i = 0, $cnt = count($bcc); $i < $cnt; $i++) {
            if (!$bcc[$i]->host) $bcc[$i]->host = $domain;
            if (strlen($bcc[$i]->mailbox)) {
                fputs($stream, 'RCPT TO:<'.$bcc[$i]->mailbox.'@'.$bcc[$i]->host.">\r\n");
                $tmp = fgets($stream, 1024);
                if ($this->errorCheck($tmp, $stream)) {
                    return(0);
                }
            }
        }
        /* Lets start sending the actual message */
        fputs($stream, "DATA\r\n");
        $tmp = fgets($stream, 1024);
        if ($this->errorCheck($tmp, $stream)) {
                return(0);
        }
        return $stream;
    }

    function finalizeStream($stream) {
        fputs($stream, "\r\n.\r\n"); /* end the DATA part */
        $tmp = fgets($stream, 1024);
        $this->errorCheck($tmp, $stream);
        if ($this->dlv_ret_nr != 250) {
                return(0);
        }
        fputs($stream, "QUIT\r\n"); /* log off */
        fclose($stream);
        return true;
    }

    /* check if an SMTP reply is an error and set an error message) */
    function errorCheck($line, $smtpConnection) {

        $err_num = substr($line, 0, 3);
        $this->dlv_ret_nr = $err_num;
        $server_msg = substr($line, 4);

        while(substr($line, 0, 4) == ($err_num.'-')) {
            $line = fgets($smtpConnection, 1024);
            $server_msg .= substr($line, 4);
        }

        if ( ((int) $err_num{0}) < 4) {
            return false;
        }

        switch ($err_num) {
        case '421': $message = _("Service not available, closing channel");
            break;
        case '432': $message = _("A password transition is needed");
            break;
        case '450': $message = _("Requested mail action not taken: mailbox unavailable");
            break;
        case '451': $message = _("Requested action aborted: error in processing");
            break;
        case '452': $message = _("Requested action not taken: insufficient system storage");
            break;
        case '454': $message = _("Temporary authentication failure");
            break;
        case '500': $message = _("Syntax error; command not recognized");
            break;
        case '501': $message = _("Syntax error in parameters or arguments");
            break;
        case '502': $message = _("Command not implemented");
            break;
        case '503': $message = _("Bad sequence of commands");
            break;
        case '504': $message = _("Command parameter not implemented");
            break;
        case '530': $message = _("Authentication required");
            break;
        case '534': $message = _("Authentication mechanism is too weak");
            break;
        case '535': $message = _("Authentication failed");
            break;
        case '538': $message = _("Encryption required for requested authentication mechanism");
            break;
        case '550': $message = _("Requested action not taken: mailbox unavailable");
            break;
        case '551': $message = _("User not local; please try forwarding");
            break;
        case '552': $message = _("Requested mail action aborted: exceeding storage allocation");
            break;
        case '553': $message = _("Requested action not taken: mailbox name not allowed");
            break;
        case '554': $message = _("Transaction failed");
            break;
        default:    $message = _("Unknown response");
            break;
        }

        $this->dlv_msg = $message;
        $this->dlv_server_msg = $server_msg;

        return true;
    }

    function authPop($pop_server='', $pop_port='', $user, $pass) {
        if (!$pop_port) {
            $pop_port = 110;
        }
        if (!$pop_server) {
            $pop_server = 'localhost';
        }
        $popConnection = @fsockopen($pop_server, $pop_port, $err_no, $err_str);
        if (!$popConnection) {
            error_log("Error connecting to POP Server ($pop_server:$pop_port)"
                . " $err_no : $err_str");
            return false;
        } else {
            $tmp = fgets($popConnection, 1024); /* banner */
            if (substr($tmp, 0, 3) != '+OK') {
                return false;
            }
            fputs($popConnection, "USER $user\r\n");
            $tmp = fgets($popConnection, 1024);
            if (substr($tmp, 0, 3) != '+OK') {
                return false;
            }
            fputs($popConnection, 'PASS ' . $pass . "\r\n");
            $tmp = fgets($popConnection, 1024);
            if (substr($tmp, 0, 3) != '+OK') {
                return false;
            }
            fputs($popConnection, "QUIT\r\n"); /* log off */
            fclose($popConnection);
        }
        return true;
    }

    /**
     * Parses ESMTP EHLO response (rfc1869)
     *
     * Reads SMTP response to EHLO command and fills class variables 
     * (ehlo array and domain string). Returns last line.
