[squirrelmail.git] / class / deliver / Deliver_SMTP.class.php

<?php

/**
 * Deliver_SMTP.class.php
 *
 * SMTP delivery backend for the Deliver class.
 *
 * @copyright 1999-2012 The SquirrelMail Project Team
 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
 * @version $Id$
 * @package squirrelmail
 */

/** @ignore */
if (!defined('SM_PATH')) define('SM_PATH','../../');

/** This of course depends upon Deliver */
include_once(SM_PATH . 'class/deliver/Deliver.class.php');

/**
 * Deliver messages using SMTP
 * @package squirrelmail
 */
class Deliver_SMTP extends Deliver {
    /**
     * Array keys are uppercased ehlo keywords
     * array key values are ehlo params. If ehlo-param contains space, it is splitted into array. 
     * @var array ehlo
     * @since 1.5.1
     */
    var $ehlo = array();
    /**
     * @var string domain
     * @since 1.5.1
     */
    var $domain = '';
    /**
     * SMTP STARTTLS rfc: "Both the client and the server MUST know if there 
     * is a TLS session active."
     * Variable should be set to true, when encryption is turned on.
     * @var boolean
     * @since 1.5.1 
     */
    var $tls_enabled = false;
    /**
     * Private var
     * var stream $stream
     * @todo don't pass stream resource in class method arguments.
     */
    //var $stream = false;
    /** @var string delivery error message */
    var $dlv_msg = '';
    /** @var integer delivery error number from server */
    var $dlv_ret_nr = '';
    /** @var string delivery error message from server */
    var $dlv_server_msg = '';

    function preWriteToStream(&$s) {
        if ($s) {
            if ($s{0} == '.')   $s = '.' . $s;
            $s = str_replace("\n.","\n..",$s);
        }
    }

    function initStream($message, $domain, $length=0, $host='', $port='', $user='', $pass='', $authpop=false, $pop_host='') {
        global $use_smtp_tls,$smtp_auth_mech;

        if ($authpop) {
            $this->authPop($pop_host, '', $user, $pass);
        }

        $rfc822_header = $message->rfc822_header;

        $from = $rfc822_header->from[0];
        $to =   $rfc822_header->to;
        $cc =   $rfc822_header->cc;
        $bcc =  $rfc822_header->bcc;
        $content_type  = $rfc822_header->content_type;

        // MAIL FROM: <from address> MUST be empty in cae of MDN (RFC2298)
        if ($content_type->type0 == 'multipart' &&
            $content_type->type1 == 'report' &&
            isset($content_type->properties['report-type']) &&
            $content_type->properties['report-type']=='disposition-notification') {
            // reinitialize the from object because otherwise the from header somehow
            // is affected. This $from var is used for smtp command MAIL FROM which
            // is not the same as what we put in the rfc822 header.
            $from = new AddressStructure();
            $from->host = '';
            $from->mailbox = '';
        }

        if ($use_smtp_tls == 1) {
            if ((check_php_version(4,3)) && (extension_loaded('openssl'))) {
                $stream = @fsockopen('tls://' . $host, $port, $errorNumber, $errorString);
                $this->tls_enabled = true;
            } else {
                /**
                 * don't connect to server when user asks for smtps and 
                 * PHP does not support it.
                 */
                $errorNumber = '';
                $errorString = _("Secure SMTP (TLS) is enabled in SquirrelMail configuration, but used PHP version does not support it.");
            }
        } else {
            $stream = @fsockopen($host, $port, $errorNumber, $errorString);
        }

        if (!$stream) {
            // reset tls state var to default value, if connection fails
            $this->tls_enabled = false;
            // set error messages
            $this->dlv_msg = $errorString;
            $this->dlv_ret_nr = $errorNumber;
            $this->dlv_server_msg = _("Can't open SMTP stream.");
            return(0);
        }
        // get server greeting
        $tmp = fgets($stream, 1024);
        if ($this->errorCheck($tmp, $stream)) {
            return(0);
        }

        /*
         * If $_SERVER['HTTP_HOST'] is set, use that in our HELO to the SMTP
         * server.  This should fix the DNS issues some people have had
         */
        if (sqgetGlobalVar('HTTP_HOST', $HTTP_HOST, SQ_SERVER)) { // HTTP_HOST is set
            // optionally trim off port number
            if($p = strrpos($HTTP_HOST, ':')) {
                $HTTP_HOST = substr($HTTP_HOST, 0, $p);
            }
            $helohost = $HTTP_HOST;
        } else { // For some reason, HTTP_HOST is not set - revert to old behavior
            $helohost = $domain;
        }

        // if the host is an IPv4 address, enclose it in brackets
        //
        if (preg_match('/^\d+\.\d+\.\d+\.\d+$/', $helohost))
            $helohost = '[' . $helohost . ']';

        /* Lets introduce ourselves */
        fputs($stream, "EHLO $helohost\r\n");
        // Read ehlo response
        $tmp = $this->parse_ehlo_response($stream);
        if ($this->errorCheck($tmp,$stream)) {
            // fall back to HELO if EHLO is not supported (error 5xx)
            if ($this->dlv_ret_nr{0} == '5') {
                fputs($stream, "HELO $helohost\r\n");
                $tmp = fgets($stream,1024);
                if ($this->errorCheck($tmp,$stream)) {
                    return(0);
                }
            } else {
                return(0);
            }
        }

