4 * Deliver_SMTP.class.php
6 * SMTP delivery backend for the Deliver class.
8 * @copyright 1999-2014 The SquirrelMail Project Team
9 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
11 * @package squirrelmail
15 if (!defined('SM_PATH')) define('SM_PATH','../../');
17 /** This of course depends upon Deliver */
18 include_once(SM_PATH
. 'class/deliver/Deliver.class.php');
21 * Deliver messages using SMTP
22 * @package squirrelmail
24 class Deliver_SMTP
extends Deliver
{
26 * Array keys are uppercased ehlo keywords
27 * array key values are ehlo params. If ehlo-param contains space, it is splitted into array.
38 * SMTP STARTTLS rfc: "Both the client and the server MUST know if there
39 * is a TLS session active."
40 * Variable should be set to true, when encryption is turned on.
44 var $tls_enabled = false;
48 * @todo don't pass stream resource in class method arguments.
50 //var $stream = false;
51 /** @var string delivery error message */
53 /** @var integer delivery error number from server */
55 /** @var string delivery error message from server */
56 var $dlv_server_msg = '';
58 function preWriteToStream(&$s) {
60 if ($s{0} == '.') $s = '.' . $s;
61 $s = str_replace("\n.","\n..",$s);
65 function initStream($message, $domain, $length=0, $host='', $port='', $user='', $pass='', $authpop=false, $pop_host='', $stream_options=array()) {
66 global $use_smtp_tls,$smtp_auth_mech;
69 $this->authPop($pop_host, '', $user, $pass);
72 $rfc822_header = $message->rfc822_header
;
74 $from = $rfc822_header->from
[0];
75 $to = $rfc822_header->to
;
76 $cc = $rfc822_header->cc
;
77 $bcc = $rfc822_header->bcc
;
78 $content_type = $rfc822_header->content_type
;
80 // MAIL FROM: <from address> MUST be empty in cae of MDN (RFC2298)
81 if ($content_type->type0
== 'multipart' &&
82 $content_type->type1
== 'report' &&
83 isset($content_type->properties
['report-type']) &&
84 $content_type->properties
['report-type']=='disposition-notification') {
85 // reinitialize the from object because otherwise the from header somehow
86 // is affected. This $from var is used for smtp command MAIL FROM which
87 // is not the same as what we put in the rfc822 header.
88 $from = new AddressStructure();
93 // NB: Using "ssl://" ensures the highest possible TLS version
94 // will be negotiated with the server (whereas "tls://" only
95 // uses TLS version 1.0)
97 if ($use_smtp_tls == 1) {
98 if ((check_php_version(4,3)) && (extension_loaded('openssl'))) {
99 if (function_exists('stream_socket_client')) {
100 $server_address = 'ssl://' . $host . ':' . $port;
101 $ssl_context = @stream_context_create
($stream_options);
102 $connect_timeout = ini_get('default_socket_timeout');
103 // null timeout is broken
104 if ($connect_timeout == 0)
105 $connect_timeout = 30;
106 $stream = @stream_socket_client
($server_address, $errorNumber, $errorString, $connect_timeout, STREAM_CLIENT_CONNECT
, $ssl_context);
108 $stream = @fsockopen
('ssl://' . $host, $port, $errorNumber, $errorString);
110 $this->tls_enabled
= true;
113 * don't connect to server when user asks for smtps and
114 * PHP does not support it.