     * @param stream $stream smtp connection stream.
     * @return string last ehlo line
     * @since 1.5.1
     */
    function parse_ehlo_response($stream) {
        // don't cache ehlo information
        $this->ehlo=array();
        $ret = '';
        $firstline = true;
        /**
         * ehlo mailclient.example.org
         * 250-mail.example.org
         * 250-PIPELINING
         * 250-SIZE 52428800
         * 250-DATAZ
         * 250-STARTTLS
         * 250-AUTH LOGIN PLAIN
         * 250 8BITMIME
         */
        while ($line=fgets($stream, 1024)){
            // match[1] = first symbol after 250
            // match[2] = domain or ehlo-keyword
            // match[3] = greeting or ehlo-param
            // match space after keyword in ehlo-keyword CR LF
            if (preg_match("/^250(-|\s)(\S*)\s+(\S.*)\r\n/",$line,$match)||
                preg_match("/^250(-|\s)(\S*)\s*\r\n/",$line,$match)) {
                if ($firstline) {
                    // first ehlo line (250[-\ ]domain SP greeting)
                    $this->domain = $match[2];
                    $firstline=false;
                } elseif (!isset($match[3])) {
                    // simple one word extension
                    $this->ehlo[strtoupper($match[2])]='';
                } elseif (!preg_match("/\s/",trim($match[3]))) {
                    // extension with one option
                    // yes, I know about ctype extension. no, i don't want to depend on it
                    $this->ehlo[strtoupper($match[2])]=trim($match[3]);
                } else {
                    // ehlo-param with spaces
                    $this->ehlo[strtoupper($match[2])]=explode(' ',trim($match[3]));
                }
                if ($match[1]==' ') {
                    // stop while cycle, if we reach last 250 line
                    $ret = $line;
                    break;
                }
            } else {
                // this is not 250 response
                $ret = $line;
                break;
            }
        }
        return $ret;
    }
}
Commit	Line	Data
e1ee60fe	1	<?php
4b4abf93	2
5b8fd093	3	/**
4b4abf93	4	* Deliver_SMTP.class.php
4b4abf93	5	*
a15f9d93	6	* SMTP delivery backend for the Deliver class.
4b4abf93	7	*
4b5049de	8	* @copyright © 1999-2007 The SquirrelMail Project Team
4b4abf93	9	* @license http://opensource.org/licenses/gpl-license.php GNU Public License
	10	* @version $Id$
	11	* @package squirrelmail
	12	*/
e1ee60fe	13
a15f9d93	14	/** @ignore */
	15	if (!defined('SM_PATH')) define('SM_PATH','../../');
	16
2b646597	17	/** This of course depends upon Deliver */
a15f9d93	18	include_once(SM_PATH . 'class/deliver/Deliver.class.php');
e1ee60fe	19
2b646597	20	/**
4b4abf93	21	* Deliver messages using SMTP
	22	* @package squirrelmail
	23	*/
e1ee60fe	24	class Deliver_SMTP extends Deliver {
a15f9d93	25	/**
	26	* Array keys are uppercased ehlo keywords
	27	* array key values are ehlo params. If ehlo-param contains space, it is splitted into array.
	28	* @var array ehlo
	29	* @since 1.5.1
	30	*/
	31	var $ehlo = array();
	32	/**
	33	* @var string domain
	34	* @since 1.5.1
	35	*/
	36	var $domain = '';
	37	/**
	38	* SMTP STARTTLS rfc: "Both the client and the server MUST know if there
	39	* is a TLS session active."
	40	* Variable should be set to true, when encryption is turned on.
	41	* @var boolean
	42	* @since 1.5.1
	43	*/
	44	var $tls_enabled = false;
	45	/**
	46	* Private var
	47	* var stream $stream
	48	* @todo don't pass stream resource in class method arguments.