        /**
         * Implementing SMTP STARTTLS (rfc2487) in php 5.1.0+
         * http://www.php.net/stream-socket-enable-crypto
         */
        if ($use_smtp_tls === 2) {
            if (function_exists('stream_socket_enable_crypto')) {
                // don't try starting tls, when client thinks that it is already active
                if ($this->tls_enabled) {
                    $this->dlv_msg = _("TLS session is already activated.");
                    return 0;
                } elseif (!array_key_exists('STARTTLS',$this->ehlo)) {
                    // check for starttls in ehlo response
                    $this->dlv_msg = _("SMTP STARTTLS is enabled in SquirrelMail configuration, but used SMTP server does not support it");
                    return 0;
                }

                // issue starttls command
                fputs($stream, "STARTTLS\r\n");
                // get response
                $tmp = fgets($stream,1024);
                if ($this->errorCheck($tmp,$stream)) {
                    return 0;
                }

                // start crypto on connection. suppress function errors.
                if (@stream_socket_enable_crypto($stream,true,STREAM_CRYPTO_METHOD_TLS_CLIENT)) {
                    // starttls was successful (rfc2487 5.2 Result of the STARTTLS Command)
                    // get new EHLO response
                    fputs($stream, "EHLO $helohost\r\n");
                    // Read ehlo response
                    $tmp = $this->parse_ehlo_response($stream);
                    if ($this->errorCheck($tmp,$stream)) {
                        // don't revert to helo here. server must support ESMTP
                        return 0;
                    }
                    // set information about started tls
                    $this->tls_enabled = true;
                } else {
                    /**
                     * stream_socket_enable_crypto() call failed.
                     */
                    $this->dlv_msg = _("Unable to start TLS.");
                    return 0;
                    // Bug: can't get error message. See comments in sqimap_create_stream().
                }
            } else {
                // php install does not support stream_socket_enable_crypto() function
                $this->dlv_msg = _("SMTP STARTTLS is enabled in SquirrelMail configuration, but used PHP version does not support functions that allow to enable encryption on open socket.");
                return 0;
            }
        }

        // FIXME: check ehlo response before using authentication

        // Try authentication by a plugin
        //
        // NOTE: there is another hook in functions/auth.php called "smtp_auth" 
        // that allows a plugin to specify a different set of login credentials 
        // (so is slightly mis-named, but is too old to change), so be careful 
        // that you do not confuse your hook names.
        //
        $smtp_auth_args = array(
            'auth_mech' => $smtp_auth_mech,
            'user' => $user,
            'pass' => $pass,
            'host' => $host,
            'port' => $port,
            'stream' => $stream,
        );
        if (boolean_hook_function('smtp_authenticate', $smtp_auth_args, 1)) {
            // authentication succeeded
        } else if (( $smtp_auth_mech == 'cram-md5') or ( $smtp_auth_mech == 'digest-md5' )) {
            // Doing some form of non-plain auth
            if ($smtp_auth_mech == 'cram-md5') {
                fputs($stream, "AUTH CRAM-MD5\r\n");
            } elseif ($smtp_auth_mech == 'digest-md5') {
                fputs($stream, "AUTH DIGEST-MD5\r\n");
            }

            $tmp = fgets($stream,1024);

            if ($this->errorCheck($tmp,$stream)) {
                return(0);
            }

            // At this point, $tmp should hold "334 <challenge string>"
            $chall = substr($tmp,4);
            // Depending on mechanism, generate response string
            if ($smtp_auth_mech == 'cram-md5') {
                $response = cram_md5_response($user,$pass,$chall);
            } elseif ($smtp_auth_mech == 'digest-md5') {
                $response = digest_md5_response($user,$pass,$chall,'smtp',$host);
            }
            fputs($stream, $response);

            // Let's see what the server had to say about that
            $tmp = fgets($stream,1024);
            if ($this->errorCheck($tmp,$stream)) {
                return(0);
            }

            // CRAM-MD5 is done at this point.  If DIGEST-MD5, there's a bit more to go
            if ($smtp_auth_mech == 'digest-md5') {
                // $tmp contains rspauth, but I don't store that yet. (No need yet)
                fputs($stream,"\r\n");
                $tmp = fgets($stream,1024);

                if ($this->errorCheck($tmp,$stream)) {
                return(0);
                }
            }
        // CRAM-MD5 and DIGEST-MD5 code ends here
        } elseif ($smtp_auth_mech == 'none') {
        // No auth at all, just send helo and then send the mail
        // We already said hi earlier, nothing more is needed.
        } elseif ($smtp_auth_mech == 'login') {
            // The LOGIN method
            fputs($stream, "AUTH LOGIN\r\n");
            $tmp = fgets($stream, 1024);

            if ($this->errorCheck($tmp, $stream)) {
                return(0);
            }
            fputs($stream, base64_encode ($user) . "\r\n");
            $tmp = fgets($stream, 1024);
            if ($this->errorCheck($tmp, $stream)) {
                return(0);
            }

            fputs($stream, base64_encode($pass) . "\r\n");
            $tmp = fgets($stream, 1024);
            if ($this->errorCheck($tmp, $stream)) {
                return(0);
            }
        } elseif ($smtp_auth_mech == "plain") {
            /* SASL Plain */
            $auth = base64_encode("$user\0$user\0$pass");