117 $errorString = _("Secure SMTP (TLS) is enabled in SquirrelMail configuration, but used PHP version does not support it.");
120 $stream = @fsockopen
($host, $port, $errorNumber, $errorString);
124 // reset tls state var to default value, if connection fails
125 $this->tls_enabled
= false;
126 // set error messages
127 $this->dlv_msg
= $errorString;
128 $this->dlv_ret_nr
= $errorNumber;
129 $this->dlv_server_msg
= _("Can't open SMTP stream.");
132 // get server greeting
133 $tmp = fgets($stream, 1024);
134 if ($this->errorCheck($tmp, $stream)) {
139 * If $_SERVER['HTTP_HOST'] is set, use that in our HELO to the SMTP
140 * server. This should fix the DNS issues some people have had
142 if (sqgetGlobalVar('HTTP_HOST', $HTTP_HOST, SQ_SERVER
)) { // HTTP_HOST is set
143 // optionally trim off port number
144 if($p = strrpos($HTTP_HOST, ':')) {
145 $HTTP_HOST = substr($HTTP_HOST, 0, $p);
147 $helohost = $HTTP_HOST;
148 } else { // For some reason, HTTP_HOST is not set - revert to old behavior
152 // if the host is an IPv4 address, enclose it in brackets
154 if (preg_match('/^\d+\.\d+\.\d+\.\d+$/', $helohost))
155 $helohost = '[' . $helohost . ']';
157 /* Lets introduce ourselves */
158 fputs($stream, "EHLO $helohost\r\n");
159 // Read ehlo response
160 $tmp = $this->parse_ehlo_response($stream);
161 if ($this->errorCheck($tmp,$stream)) {
162 // fall back to HELO if EHLO is not supported (error 5xx)
163 if ($this->dlv_ret_nr
{0} == '5') {
164 fputs($stream, "HELO $helohost\r\n");
165 $tmp = fgets($stream,1024);
166 if ($this->errorCheck($tmp,$stream)) {
175 * Implementing SMTP STARTTLS (rfc2487) in php 5.1.0+
176 * http://www.php.net/stream-socket-enable-crypto
178 if ($use_smtp_tls === 2) {
179 if (function_exists('stream_socket_enable_crypto')) {
180 // don't try starting tls, when client thinks that it is already active
181 if ($this->tls_enabled
) {
182 $this->dlv_msg
= _("TLS session is already activated.");
184 } elseif (!array_key_exists('STARTTLS',$this->ehlo
)) {
185 // check for starttls in ehlo response
186 $this->dlv_msg
= _("SMTP STARTTLS is enabled in SquirrelMail configuration, but used SMTP server does not support it");
190 // issue starttls command
191 fputs($stream, "STARTTLS\r\n");
193 $tmp = fgets($stream,1024);
194 if ($this->errorCheck($tmp,$stream)) {
198 // start crypto on connection. suppress function errors.
199 if (@stream_socket_enable_crypto
($stream,true,STREAM_CRYPTO_METHOD_TLS_CLIENT
)) {
200 // starttls was successful (rfc2487 5.2 Result of the STARTTLS Command)
201 // get new EHLO response
202 fputs($stream, "EHLO $helohost\r\n");
203 // Read ehlo response
204 $tmp = $this->parse_ehlo_response($stream);
205 if ($this->errorCheck($tmp,$stream)) {
206 // don't revert to helo here. server must support ESMTP
209 // set information about started tls
210 $this->tls_enabled
= true;
213 * stream_socket_enable_crypto() call failed.
215 $this->dlv_msg
= _("Unable to start TLS.");
217 // Bug: can't get error message. See comments in sqimap_create_stream().
220 // php install does not support stream_socket_enable_crypto() function
221 $this->dlv_msg
= _("SMTP STARTTLS is enabled in SquirrelMail configuration, but used PHP version does not support functions that allow to enable encryption on open socket.");
226 // FIXME: check ehlo response before using authentication
228 // Try authentication by a plugin
230 // NOTE: there is another hook in functions/auth.php called "smtp_auth"
231 // that allows a plugin to specify a different set of login credentials
232 // (so is slightly mis-named, but is too old to change), so be careful
233 // that you do not confuse your hook names.
235 $smtp_auth_args = array(
236 'auth_mech' => $smtp_auth_mech,
243 if (boolean_hook_function('smtp_authenticate', $smtp_auth_args, 1)) {
244 // authentication succeeded
245 } else if (( $smtp_auth_mech == 'cram-md5') or ( $smtp_auth_mech == 'digest-md5' )) {
246 // Doing some form of non-plain auth
247 if ($smtp_auth_mech == 'cram-md5') {
248 fputs($stream, "AUTH CRAM-MD5\r\n");
249 } elseif ($smtp_auth_mech == 'digest-md5') {
250 fputs($stream, "AUTH DIGEST-MD5\r\n");
253 $tmp = fgets($stream,1024);
255 if ($this->errorCheck($tmp,$stream)) {
259 // At this point, $tmp should hold "334 <challenge string>"
260 $chall = substr($tmp,4);
261 // Depending on mechanism, generate response string
262 if ($smtp_auth_mech == 'cram-md5') {
263 $response = cram_md5_response($user,$pass,$chall);
264 } elseif ($smtp_auth_mech == 'digest-md5') {
265 $response = digest_md5_response($user,$pass,$chall,'smtp',$host);
267 fputs($stream, $response);
269 // Let's see what the server had to say about that
270 $tmp = fgets($stream,1024);
271 if ($this->errorCheck($tmp,$stream)) {
275 // CRAM-MD5 is done at this point. If DIGEST-MD5, there's a bit more to go
276 if ($smtp_auth_mech == 'digest-md5') {
277 // $tmp contains rspauth, but I don't store that yet. (No need yet)
278 fputs($stream,"\r\n");
279 $tmp = fgets($stream,1024);
281 if ($this->errorCheck($tmp,$stream)) {
285 // CRAM-MD5 and DIGEST-MD5 code ends here
286 } elseif ($smtp_auth_mech == 'none') {
287 // No auth at all, just send helo and then send the mail
288 // We already said hi earlier, nothing more is needed.