	49	*/
	50	//var $stream = false;
	51	/** @var string delivery error message */
	52	var $dlv_msg = '';
	53	/** @var integer delivery error number from server */
	54	var $dlv_ret_nr = '';
	55	/** @var string delivery error message from server */
	56	var $dlv_server_msg = '';
e1ee60fe	57
5fe73b9f	58	function preWriteToStream(&$s) {
eeb17be5	59	if ($s) {
	60	if ($s{0} == '.') $s = '.' . $s;
	61	$s = str_replace("\n.","\n..",$s);
	62	}
5fe73b9f	63	}
91e0dccc	64
783e926e	65	function initStream($message, $domain, $length=0, $host='', $port='', $user='', $pass='', $authpop=false, $pop_host='') {
eeb17be5	66	global $use_smtp_tls,$smtp_auth_mech;
91e0dccc	67
eeb17be5	68	if ($authpop) {
783e926e	69	$this->authPop($pop_host, '', $user, $pass);
22bd1baf	70	}
91e0dccc	71
eeb17be5	72	$rfc822_header = $message->rfc822_header;
91e0dccc	73
eeb17be5	74	$from = $rfc822_header->from[0];
	75	$to = $rfc822_header->to;
	76	$cc = $rfc822_header->cc;
	77	$bcc = $rfc822_header->bcc;
	78	$content_type = $rfc822_header->content_type;
33feaaec	79
eeb17be5	80	// MAIL FROM: <from address> MUST be empty in cae of MDN (RFC2298)
91e0dccc	81	if ($content_type->type0 == 'multipart' &&
eeb17be5	82	$content_type->type1 == 'report' &&
	83	isset($content_type->properties['report-type']) &&
	84	$content_type->properties['report-type']=='disposition-notification') {
93ae5eaf	85	// reinitialize the from object because otherwise the from header somehow
	86	// is affected. This $from var is used for smtp command MAIL FROM which
	87	// is not the same as what we put in the rfc822 header.
	88	$from = new AddressStructure();
eeb17be5	89	$from->host = '';
eeb17be5	90	$from->mailbox = '';
91e0dccc	91	}
91e0dccc	92
a15f9d93	93	if ($use_smtp_tls == 1) {
	94	if ((check_php_version(4,3)) && (extension_loaded('openssl'))) {
	95	$stream = @fsockopen('tls://' . $host, $port, $errorNumber, $errorString);
	96	$this->tls_enabled = true;
	97	} else {
	98	/**
	99	* don't connect to server when user asks for smtps and
	100	* PHP does not support it.
	101	*/
	102	$errorNumber = '';
	103	$errorString = _("Secure SMTP (TLS) is enabled in SquirrelMail configuration, but used PHP version does not support it.");
	104	}
eeb17be5	105	} else {
feb5a839	106	$stream = @fsockopen($host, $port, $errorNumber, $errorString);
eeb17be5	107	}
91e0dccc	108
eeb17be5	109	if (!$stream) {
a15f9d93	110	// reset tls state var to default value, if connection fails
	111	$this->tls_enabled = false;
	112	// set error messages
eeb17be5	113	$this->dlv_msg = $errorString;
eeb17be5	114	$this->dlv_ret_nr = $errorNumber;
c585e898	115	$this->dlv_server_msg = _("Can't open SMTP stream.");
eeb17be5	116	return(0);
eeb17be5	117	}
a15f9d93	118	// get server greeting
eeb17be5	119	$tmp = fgets($stream, 1024);
	120	if ($this->errorCheck($tmp, $stream)) {
	121	return(0);
	122	}
91e0dccc	123
91e0dccc	124	/*
4b4abf93	125	* If $_SERVER['HTTP_HOST'] is set, use that in our HELO to the SMTP
	126	* server. This should fix the DNS issues some people have had
	127	*/
eeb17be5	128	if (sqgetGlobalVar('HTTP_HOST', $HTTP_HOST, SQ_SERVER)) { // HTTP_HOST is set
	129	// optionally trim off port number
	130	if($p = strrpos($HTTP_HOST, ':')) {
	131	$HTTP_HOST = substr($HTTP_HOST, 0, $p);
	132	}
	133	$helohost = $HTTP_HOST;
	134	} else { // For some reason, HTTP_HOST is not set - revert to old behavior
	135	$helohost = $domain;
	136	}
91e0dccc	137
eeb17be5	138	/* Lets introduce ourselves */
eeb17be5	139	fputs($stream, "EHLO $helohost\r\n");
a15f9d93	140	// Read ehlo response
a15f9d93	141	$tmp = $this->parse_ehlo_response($stream);
eeb17be5	142	if ($this->errorCheck($tmp,$stream)) {
4e38bc70	143	// fall back to HELO if EHLO is not supported (error 5xx)
4e38bc70	144	if ($this->dlv_ret_nr{0} == '5') {
df3a8577	145	fputs($stream, "HELO $helohost\r\n");
	146	$tmp = fgets($stream,1024);