            $query = "AUTH PLAIN\r\n";
            fputs($stream, $query);
            $read=fgets($stream, 1024);

            if (substr($read,0,3) == '334') { // OK so far..
                fputs($stream, "$auth\r\n");
                $read = fgets($stream, 1024);
            }

            $results=explode(" ",$read,3);
            $response=$results[1];
            $message=$results[2];
        } else {
            /* Right here, they've reached an unsupported auth mechanism.
            This is the ugliest hack I've ever done, but it'll do till I can fix
            things up better tomorrow.  So tired... */
            if ($this->errorCheck("535 Unable to use this auth type",$stream)) {
                return(0);
            }
        }

        /* Ok, who is sending the message? */
        $fromaddress = (strlen($from->mailbox) && $from->host) ?
            $from->mailbox.'@'.$from->host : '';
        fputs($stream, 'MAIL FROM:<'.$fromaddress.">\r\n");
        $tmp = fgets($stream, 1024);
        if ($this->errorCheck($tmp, $stream)) {
            return(0);
        }

        /* send who the recipients are */
        for ($i = 0, $cnt = count($to); $i < $cnt; $i++) {
            if (!$to[$i]->host) $to[$i]->host = $domain;
            if (strlen($to[$i]->mailbox)) {
                fputs($stream, 'RCPT TO:<'.$to[$i]->mailbox.'@'.$to[$i]->host.">\r\n");
                $tmp = fgets($stream, 1024);
                if ($this->errorCheck($tmp, $stream)) {
                    return(0);
                }
            }
        }

        for ($i = 0, $cnt = count($cc); $i < $cnt; $i++) {
            if (!$cc[$i]->host) $cc[$i]->host = $domain;
            if (strlen($cc[$i]->mailbox)) {
                fputs($stream, 'RCPT TO:<'.$cc[$i]->mailbox.'@'.$cc[$i]->host.">\r\n");
                $tmp = fgets($stream, 1024);
                if ($this->errorCheck($tmp, $stream)) {
                    return(0);
                }
            }
        }

        for ($i = 0, $cnt = count($bcc); $i < $cnt; $i++) {
            if (!$bcc[$i]->host) $bcc[$i]->host = $domain;
            if (strlen($bcc[$i]->mailbox)) {
                fputs($stream, 'RCPT TO:<'.$bcc[$i]->mailbox.'@'.$bcc[$i]->host.">\r\n");
                $tmp = fgets($stream, 1024);
                if ($this->errorCheck($tmp, $stream)) {
                    return(0);
                }
            }
        }
        /* Lets start sending the actual message */
        fputs($stream, "DATA\r\n");
        $tmp = fgets($stream, 1024);
        if ($this->errorCheck($tmp, $stream)) {
                return(0);
        }
        return $stream;
    }

    function finalizeStream($stream) {
        fputs($stream, "\r\n.\r\n"); /* end the DATA part */
        $tmp = fgets($stream, 1024);
        $this->errorCheck($tmp, $stream);
        if ($this->dlv_ret_nr != 250) {
                return(0);
        }
        fputs($stream, "QUIT\r\n"); /* log off */
        fclose($stream);
        return true;
    }

    /* check if an SMTP reply is an error and set an error message) */
    function errorCheck($line, $smtpConnection) {

        $err_num = substr($line, 0, 3);
        $this->dlv_ret_nr = $err_num;
        $server_msg = substr($line, 4);

        while(substr($line, 0, 4) == ($err_num.'-')) {
            $line = fgets($smtpConnection, 1024);
            $server_msg .= substr($line, 4);
        }

        if ( ((int) $err_num{0}) < 4) {
            return false;
        }

        switch ($err_num) {
        case '421': $message = _("Service not available, closing channel");
            break;
        case '432': $message = _("A password transition is needed");
            break;
        case '450': $message = _("Requested mail action not taken: mailbox unavailable");
            break;
        case '451': $message = _("Requested action aborted: error in processing");
            break;
        case '452': $message = _("Requested action not taken: insufficient system storage");
            break;
        case '454': $message = _("Temporary authentication failure");
            break;
        case '500': $message = _("Syntax error; command not recognized");
            break;
        case '501': $message = _("Syntax error in parameters or arguments");
            break;
        case '502': $message = _("Command not implemented");
            break;
        case '503': $message = _("Bad sequence of commands");
            break;
        case '504': $message = _("Command parameter not implemented");
            break;
        case '530': $message = _("Authentication required");
            break;
        case '534': $message = _("Authentication mechanism is too weak");
            break;
        case '535': $message = _("Authentication failed");
            break;
        case '538': $message = _("Encryption required for requested authentication mechanism");
            break;
        case '550': $message = _("Requested action not taken: mailbox unavailable");
            break;
        case '551': $message = _("User not local; please try forwarding");
            break;
        case '552': $message = _("Requested mail action aborted: exceeding storage allocation");
            break;
        case '553': $message = _("Requested action not taken: mailbox name not allowed");
            break;
        case '554': $message = _("Transaction failed");
            break;
        default:    $message = _("Unknown response");
            break;
        }