289 } elseif ($smtp_auth_mech == 'login') {
291 fputs($stream, "AUTH LOGIN\r\n");
292 $tmp = fgets($stream, 1024);
294 if ($this->errorCheck($tmp, $stream)) {
297 fputs($stream, base64_encode ($user) . "\r\n");
298 $tmp = fgets($stream, 1024);
299 if ($this->errorCheck($tmp, $stream)) {
303 fputs($stream, base64_encode($pass) . "\r\n");
304 $tmp = fgets($stream, 1024);
305 if ($this->errorCheck($tmp, $stream)) {
308 } elseif ($smtp_auth_mech == "plain") {
310 $auth = base64_encode("$user\0$user\0$pass");
312 $query = "AUTH PLAIN\r\n";
313 fputs($stream, $query);
314 $read=fgets($stream, 1024);
316 if (substr($read,0,3) == '334') { // OK so far..
317 fputs($stream, "$auth\r\n");
318 $read = fgets($stream, 1024);
321 $results=explode(" ",$read,3);
322 $response=$results[1];
323 $message=$results[2];
325 /* Right here, they've reached an unsupported auth mechanism.
326 This is the ugliest hack I've ever done, but it'll do till I can fix
327 things up better tomorrow. So tired... */
328 if ($this->errorCheck("535 Unable to use this auth type",$stream)) {
333 /* Ok, who is sending the message? */
334 $fromaddress = (strlen($from->mailbox
) && $from->host
) ?
335 $from->mailbox
.'@'.$from->host
: '';
336 fputs($stream, 'MAIL FROM:<'.$fromaddress.">\r\n");
337 $tmp = fgets($stream, 1024);
338 if ($this->errorCheck($tmp, $stream)) {
342 /* send who the recipients are */
343 for ($i = 0, $cnt = count($to); $i < $cnt; $i++
) {
344 if (!$to[$i]->host
) $to[$i]->host
= $domain;
345 if (strlen($to[$i]->mailbox
)) {
346 fputs($stream, 'RCPT TO:<'.$to[$i]->mailbox
.'@'.$to[$i]->host
.">\r\n");
347 $tmp = fgets($stream, 1024);
348 if ($this->errorCheck($tmp, $stream)) {
354 for ($i = 0, $cnt = count($cc); $i < $cnt; $i++
) {
355 if (!$cc[$i]->host
) $cc[$i]->host
= $domain;
356 if (strlen($cc[$i]->mailbox
)) {
357 fputs($stream, 'RCPT TO:<'.$cc[$i]->mailbox
.'@'.$cc[$i]->host
.">\r\n");
358 $tmp = fgets($stream, 1024);
359 if ($this->errorCheck($tmp, $stream)) {
365 for ($i = 0, $cnt = count($bcc); $i < $cnt; $i++
) {
366 if (!$bcc[$i]->host
) $bcc[$i]->host
= $domain;
367 if (strlen($bcc[$i]->mailbox
)) {
368 fputs($stream, 'RCPT TO:<'.$bcc[$i]->mailbox
.'@'.$bcc[$i]->host
.">\r\n");
369 $tmp = fgets($stream, 1024);
370 if ($this->errorCheck($tmp, $stream)) {
375 /* Lets start sending the actual message */
376 fputs($stream, "DATA\r\n");
377 $tmp = fgets($stream, 1024);
378 if ($this->errorCheck($tmp, $stream)) {
384 function finalizeStream($stream) {
385 fputs($stream, "\r\n.\r\n"); /* end the DATA part */
386 $tmp = fgets($stream, 1024);
387 $this->errorCheck($tmp, $stream);
388 if ($this->dlv_ret_nr
!= 250) {
391 fputs($stream, "QUIT\r\n"); /* log off */
396 /* check if an SMTP reply is an error and set an error message) */
397 function errorCheck($line, $smtpConnection) {
399 $err_num = substr($line, 0, 3);
400 $this->dlv_ret_nr
= $err_num;
401 $server_msg = substr($line, 4);
403 while(substr($line, 0, 4) == ($err_num.'-')) {
404 $line = fgets($smtpConnection, 1024);
405 $server_msg .= substr($line, 4);
408 if ( ((int) $err_num{0}) < 4) {
413 case '421': $message = _("Service not available, closing channel");
415 case '432': $message = _("A password transition is needed");
417 case '450': $message = _("Requested mail action not taken: mailbox unavailable");
419 case '451': $message = _("Requested action aborted: error in processing");