	147	if ($this->errorCheck($tmp,$stream)) {
	148	return(0);
	149	}
	150	} else {
	151	return(0);
	152	}
eeb17be5	153	}
91e0dccc	154
a15f9d93	155	/**
	156	* Implementing SMTP STARTTLS (rfc2487) in php 5.1.0+
	157	* http://www.php.net/stream-socket-enable-crypto
	158	*/
c4de9863	159	if ($use_smtp_tls === 2) {
a15f9d93	160	if (function_exists('stream_socket_enable_crypto')) {
	161	// don't try starting tls, when client thinks that it is already active
	162	if ($this->tls_enabled) {
	163	$this->dlv_msg = _("TLS session is already activated.");
	164	return 0;
	165	} elseif (!array_key_exists('STARTTLS',$this->ehlo)) {
	166	// check for starttls in ehlo response
	167	$this->dlv_msg = _("SMTP STARTTLS is enabled in SquirrelMail configuration, but used SMTP server does not support it");
	168	return 0;
	169	}
	170
	171	// issue starttls command
	172	fputs($stream, "STARTTLS\r\n");
	173	// get response
	174	$tmp = fgets($stream,1024);
	175	if ($this->errorCheck($tmp,$stream)) {
	176	return 0;
	177	}
	178
	179	// start crypto on connection. suppress function errors.
	180	if (@stream_socket_enable_crypto($stream,true,STREAM_CRYPTO_METHOD_TLS_CLIENT)) {
	181	// starttls was successful (rfc2487 5.2 Result of the STARTTLS Command)
	182	// get new EHLO response
	183	fputs($stream, "EHLO $helohost\r\n");
	184	// Read ehlo response
	185	$tmp = $this->parse_ehlo_response($stream);
	186	if ($this->errorCheck($tmp,$stream)) {
	187	// don't revert to helo here. server must support ESMTP
	188	return 0;
	189	}
	190	// set information about started tls
	191	$this->tls_enabled = true;
	192	} else {
	193	/**
	194	* stream_socket_enable_crypto() call failed.
	195	*/
	196	$this->dlv_msg = _("Unable to start TLS.");
	197	return 0;
	198	// Bug: can't get error message. See comments in sqimap_create_stream().
	199	}
	200	} else {
	201	// php install does not support stream_socket_enable_crypto() function
	202	$this->dlv_msg = _("SMTP STARTTLS is enabled in SquirrelMail configuration, but used PHP version does not support functions that allow to enable encryption on open socket.");
	203	return 0;
	204	}
	205	}
	206
	207	// FIXME: check ehlo response before using authentication
eeb17be5	208	if (( $smtp_auth_mech == 'cram-md5') or ( $smtp_auth_mech == 'digest-md5' )) {
	209	// Doing some form of non-plain auth
	210	if ($smtp_auth_mech == 'cram-md5') {
	211	fputs($stream, "AUTH CRAM-MD5\r\n");
	212	} elseif ($smtp_auth_mech == 'digest-md5') {
	213	fputs($stream, "AUTH DIGEST-MD5\r\n");
	214	}
91e0dccc	215
eeb17be5	216	$tmp = fgets($stream,1024);
91e0dccc	217
eeb17be5	218	if ($this->errorCheck($tmp,$stream)) {
	219	return(0);
	220	}
91e0dccc	221
eeb17be5	222	// At this point, $tmp should hold "334 <challenge string>"
eeb17be5	223	$chall = substr($tmp,4);
91e0dccc	224	// Depending on mechanism, generate response string
eeb17be5	225	if ($smtp_auth_mech == 'cram-md5') {
	226	$response = cram_md5_response($user,$pass,$chall);
	227	} elseif ($smtp_auth_mech == 'digest-md5') {
	228	$response = digest_md5_response($user,$pass,$chall,'smtp',$host);
	229	}
	230	fputs($stream, $response);
91e0dccc	231
eeb17be5	232	// Let's see what the server had to say about that
	233	$tmp = fgets($stream,1024);
	234	if ($this->errorCheck($tmp,$stream)) {
	235	return(0);
	236	}
91e0dccc	237
eeb17be5	238	// CRAM-MD5 is done at this point. If DIGEST-MD5, there's a bit more to go
	239	if ($smtp_auth_mech == 'digest-md5') {
	240	// $tmp contains rspauth, but I don't store that yet. (No need yet)
	241	fputs($stream,"\r\n");
	242	$tmp = fgets($stream,1024);
91e0dccc	243
eeb17be5	244	if ($this->errorCheck($tmp,$stream)) {
	245	return(0);
	246	}
	247	}
	248	// CRAM-MD5 and DIGEST-MD5 code ends here
	249	} elseif ($smtp_auth_mech == 'none') {
	250	// No auth at all, just send helo and then send the mail
	251	// We already said hi earlier, nothing more is needed.