        $this->dlv_msg = $message;
        $this->dlv_server_msg = $server_msg;

        return true;
    }

    function authPop($pop_server='', $pop_port='', $user, $pass) {
        if (!$pop_port) {
            $pop_port = 110;
        }
        if (!$pop_server) {
            $pop_server = 'localhost';
        }
        $popConnection = @fsockopen($pop_server, $pop_port, $err_no, $err_str);
        if (!$popConnection) {
            error_log("Error connecting to POP Server ($pop_server:$pop_port)"
                . " $err_no : $err_str");
            return false;
        } else {
            $tmp = fgets($popConnection, 1024); /* banner */
            if (substr($tmp, 0, 3) != '+OK') {
                return false;
            }
            fputs($popConnection, "USER $user\r\n");
            $tmp = fgets($popConnection, 1024);
            if (substr($tmp, 0, 3) != '+OK') {
                return false;
            }
            fputs($popConnection, 'PASS ' . $pass . "\r\n");
            $tmp = fgets($popConnection, 1024);
            if (substr($tmp, 0, 3) != '+OK') {
                return false;
            }
            fputs($popConnection, "QUIT\r\n"); /* log off */
            fclose($popConnection);
        }
        return true;
    }

    /**
     * Parses ESMTP EHLO response (rfc1869)
     *
     * Reads SMTP response to EHLO command and fills class variables 
     * (ehlo array and domain string). Returns last line.
     * @param stream $stream smtp connection stream.
     * @return string last ehlo line
     * @since 1.5.1
     */
    function parse_ehlo_response($stream) {
        // don't cache ehlo information
        $this->ehlo=array();
        $ret = '';
        $firstline = true;
        /**
         * ehlo mailclient.example.org
         * 250-mail.example.org
         * 250-PIPELINING
         * 250-SIZE 52428800
         * 250-DATAZ
         * 250-STARTTLS
         * 250-AUTH LOGIN PLAIN
         * 250 8BITMIME
         */
        while ($line=fgets($stream, 1024)){
            // match[1] = first symbol after 250
            // match[2] = domain or ehlo-keyword
            // match[3] = greeting or ehlo-param
            // match space after keyword in ehlo-keyword CR LF
            if (preg_match("/^250(-|\s)(\S*)\s+(\S.*)\r\n/",$line,$match)||
                preg_match("/^250(-|\s)(\S*)\s*\r\n/",$line,$match)) {
                if ($firstline) {
                    // first ehlo line (250[-\ ]domain SP greeting)
                    $this->domain = $match[2];
                    $firstline=false;
                } elseif (!isset($match[3])) {
                    // simple one word extension
                    $this->ehlo[strtoupper($match[2])]='';
                } elseif (!preg_match("/\s/",trim($match[3]))) {
                    // extension with one option
                    // yes, I know about ctype extension. no, i don't want to depend on it
                    $this->ehlo[strtoupper($match[2])]=trim($match[3]);
                } else {
                    // ehlo-param with spaces
                    $this->ehlo[strtoupper($match[2])]=explode(' ',trim($match[3]));
                }
                if ($match[1]==' ') {
                    // stop while cycle, if we reach last 250 line
                    $ret = $line;
                    break;
                }
            } else {
                // this is not 250 response
                $ret = $line;
                break;
            }
        }
        return $ret;
    }
}
Commit	Line	Data
	1	<?php
	2
	3	/**
	4	* Deliver_SMTP.class.php
	5	*
	6	* SMTP delivery backend for the Deliver class.
	7	*
	8	* @copyright 1999-2012 The SquirrelMail Project Team
	9	* @license http://opensource.org/licenses/gpl-license.php GNU Public License
	10	* @version $Id$
	11	* @package squirrelmail
	12	*/
	13
	14	/** @ignore */
	15	if (!defined('SM_PATH')) define('SM_PATH','../../');
	16
	17	/** This of course depends upon Deliver */
	18	include_once(SM_PATH . 'class/deliver/Deliver.class.php');
	19
	20	/**
	21	* Deliver messages using SMTP
	22	* @package squirrelmail
	23	*/
	24	class Deliver_SMTP extends Deliver {
	25	/**
	26	* Array keys are uppercased ehlo keywords
