-
- function initStream($message, $domain, $length=0, $host='', $port='', $user='', $pass='', $authpop=false) {
- global $use_smtp_tls,$smtp_auth_mech,$username,$key,$onetimepad;
-
- if ($authpop) {
- $this->authPop($host, '', $username, $pass);
- }
-
- $rfc822_header = $message->rfc822_header;
- $from = $rfc822_header->from[0];
- $to = $rfc822_header->to;
- $cc = $rfc822_header->cc;
- $bcc = $rfc822_header->bcc;
-
- if (($use_smtp_tls == true) and (check_php_version(4,3)) and (extension_loaded('openssl'))) {
- $stream = fsockopen('tls://' . $host, $port, $errorNumber, $errorString);
- } else {
- $stream = fsockopen($host, $port, $errorNumber, $errorString);
- }
-
- if (!$stream) {
- $this->dlv_msg = $errorString;
- $this->dlv_ret_nr = $errorNumber;
- return(0);
- }
- $tmp = fgets($stream, 1024);
- if ($this->errorCheck($tmp, $stream)) {
- return(0);
- }
-
- /* Lets introduce ourselves */
- if (( $smtp_auth_mech == 'cram-md5') or ( $smtp_auth_mech == 'digest-md5' )) {
- // Doing some form of non-plain auth
- fputs($stream, "EHLO $domain\r\n");
- $tmp = fgets($stream,1024);
- if ($this->errorCheck($tmp,$stream)) {
- return(0);
- }
- if ($smtp_auth_mech == 'cram-md5') {
- fputs($stream, "AUTH CRAM-MD5\r\n");
- } elseif ($smtp_auth_mech == 'digest-md5') {
- fputs($stream, "AUTH DIGEST-MD5\r\n");
- }
- $tmp = fgets($stream,1024);
-
- if ($this->errorCheck($tmp,$stream)) {
- return(0);
- }
-
- // At this point, $tmp should hold "334 <challenge string>"
- $chall = substr($tmp,4);
- // Depending on mechanism, generate response string
- if ($smtp_auth_mech == 'cram-md5') {
- $response = cram_md5_response($username,$pass,$chall);
- } elseif ($smtp_auth_mech == 'digest-md5') {
- $response = digest_md5_response($username,$pass,$chall,'smtp',$host);
- }
- fputs($stream, $response);
-
- // Let's see what the server had to say about that
- $tmp = fgets($stream,1024);
- if ($this->errorCheck($tmp,$stream)) {
- return(0);
- }
-
- // CRAM-MD5 is done at this point. If DIGEST-MD5, there's a bit more to go
- if ($smtp_auth_mech == 'digest-md5')
- {
- // $tmp contains rspauth, but I don't store that yet. (No need yet)
- fputs($stream,"\r\n");
- $tmp = fgets($stream,1024);
-
- if ($this->errorCheck($tmp,$stream)) {
- return(0);
- }
- }
- // CRAM-MD5 and DIGEST-MD5 code ends here
- } elseif ($smtp_auth_mech == 'none') {
- // No auth at all, just send helo and then send the mail
- fputs($stream, "HELO $domain\r\n");
- $tmp = fgets($stream, 1024);
- if ($this->errorCheck($tmp, $stream)) {
- return(0);
- }
- } elseif ($smtp_auth_mech == 'plain') {
- // The plain LOGIN method
- fputs($stream, "EHLO $domain\r\n");
- $tmp = fgets($stream, 1024);
- if ($this->errorCheck($tmp, $stream)) {
- return(0);
- }
- fputs($stream, "AUTH LOGIN\r\n");
- $tmp = fgets($stream, 1024);
-
- if ($this->errorCheck($tmp, $stream)) {
- return(0);
- }
- fputs($stream, base64_encode ($username) . "\r\n");
- $tmp = fgets($stream, 1024);
- if ($this->errorCheck($tmp, $stream)) {
- return(0);
- }
-
- fputs($stream, base64_encode($pass) . "\r\n");
- $tmp = fgets($stream, 1024);
- if ($this->errorCheck($tmp, $stream)) {
- return(0);
- }
- }
-
- /* Ok, who is sending the message? */
- fputs($stream, 'MAIL FROM: <'.$from->mailbox.'@'.$from->host.">\r\n");
+
+ function initStream($message, $domain, $length=0, $host='', $port='', $user='', $pass='', $authpop=false, $pop_host='') {
+ global $use_smtp_tls,$smtp_auth_mech;
+
+ if ($authpop) {
+ $this->authPop($pop_host, '', $user, $pass);
+ }
+
+ $rfc822_header = $message->rfc822_header;
+
+ $from = $rfc822_header->from[0];
+ $to = $rfc822_header->to;
+ $cc = $rfc822_header->cc;
+ $bcc = $rfc822_header->bcc;
+ $content_type = $rfc822_header->content_type;
+
+ // MAIL FROM: <from address> MUST be empty in cae of MDN (RFC2298)
+ if ($content_type->type0 == 'multipart' &&
+ $content_type->type1 == 'report' &&
+ isset($content_type->properties['report-type']) &&
+ $content_type->properties['report-type']=='disposition-notification') {
+ // reinitialize the from object because otherwise the from header somehow
+ // is affected. This $from var is used for smtp command MAIL FROM which
+ // is not the same as what we put in the rfc822 header.
+ $from = new AddressStructure();
+ $from->host = '';
+ $from->mailbox = '';
+ }
+
+ if ($use_smtp_tls == 1) {
+ if ((check_php_version(4,3)) && (extension_loaded('openssl'))) {
+ $stream = @fsockopen('tls://' . $host, $port, $errorNumber, $errorString);
+ $this->tls_enabled = true;
+ } else {
+ /**
+ * don't connect to server when user asks for smtps and
+ * PHP does not support it.