421 case '452': $message = _("Requested action not taken: insufficient system storage");
423 case '454': $message = _("Temporary authentication failure");
425 case '500': $message = _("Syntax error; command not recognized");
427 case '501': $message = _("Syntax error in parameters or arguments");
429 case '502': $message = _("Command not implemented");
431 case '503': $message = _("Bad sequence of commands");
433 case '504': $message = _("Command parameter not implemented");
435 case '530': $message = _("Authentication required");
437 case '534': $message = _("Authentication mechanism is too weak");
439 case '535': $message = _("Authentication failed");
441 case '538': $message = _("Encryption required for requested authentication mechanism");
443 case '550': $message = _("Requested action not taken: mailbox unavailable");
445 case '551': $message = _("User not local; please try forwarding");
447 case '552': $message = _("Requested mail action aborted: exceeding storage allocation");
449 case '553': $message = _("Requested action not taken: mailbox name not allowed");
451 case '554': $message = _("Transaction failed");
453 default: $message = _("Unknown response");
457 $this->dlv_msg
= $message;
458 $this->dlv_server_msg
= $server_msg;
463 function authPop($pop_server='', $pop_port='', $user, $pass) {
468 $pop_server = 'localhost';
470 $popConnection = @fsockopen
($pop_server, $pop_port, $err_no, $err_str);
471 if (!$popConnection) {
472 error_log("Error connecting to POP Server ($pop_server:$pop_port)"
473 . " $err_no : $err_str");
476 $tmp = fgets($popConnection, 1024); /* banner */
477 if (substr($tmp, 0, 3) != '+OK') {
480 fputs($popConnection, "USER $user\r\n");
481 $tmp = fgets($popConnection, 1024);
482 if (substr($tmp, 0, 3) != '+OK') {
485 fputs($popConnection, 'PASS ' . $pass . "\r\n");
486 $tmp = fgets($popConnection, 1024);
487 if (substr($tmp, 0, 3) != '+OK') {
490 fputs($popConnection, "QUIT\r\n"); /* log off */
491 fclose($popConnection);
497 * Parses ESMTP EHLO response (rfc1869)
499 * Reads SMTP response to EHLO command and fills class variables
500 * (ehlo array and domain string). Returns last line.
501 * @param stream $stream smtp connection stream.
502 * @return string last ehlo line
505 function parse_ehlo_response($stream) {
506 // don't cache ehlo information
511 * ehlo mailclient.example.org
512 * 250-mail.example.org
517 * 250-AUTH LOGIN PLAIN
520 while ($line=fgets($stream, 1024)){
521 // match[1] = first symbol after 250
522 // match[2] = domain or ehlo-keyword
523 // match[3] = greeting or ehlo-param
524 // match space after keyword in ehlo-keyword CR LF
525 if (preg_match("/^250(-|\s)(\S*)\s+(\S.*)\r\n/",$line,$match)||
526 preg_match("/^250(-|\s)(\S*)\s*\r\n/",$line,$match)) {
528 // first ehlo line (250[-\ ]domain SP greeting)
529 $this->domain
= $match[2];
531 } elseif (!isset($match[3])) {
532 // simple one word extension
533 $this->ehlo
[strtoupper($match[2])]='';
534 } elseif (!preg_match("/\s/",trim($match[3]))) {
535 // extension with one option
536 // yes, I know about ctype extension. no, i don't want to depend on it
537 $this->ehlo
[strtoupper($match[2])]=trim($match[3]);
539 // ehlo-param with spaces
540 $this->ehlo
[strtoupper($match[2])]=explode(' ',trim($match[3]));
542 if ($match[1]==' ') {
543 // stop while cycle, if we reach last 250 line
548 // this is not 250 response