	27	* array key values are ehlo params. If ehlo-param contains space, it is splitted into array.
	28	* @var array ehlo
	29	* @since 1.5.1
	30	*/
	31	var $ehlo = array();
	32	/**
	33	* @var string domain
	34	* @since 1.5.1
	35	*/
	36	var $domain = '';
	37	/**
	38	* SMTP STARTTLS rfc: "Both the client and the server MUST know if there
	39	* is a TLS session active."
	40	* Variable should be set to true, when encryption is turned on.
	41	* @var boolean
	42	* @since 1.5.1
	43	*/
	44	var $tls_enabled = false;
	45	/**
	46	* Private var
	47	* var stream $stream
	48	* @todo don't pass stream resource in class method arguments.
	49	*/
	50	//var $stream = false;
	51	/** @var string delivery error message */
	52	var $dlv_msg = '';
	53	/** @var integer delivery error number from server */
	54	var $dlv_ret_nr = '';
	55	/** @var string delivery error message from server */
	56	var $dlv_server_msg = '';
	57
	58	function preWriteToStream(&$s) {
	59	if ($s) {
	60	if ($s{0} == '.') $s = '.' . $s;
	61	$s = str_replace("\n.","\n..",$s);
	62	}
	63	}
	64
	65	function initStream($message, $domain, $length=0, $host='', $port='', $user='', $pass='', $authpop=false, $pop_host='') {
	66	global $use_smtp_tls,$smtp_auth_mech;
	67
	68	if ($authpop) {
	69	$this->authPop($pop_host, '', $user, $pass);
	70	}
	71
	72	$rfc822_header = $message->rfc822_header;
	73
	74	$from = $rfc822_header->from[0];
	75	$to = $rfc822_header->to;
	76	$cc = $rfc822_header->cc;
	77	$bcc = $rfc822_header->bcc;
	78	$content_type = $rfc822_header->content_type;
	79
	80	// MAIL FROM: <from address> MUST be empty in cae of MDN (RFC2298)
	81	if ($content_type->type0 == 'multipart' &&
	82	$content_type->type1 == 'report' &&
	83	isset($content_type->properties['report-type']) &&
	84	$content_type->properties['report-type']=='disposition-notification') {
	85	// reinitialize the from object because otherwise the from header somehow
	86	// is affected. This $from var is used for smtp command MAIL FROM which
	87	// is not the same as what we put in the rfc822 header.
	88	$from = new AddressStructure();
	89	$from->host = '';
	90	$from->mailbox = '';
	91	}
	92
	93	if ($use_smtp_tls == 1) {
	94	if ((check_php_version(4,3)) && (extension_loaded('openssl'))) {
	95	$stream = @fsockopen('tls://' . $host, $port, $errorNumber, $errorString);
	96	$this->tls_enabled = true;
	97	} else {
	98	/**
	99	* don't connect to server when user asks for smtps and
	100	* PHP does not support it.
	101	*/
	102	$errorNumber = '';
	103	$errorString = _("Secure SMTP (TLS) is enabled in SquirrelMail configuration, but used PHP version does not support it.");
	104	}
	105	} else {
	106	$stream = @fsockopen($host, $port, $errorNumber, $errorString);
	107	}
	108
	109	if (!$stream) {
	110	// reset tls state var to default value, if connection fails
	111	$this->tls_enabled = false;
	112	// set error messages
	113	$this->dlv_msg = $errorString;
	114	$this->dlv_ret_nr = $errorNumber;
	115	$this->dlv_server_msg = _("Can't open SMTP stream.");
	116	return(0);
	117	}
	118	// get server greeting
	119	$tmp = fgets($stream, 1024);
	120	if ($this->errorCheck($tmp, $stream)) {
	121	return(0);
	122	}
	123
	124	/*
	125	* If $_SERVER['HTTP_HOST'] is set, use that in our HELO to the SMTP
	126	* server. This should fix the DNS issues some people have had
	127	*/
	128	if (sqgetGlobalVar('HTTP_HOST', $HTTP_HOST, SQ_SERVER)) { // HTTP_HOST is set
	129	// optionally trim off port number
	130	if($p = strrpos($HTTP_HOST, ':')) {
	131	$HTTP_HOST = substr($HTTP_HOST, 0, $p);
	132	}
	133	$helohost = $HTTP_HOST;
	134	} else { // For some reason, HTTP_HOST is not set - revert to old behavior
	135	$helohost = $domain;
	136	}
	137
	138	// if the host is an IPv4 address, enclose it in brackets
	139	//
	140	if (preg_match('/^\d+\.\d+\.\d+\.\d+$/', $helohost))
	141	$helohost = '[' . $helohost . ']';
	142
	143	/* Lets introduce ourselves */
	144	fputs($stream, "EHLO $helohost\r\n");
	145	// Read ehlo response
	146	$tmp = $this->parse_ehlo_response($stream);
	147	if ($this->errorCheck($tmp,$stream)) {
	148	// fall back to HELO if EHLO is not supported (error 5xx)
	149	if ($this->dlv_ret_nr{0} == '5') {
	150	fputs($stream, "HELO $helohost\r\n");
	151	$tmp = fgets($stream,1024);
	152	if ($this->errorCheck($tmp,$stream)) {