	252	} elseif ($smtp_auth_mech == 'login') {
	253	// The LOGIN method
	254	fputs($stream, "AUTH LOGIN\r\n");
	255	$tmp = fgets($stream, 1024);
91e0dccc	256
eeb17be5	257	if ($this->errorCheck($tmp, $stream)) {
	258	return(0);
	259	}
	260	fputs($stream, base64_encode ($user) . "\r\n");
	261	$tmp = fgets($stream, 1024);
	262	if ($this->errorCheck($tmp, $stream)) {
	263	return(0);
	264	}
91e0dccc	265
eeb17be5	266	fputs($stream, base64_encode($pass) . "\r\n");
	267	$tmp = fgets($stream, 1024);
	268	if ($this->errorCheck($tmp, $stream)) {
	269	return(0);
	270	}
	271	} elseif ($smtp_auth_mech == "plain") {
	272	/* SASL Plain */
	273	$auth = base64_encode("$user\0$user\0$pass");
91e0dccc	274
eeb17be5	275	$query = "AUTH PLAIN\r\n";
	276	fputs($stream, $query);
	277	$read=fgets($stream, 1024);
91e0dccc	278
eeb17be5	279	if (substr($read,0,3) == '334') { // OK so far..
	280	fputs($stream, "$auth\r\n");
	281	$read = fgets($stream, 1024);
	282	}
91e0dccc	283
eeb17be5	284	$results=explode(" ",$read,3);
	285	$response=$results[1];
	286	$message=$results[2];
	287	} else {
	288	/* Right here, they've reached an unsupported auth mechanism.
	289	This is the ugliest hack I've ever done, but it'll do till I can fix
	290	things up better tomorrow. So tired... */
	291	if ($this->errorCheck("535 Unable to use this auth type",$stream)) {
	292	return(0);
	293	}
	294	}
91e0dccc	295
eeb17be5	296	/* Ok, who is sending the message? */
7d38dfae	297	$fromaddress = (strlen($from->mailbox) && $from->host) ?
