*
* SMTP delivery backend for the Deliver class.
*
- * @copyright © 1999-2009 The SquirrelMail Project Team
+ * @copyright 1999-2017 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
}
}
- function initStream($message, $domain, $length=0, $host='', $port='', $user='', $pass='', $authpop=false, $pop_host='') {
+ function initStream($message, $domain, $length=0, $host='', $port='', $user='', $pass='', $authpop=false, $pop_host='', $stream_options=array()) {
global $use_smtp_tls,$smtp_auth_mech;
if ($authpop) {
$from->mailbox = '';
}
+ // NB: Using "ssl://" ensures the highest possible TLS version
+ // will be negotiated with the server (whereas "tls://" only
+ // uses TLS version 1.0)
+ //
if ($use_smtp_tls == 1) {
if ((check_php_version(4,3)) && (extension_loaded('openssl'))) {
- $stream = @fsockopen('tls://' . $host, $port, $errorNumber, $errorString);
+ if (function_exists('stream_socket_client')) {
+ $server_address = 'ssl://' . $host . ':' . $port;
+ $ssl_context = @stream_context_create($stream_options);
+ $connect_timeout = ini_get('default_socket_timeout');
+ // null timeout is broken
+ if ($connect_timeout == 0)
+ $connect_timeout = 30;
+ $stream = @stream_socket_client($server_address, $errorNumber, $errorString, $connect_timeout, STREAM_CLIENT_CONNECT, $ssl_context);
+ } else {
+ $stream = @fsockopen('ssl://' . $host, $port, $errorNumber, $errorString);
+ }
$this->tls_enabled = true;
} else {
/**
// if the host is an IPv4 address, enclose it in brackets
//
- if (preg_match('/\d+\.\d+\.\d+\.\d+/', $helohost))
+ if (preg_match('/^\d+\.\d+\.\d+\.\d+$/', $helohost))
$helohost = '[' . $helohost . ']';
+ $hook_result = do_hook('smtp_helo_override', $helohost);
+ if (!empty($hook_result)) $helohost = $hook_result;
+
/* Lets introduce ourselves */
fputs($stream, "EHLO $helohost\r\n");
// Read ehlo response
}
// FIXME: check ehlo response before using authentication
- if (( $smtp_auth_mech == 'cram-md5') or ( $smtp_auth_mech == 'digest-md5' )) {
+
+ // Try authentication by a plugin
+ //
+ // NOTE: there is another hook in functions/auth.php called "smtp_auth"
+ // that allows a plugin to specify a different set of login credentials
+ // (so is slightly mis-named, but is too old to change), so be careful
+ // that you do not confuse your hook names.
+ //
+ $smtp_auth_args = array(
+ 'auth_mech' => $smtp_auth_mech,
+ 'user' => $user,
+ 'pass' => $pass,
+ 'host' => $host,
+ 'port' => $port,
+ 'stream' => $stream,
+ );
+ if (boolean_hook_function('smtp_authenticate', $smtp_auth_args, 1)) {
+ // authentication succeeded
+ } else if (( $smtp_auth_mech == 'cram-md5') or ( $smtp_auth_mech == 'digest-md5' )) {
// Doing some form of non-plain auth
if ($smtp_auth_mech == 'cram-md5') {
fputs($stream, "AUTH CRAM-MD5\r\n");
projects / squirrelmail.git / blobdiff