	153	return(0);
	154	}
	155	} else {
	156	return(0);
	157	}
	158	}
	159
	160	/**
	161	* Implementing SMTP STARTTLS (rfc2487) in php 5.1.0+
	162	* http://www.php.net/stream-socket-enable-crypto
	163	*/
	164	if ($use_smtp_tls === 2) {
	165	if (function_exists('stream_socket_enable_crypto')) {
	166	// don't try starting tls, when client thinks that it is already active
	167	if ($this->tls_enabled) {
	168	$this->dlv_msg = _("TLS session is already activated.");
	169	return 0;
	170	} elseif (!array_key_exists('STARTTLS',$this->ehlo)) {
	171	// check for starttls in ehlo response
	172	$this->dlv_msg = _("SMTP STARTTLS is enabled in SquirrelMail configuration, but used SMTP server does not support it");
	173	return 0;
	174	}
	175
	176	// issue starttls command
	177	fputs($stream, "STARTTLS\r\n");
	178	// get response
	179	$tmp = fgets($stream,1024);
	180	if ($this->errorCheck($tmp,$stream)) {
	181	return 0;
	182	}
	183
	184	// start crypto on connection. suppress function errors.
	185	if (@stream_socket_enable_crypto($stream,true,STREAM_CRYPTO_METHOD_TLS_CLIENT)) {
	186	// starttls was successful (rfc2487 5.2 Result of the STARTTLS Command)
	187	// get new EHLO response
	188	fputs($stream, "EHLO $helohost\r\n");
	189	// Read ehlo response
	190	$tmp = $this->parse_ehlo_response($stream);
	191	if ($this->errorCheck($tmp,$stream)) {
	192	// don't revert to helo here. server must support ESMTP
	193	return 0;
	194	}
	195	// set information about started tls
	196	$this->tls_enabled = true;
	197	} else {
	198	/**
	199	* stream_socket_enable_crypto() call failed.
	200	*/
	201	$this->dlv_msg = _("Unable to start TLS.");
	202	return 0;
	203	// Bug: can't get error message. See comments in sqimap_create_stream().
	204	}
	205	} else {
	206	// php install does not support stream_socket_enable_crypto() function
	207	$this->dlv_msg = _("SMTP STARTTLS is enabled in SquirrelMail configuration, but used PHP version does not support functions that allow to enable encryption on open socket.");
	208	return 0;
	209	}
	210	}
	211
	212	// FIXME: check ehlo response before using authentication
	213
	214	// Try authentication by a plugin
	215	//
	216	// NOTE: there is another hook in functions/auth.php called "smtp_auth"
	217	// that allows a plugin to specify a different set of login credentials
	218	// (so is slightly mis-named, but is too old to change), so be careful
	219	// that you do not confuse your hook names.
	220	//
	221	$smtp_auth_args = array(
	222	'auth_mech' => $smtp_auth_mech,
	223	'user' => $user,
	224	'pass' => $pass,
	225	'host' => $host,
	226	'port' => $port,
	227	'stream' => $stream,
	228	);
	229	if (boolean_hook_function('smtp_authenticate', $smtp_auth_args, 1)) {
	230	// authentication succeeded
	231	} else if (( $smtp_auth_mech == 'cram-md5') or ( $smtp_auth_mech == 'digest-md5' )) {
	232	// Doing some form of non-plain auth
	233	if ($smtp_auth_mech == 'cram-md5') {
	234	fputs($stream, "AUTH CRAM-MD5\r\n");
	235	} elseif ($smtp_auth_mech == 'digest-md5') {
	236	fputs($stream, "AUTH DIGEST-MD5\r\n");
	237	}
	238
	239	$tmp = fgets($stream,1024);
	240
	241	if ($this->errorCheck($tmp,$stream)) {
	242	return(0);
	243	}
	244
	245	// At this point, $tmp should hold "334 <challenge string>"
	246	$chall = substr($tmp,4);
	247	// Depending on mechanism, generate response string
	248	if ($smtp_auth_mech == 'cram-md5') {
	249	$response = cram_md5_response($user,$pass,$chall);
	250	} elseif ($smtp_auth_mech == 'digest-md5') {
	251	$response = digest_md5_response($user,$pass,$chall,'smtp',$host);
	252	}
	253	fputs($stream, $response);
	254
	255	// Let's see what the server had to say about that
	256	$tmp = fgets($stream,1024);
	257	if ($this->errorCheck($tmp,$stream)) {
	258	return(0);
	259	}
	260
	261	// CRAM-MD5 is done at this point. If DIGEST-MD5, there's a bit more to go
	262	if ($smtp_auth_mech == 'digest-md5') {
	263	// $tmp contains rspauth, but I don't store that yet. (No need yet)
	264	fputs($stream,"\r\n");
	265	$tmp = fgets($stream,1024);
	266
	267	if ($this->errorCheck($tmp,$stream)) {
	268	return(0);
	269	}
	270	}
	271	// CRAM-MD5 and DIGEST-MD5 code ends here
	272	} elseif ($smtp_auth_mech == 'none') {
	273	// No auth at all, just send helo and then send the mail