eeb17be5	298	$from->mailbox.'@'.$from->host : '';
	299	fputs($stream, 'MAIL FROM:<'.$fromaddress.">\r\n");
	300	$tmp = fgets($stream, 1024);
	301	if ($this->errorCheck($tmp, $stream)) {
	302	return(0);
	303	}
91e0dccc	304
eeb17be5	305	/* send who the recipients are */
	306	for ($i = 0, $cnt = count($to); $i < $cnt; $i++) {
	307	if (!$to[$i]->host) $to[$i]->host = $domain;
7d38dfae	308	if (strlen($to[$i]->mailbox)) {
eeb17be5	309	fputs($stream, 'RCPT TO:<'.$to[$i]->mailbox.'@'.$to[$i]->host.">\r\n");
	310	$tmp = fgets($stream, 1024);
	311	if ($this->errorCheck($tmp, $stream)) {
	312	return(0);
	313	}
	314	}
	315	}
91e0dccc	316
91e0dccc	317	for ($i = 0, $cnt = count($cc); $i < $cnt; $i++) {
eeb17be5	318	if (!$cc[$i]->host) $cc[$i]->host = $domain;
7d38dfae	319	if (strlen($cc[$i]->mailbox)) {
eeb17be5	320	fputs($stream, 'RCPT TO:<'.$cc[$i]->mailbox.'@'.$cc[$i]->host.">\r\n");
	321	$tmp = fgets($stream, 1024);
	322	if ($this->errorCheck($tmp, $stream)) {
	323	return(0);
	324	}
	325	}
	326	}
91e0dccc	327
eeb17be5	328	for ($i = 0, $cnt = count($bcc); $i < $cnt; $i++) {
eeb17be5	329	if (!$bcc[$i]->host) $bcc[$i]->host = $domain;
7d38dfae	330	if (strlen($bcc[$i]->mailbox)) {
eeb17be5	331	fputs($stream, 'RCPT TO:<'.$bcc[$i]->mailbox.'@'.$bcc[$i]->host.">\r\n");
	332	$tmp = fgets($stream, 1024);
	333	if ($this->errorCheck($tmp, $stream)) {
	334	return(0);
	335	}
	336	}
	337	}
	338	/* Lets start sending the actual message */
	339	fputs($stream, "DATA\r\n");
5fe73b9f	340	$tmp = fgets($stream, 1024);
eeb17be5	341	if ($this->errorCheck($tmp, $stream)) {
eeb17be5	342	return(0);
5fe73b9f	343	}
eeb17be5	344	return $stream;
5fe73b9f	345	}
91e0dccc	346
5fe73b9f	347	function finalizeStream($stream) {
eeb17be5	348	fputs($stream, "\r\n.\r\n"); /* end the DATA part */
	349	$tmp = fgets($stream, 1024);
	350	$this->errorCheck($tmp, $stream);
	351	if ($this->dlv_ret_nr != 250) {
	352	return(0);
	353	}
	354	fputs($stream, "QUIT\r\n"); /* log off */
	355	fclose($stream);
	356	return true;
5fe73b9f	357	}
91e0dccc	358
ca71b2db	359	/* check if an SMTP reply is an error and set an error message) */
5fe73b9f	360	function errorCheck($line, $smtpConnection) {
ca71b2db	361
	362	$err_num = substr($line, 0, 3);
	363	$this->dlv_ret_nr = $err_num;
	364	$server_msg = substr($line, 4);
	365
	366	while(substr($line, 0, 4) == ($err_num.'-')) {
	367	$line = fgets($smtpConnection, 1024);
	368	$server_msg .= substr($line, 4);
	369	}
	370
eeb17be5	371	if ( ((int) $err_num{0}) < 4) {
eeb17be5	372	return false;
ca71b2db	373	}
	374
	375	switch ($err_num) {
	376	case '421': $message = _("Service not available, closing channel");
	377	break;
	378	case '432': $message = _("A password transition is needed");
	379	break;
	380	case '450': $message = _("Requested mail action not taken: mailbox unavailable");
	381	break;
	382	case '451': $message = _("Requested action aborted: error in processing");
	383	break;
	384	case '452': $message = _("Requested action not taken: insufficient system storage");
	385	break;
	386	case '454': $message = _("Temporary authentication failure");
	387	break;
	388	case '500': $message = _("Syntax error; command not recognized");
	389	break;
	390	case '501': $message = _("Syntax error in parameters or arguments");
	391	break;
	392	case '502': $message = _("Command not implemented");
	393	break;
	394	case '503': $message = _("Bad sequence of commands");
	395	break;
	396	case '504': $message = _("Command parameter not implemented");
91e0dccc	397	break;
ca71b2db	398	case '530': $message = _("Authentication required");
	399	break;
	400	case '534': $message = _("Authentication mechanism is too weak");
	401	break;
	402	case '535': $message = _("Authentication failed");
	403	break;