	274	// We already said hi earlier, nothing more is needed.
	275	} elseif ($smtp_auth_mech == 'login') {
	276	// The LOGIN method
	277	fputs($stream, "AUTH LOGIN\r\n");
	278	$tmp = fgets($stream, 1024);
	279
	280	if ($this->errorCheck($tmp, $stream)) {
	281	return(0);
	282	}
	283	fputs($stream, base64_encode ($user) . "\r\n");
	284	$tmp = fgets($stream, 1024);
	285	if ($this->errorCheck($tmp, $stream)) {
	286	return(0);
	287	}
	288
	289	fputs($stream, base64_encode($pass) . "\r\n");
	290	$tmp = fgets($stream, 1024);
	291	if ($this->errorCheck($tmp, $stream)) {
	292	return(0);
	293	}
	294	} elseif ($smtp_auth_mech == "plain") {
	295	/* SASL Plain */
	296	$auth = base64_encode("$user\0$user\0$pass");
	297
	298	$query = "AUTH PLAIN\r\n";
	299	fputs($stream, $query);
	300	$read=fgets($stream, 1024);
	301
	302	if (substr($read,0,3) == '334') { // OK so far..
	303	fputs($stream, "$auth\r\n");
	304	$read = fgets($stream, 1024);
	305	}
	306
	307	$results=explode(" ",$read,3);
	308	$response=$results[1];
	309	$message=$results[2];
	310	} else {
	311	/* Right here, they've reached an unsupported auth mechanism.
	312	This is the ugliest hack I've ever done, but it'll do till I can fix
	313	things up better tomorrow. So tired... */
	314	if ($this->errorCheck("535 Unable to use this auth type",$stream)) {
	315	return(0);
	316	}
	317	}
	318
	319	/* Ok, who is sending the message? */
	320	$fromaddress = (strlen($from->mailbox) && $from->host) ?
	321	$from->mailbox.'@'.$from->host : '';
	322	fputs($stream, 'MAIL FROM:<'.$fromaddress.">\r\n");
	323	$tmp = fgets($stream, 1024);
	324	if ($this->errorCheck($tmp, $stream)) {
	325	return(0);
	326	}
	327
	328	/* send who the recipients are */
	329	for ($i = 0, $cnt = count($to); $i < $cnt; $i++) {
	330	if (!$to[$i]->host) $to[$i]->host = $domain;
	331	if (strlen($to[$i]->mailbox)) {
	332	fputs($stream, 'RCPT TO:<'.$to[$i]->mailbox.'@'.$to[$i]->host.">\r\n");
	333	$tmp = fgets($stream, 1024);
	334	if ($this->errorCheck($tmp, $stream)) {
	335	return(0);
	336	}
	337	}
	338	}
	339
	340	for ($i = 0, $cnt = count($cc); $i < $cnt; $i++) {
	341	if (!$cc[$i]->host) $cc[$i]->host = $domain;
	342	if (strlen($cc[$i]->mailbox)) {
	343	fputs($stream, 'RCPT TO:<'.$cc[$i]->mailbox.'@'.$cc[$i]->host.">\r\n");
	344	$tmp = fgets($stream, 1024);
	345	if ($this->errorCheck($tmp, $stream)) {
	346	return(0);
	347	}
	348	}
	349	}
	350
	351	for ($i = 0, $cnt = count($bcc); $i < $cnt; $i++) {
	352	if (!$bcc[$i]->host) $bcc[$i]->host = $domain;
	353	if (strlen($bcc[$i]->mailbox)) {
	354	fputs($stream, 'RCPT TO:<'.$bcc[$i]->mailbox.'@'.$bcc[$i]->host.">\r\n");
	355	$tmp = fgets($stream, 1024);
	356	if ($this->errorCheck($tmp, $stream)) {
	357	return(0);
	358	}
	359	}
	360	}
	361	/* Lets start sending the actual message */
	362	fputs($stream, "DATA\r\n");
	363	$tmp = fgets($stream, 1024);
	364	if ($this->errorCheck($tmp, $stream)) {
	365	return(0);
	366	}
	367	return $stream;
	368	}
	369
	370	function finalizeStream($stream) {
	371	fputs($stream, "\r\n.\r\n"); /* end the DATA part */
	372	$tmp = fgets($stream, 1024);
	373	$this->errorCheck($tmp, $stream);
	374	if ($this->dlv_ret_nr != 250) {
	375	return(0);
	376	}
	377	fputs($stream, "QUIT\r\n"); /* log off */
	378	fclose($stream);
	379	return true;
	380	}
	381
	382	/* check if an SMTP reply is an error and set an error message) */
	383	function errorCheck($line, $smtpConnection) {
	384
	385	$err_num = substr($line, 0, 3);
	386	$this->dlv_ret_nr = $err_num;
	387	$server_msg = substr($line, 4);
	388
	389	while(substr($line, 0, 4) == ($err_num.'-')) {
	390	$line = fgets($smtpConnection, 1024);
	391	$server_msg .= substr($line, 4);
	392	}
	393
	394	if ( ((int) $err_num{0}) < 4) {
	395	return false;
	396	}
	397
	398	switch ($err_num) {
	399	case '421': $message = _("Service not available, closing channel");
	400	break;
	401	case '432': $message = _("A password transition is needed");
	402	break;
	403	case '450': $message = _("Requested mail action not taken: mailbox unavailable");
	404	break;
	405	case '451': $message = _("Requested action aborted: error in processing");
	406	break;
	407	case '452': $message = _("Requested action not taken: insufficient system storage");
	408	break;
	409	case '454': $message = _("Temporary authentication failure");
	410	break;
	411	case '500': $message = _("Syntax error; command not recognized");
	412	break;
	413	case '501': $message = _("Syntax error in parameters or arguments");
	414	break;
	415	case '502': $message = _("Command not implemented");
	416	break;
	417	case '503': $message = _("Bad sequence of commands");
	418	break;
	419	case '504': $message = _("Command parameter not implemented");
	420	break;
	421	case '530': $message = _("Authentication required");
	422	break;
	423	case '534': $message = _("Authentication mechanism is too weak");
	424	break;
	425	case '535': $message = _("Authentication failed");
	426	break;
	427	case '538': $message = _("Encryption required for requested authentication mechanism");
	428	break;
	429	case '550': $message = _("Requested action not taken: mailbox unavailable");
	430	break;
	431	case '551': $message = _("User not local; please try forwarding");
	432	break;
	433	case '552': $message = _("Requested mail action aborted: exceeding storage allocation");
	434	break;
	435	case '553': $message = _("Requested action not taken: mailbox name not allowed");
	436	break;
	437	case '554': $message = _("Transaction failed");
	438	break;
	439	default: $message = _("Unknown response");
	440	break;
	441	}
	442
	443	$this->dlv_msg = $message;
	444	$this->dlv_server_msg = $server_msg;
	445
	446	return true;
	447	}
	448
	449	function authPop($pop_server='', $pop_port='', $user, $pass) {
	450	if (!$pop_port) {
	451	$pop_port = 110;
	452	}
	453	if (!$pop_server) {
	454	$pop_server = 'localhost';
	455	}
	456	$popConnection = @fsockopen($pop_server, $pop_port, $err_no, $err_str);
	457	if (!$popConnection) {
	458	error_log("Error connecting to POP Server ($pop_server:$pop_port)"
	459	. " $err_no : $err_str");
	460	return false;
	461	} else {
	462	$tmp = fgets($popConnection, 1024); /* banner */
	463	if (substr($tmp, 0, 3) != '+OK') {
	464	return false;
	465	}
	466	fputs($popConnection, "USER $user\r\n");
	467	$tmp = fgets($popConnection, 1024);
	468	if (substr($tmp, 0, 3) != '+OK') {
	469	return false;
	470	}
	471	fputs($popConnection, 'PASS ' . $pass . "\r\n");
	472	$tmp = fgets($popConnection, 1024);
	473	if (substr($tmp, 0, 3) != '+OK') {
	474	return false;
	475	}
	476	fputs($popConnection, "QUIT\r\n"); /* log off */
	477	fclose($popConnection);
	478	}
	479	return true;
	480	}
	481
	482	/**
	483	* Parses ESMTP EHLO response (rfc1869)
	484	*
	485	* Reads SMTP response to EHLO command and fills class variables
	486	* (ehlo array and domain string). Returns last line.
	487	* @param stream $stream smtp connection stream.
	488	* @return string last ehlo line
	489	* @since 1.5.1
	490	*/
	491	function parse_ehlo_response($stream) {
	492	// don't cache ehlo information
	493	$this->ehlo=array();
	494	$ret = '';
	495	$firstline = true;
	496	/**
	497	* ehlo mailclient.example.org
	498	* 250-mail.example.org
	499	* 250-PIPELINING
	500	* 250-SIZE 52428800
	501	* 250-DATAZ
	502	* 250-STARTTLS
	503	* 250-AUTH LOGIN PLAIN
	504	* 250 8BITMIME
	505	*/
	506	while ($line=fgets($stream, 1024)){
	507	// match[1] = first symbol after 250
	508	// match[2] = domain or ehlo-keyword
	509	// match[3] = greeting or ehlo-param
	510	// match space after keyword in ehlo-keyword CR LF
	511	if (preg_match("/^250(-\|\s)(\S)\s+(\S.)\r\n/",$line,$match)\|\|
	512	preg_match("/^250(-\|\s)(\S)\s\r\n/",$line,$match)) {
	513	if ($firstline) {
	514	// first ehlo line (250[-\ ]domain SP greeting)
	515	$this->domain = $match[2];
	516	$firstline=false;
	517	} elseif (!isset($match[3])) {
	518	// simple one word extension
	519	$this->ehlo[strtoupper($match[2])]='';
	520	} elseif (!preg_match("/\s/",trim($match[3]))) {
	521	// extension with one option
	522	// yes, I know about ctype extension. no, i don't want to depend on it
	523	$this->ehlo[strtoupper($match[2])]=trim($match[3]);
	524	} else {
	525	// ehlo-param with spaces
	526	$this->ehlo[strtoupper($match[2])]=explode(' ',trim($match[3]));
	527	}
	528	if ($match[1]==' ') {
	529	// stop while cycle, if we reach last 250 line
	530	$ret = $line;
	531	break;
	532	}
	533	} else {
	534	// this is not 250 response
	535	$ret = $line;
	536	break;
	537	}
	538	}
	539	return $ret;
	540	}
	541	}