	404	case '538': $message = _("Encryption required for requested authentication mechanism");
	405	break;
	406	case '550': $message = _("Requested action not taken: mailbox unavailable");
	407	break;
	408	case '551': $message = _("User not local; please try forwarding");
	409	break;
	410	case '552': $message = _("Requested mail action aborted: exceeding storage allocation");
	411	break;
	412	case '553': $message = _("Requested action not taken: mailbox name not allowed");
	413	break;
	414	case '554': $message = _("Transaction failed");
	415	break;
	416	default: $message = _("Unknown response");
	417	break;
	418	}
	419
	420	$this->dlv_msg = $message;
a15f9d93	421	$this->dlv_server_msg = $server_msg;
ca71b2db	422
5fe73b9f	423	return true;
5fe73b9f	424	}
91e0dccc	425
5fe73b9f	426	function authPop($pop_server='', $pop_port='', $user, $pass) {
	427	if (!$pop_port) {
	428	$pop_port = 110;
	429	}
	430	if (!$pop_server) {
	431	$pop_server = 'localhost';
	432	}
85d3e98c	433	$popConnection = @fsockopen($pop_server, $pop_port, $err_no, $err_str);
5fe73b9f	434	if (!$popConnection) {
5fe73b9f	435	error_log("Error connecting to POP Server ($pop_server:$pop_port)"
eeb17be5	436	. " $err_no : $err_str");
85d3e98c	437	return false;
5fe73b9f	438	} else {
5fe73b9f	439	$tmp = fgets($popConnection, 1024); /* banner */
22bd1baf	440	if (substr($tmp, 0, 3) != '+OK') {
85d3e98c	441	return false;
5fe73b9f	442	}
	443	fputs($popConnection, "USER $user\r\n");
	444	$tmp = fgets($popConnection, 1024);
22bd1baf	445	if (substr($tmp, 0, 3) != '+OK') {
85d3e98c	446	return false;
5fe73b9f	447	}
	448	fputs($popConnection, 'PASS ' . $pass . "\r\n");
	449	$tmp = fgets($popConnection, 1024);
22bd1baf	450	if (substr($tmp, 0, 3) != '+OK') {
85d3e98c	451	return false;
5fe73b9f	452	}
	453	fputs($popConnection, "QUIT\r\n"); /* log off */
	454	fclose($popConnection);
	455	}
85d3e98c	456	return true;
5fe73b9f	457	}
a15f9d93	458
	459	/**
	460	* Parses ESMTP EHLO response (rfc1869)
	461	*
	462	* Reads SMTP response to EHLO command and fills class variables
	463	* (ehlo array and domain string). Returns last line.
	464	* @param stream $stream smtp connection stream.
	465	* @return string last ehlo line
	466	* @since 1.5.1
	467	*/
	468	function parse_ehlo_response($stream) {
	469	// don't cache ehlo information
	470	$this->ehlo=array();
	471	$ret = '';
	472	$firstline = true;
	473	/**
	474	* ehlo mailclient.example.org
	475	* 250-mail.example.org
	476	* 250-PIPELINING
	477	* 250-SIZE 52428800
	478	* 250-DATAZ
	479	* 250-STARTTLS
	480	* 250-AUTH LOGIN PLAIN
	481	* 250 8BITMIME
	482	*/
	483	while ($line=fgets($stream, 1024)){
	484	// match[1] = first symbol after 250
	485	// match[2] = domain or ehlo-keyword
	486	// match[3] = greeting or ehlo-param
	487	// match space after keyword in ehlo-keyword CR LF
	488	if (preg_match("/^250(-\|\s)(\S)\s+(\S.)\r\n/",$line,$match)\|\|
	489	preg_match("/^250(-\|\s)(\S)\s\r\n/",$line,$match)) {
	490	if ($firstline) {
	491	// first ehlo line (250[-\ ]domain SP greeting)
	492	$this->domain = $match[2];
	493	$firstline=false;
	494	} elseif (!isset($match[3])) {
	495	// simple one word extension
	496	$this->ehlo[strtoupper($match[2])]='';
	497	} elseif (!preg_match("/\s/",trim($match[3]))) {
	498	// extension with one option
	499	// yes, I know about ctype extension. no, i don't want to depend on it
	500	$this->ehlo[strtoupper($match[2])]=trim($match[3]);
	501	} else {
	502	// ehlo-param with spaces
	503	$this->ehlo[strtoupper($match[2])]=explode(' ',trim($match[3]));
	504	}
	505	if ($match[1]==' ') {
	506	// stop while cycle, if we reach last 250 line
	507	$ret = $line;
	508	break;
	509	}
	510	} else {
	511	// this is not 250 response
	512	$ret = $line;
	513	break;
	514	}
	515	}
	516	return $ret;
	517	}
e1ee60fe	518	}