+ */
+ $errorNumber = '';
+ $errorString = _("Secure SMTP (TLS) is enabled in SquirrelMail configuration, but used PHP version does not support it.");
+ }
+ } else {
+ $stream = @fsockopen($host, $port, $errorNumber, $errorString);
+ }
+
+ if (!$stream) {
+ // reset tls state var to default value, if connection fails
+ $this->tls_enabled = false;
+ // set error messages
+ $this->dlv_msg = $errorString;
+ $this->dlv_ret_nr = $errorNumber;
+ $this->dlv_server_msg = _("Can't open SMTP stream.");
+ return(0);
+ }
+ // get server greeting
+ $tmp = fgets($stream, 1024);
+ if ($this->errorCheck($tmp, $stream)) {
+ return(0);
+ }
+
+ /*
+ * If $_SERVER['HTTP_HOST'] is set, use that in our HELO to the SMTP
+ * server. This should fix the DNS issues some people have had
+ */
+ if (sqgetGlobalVar('HTTP_HOST', $HTTP_HOST, SQ_SERVER)) { // HTTP_HOST is set
+ // optionally trim off port number
+ if($p = strrpos($HTTP_HOST, ':')) {
+ $HTTP_HOST = substr($HTTP_HOST, 0, $p);
+ }
+ $helohost = $HTTP_HOST;
+ } else { // For some reason, HTTP_HOST is not set - revert to old behavior
+ $helohost = $domain;
+ }
+
+ // if the host is an IPv4 address, enclose it in brackets
+ //
+ if (preg_match('/^\d+\.\d+\.\d+\.\d+$/', $helohost))
+ $helohost = '[' . $helohost . ']';
+
+ /* Lets introduce ourselves */
+ fputs($stream, "EHLO $helohost\r\n");
+ // Read ehlo response
+ $tmp = $this->parse_ehlo_response($stream);
+ if ($this->errorCheck($tmp,$stream)) {
+ // fall back to HELO if EHLO is not supported (error 5xx)
+ if ($this->dlv_ret_nr{0} == '5') {
+ fputs($stream, "HELO $helohost\r\n");
+ $tmp = fgets($stream,1024);
+ if ($this->errorCheck($tmp,$stream)) {
+ return(0);
+ }
+ } else {
+ return(0);
+ }
+ }
+
+ /**
+ * Implementing SMTP STARTTLS (rfc2487) in php 5.1.0+
+ * http://www.php.net/stream-socket-enable-crypto
+ */
+ if ($use_smtp_tls === 2) {
+ if (function_exists('stream_socket_enable_crypto')) {
+ // don't try starting tls, when client thinks that it is already active
+ if ($this->tls_enabled) {
+ $this->dlv_msg = _("TLS session is already activated.");
+ return 0;
+ } elseif (!array_key_exists('STARTTLS',$this->ehlo)) {
+ // check for starttls in ehlo response
+ $this->dlv_msg = _("SMTP STARTTLS is enabled in SquirrelMail configuration, but used SMTP server does not support it");
+ return 0;
+ }
+
+ // issue starttls command
+ fputs($stream, "STARTTLS\r\n");
+ // get response
+ $tmp = fgets($stream,1024);
+ if ($this->errorCheck($tmp,$stream)) {
+ return 0;
+ }
+
+ // start crypto on connection. suppress function errors.
+ if (@stream_socket_enable_crypto($stream,true,STREAM_CRYPTO_METHOD_TLS_CLIENT)) {
+ // starttls was successful (rfc2487 5.2 Result of the STARTTLS Command)
+ // get new EHLO response
+ fputs($stream, "EHLO $helohost\r\n");
+ // Read ehlo response
+ $tmp = $this->parse_ehlo_response($stream);
+ if ($this->errorCheck($tmp,$stream)) {
+ // don't revert to helo here. server must support ESMTP
+ return 0;
+ }
+ // set information about started tls
+ $this->tls_enabled = true;
+ } else {
+ /**
+ * stream_socket_enable_crypto() call failed.
+ */
+ $this->dlv_msg = _("Unable to start TLS.");
+ return 0;
+ // Bug: can't get error message. See comments in sqimap_create_stream().
+ }
+ } else {
+ // php install does not support stream_socket_enable_crypto() function
+ $this->dlv_msg = _("SMTP STARTTLS is enabled in SquirrelMail configuration, but used PHP version does not support functions that allow to enable encryption on open socket.");
+ return 0;
+ }
+ }
+
+ // FIXME: check ehlo response before using authentication
+
+ // Try authentication by a plugin
+ //
+ // NOTE: there is another hook in functions/auth.php called "smtp_auth"
+ // that allows a plugin to specify a different set of login credentials
+ // (so is slightly mis-named, but is too old to change), so be careful
+ // that you do not confuse your hook names.
+ //
+ $smtp_auth_args = array(
+ 'auth_mech' => $smtp_auth_mech,
+ 'user' => $user,
+ 'pass' => $pass,
+ 'host' => $host,
+ 'port' => $port,
+ 'stream' => $stream,
+ );
+ if (boolean_hook_function('smtp_authenticate', $smtp_auth_args, 1)) {
+ // authentication succeeded
+ } else if (( $smtp_auth_mech == 'cram-md5') or ( $smtp_auth_mech == 'digest-md5' )) {
+ // Doing some form of non-plain auth
+ if ($smtp_auth_mech == 'cram-md5') {
+ fputs($stream, "AUTH CRAM-MD5\r\n");
+ } elseif ($smtp_auth_mech == 'digest-md5') {
+ fputs($stream, "AUTH DIGEST-MD5\r\n");
+ }
+
+ $tmp = fgets($stream,1024);
+
+ if ($this->errorCheck($tmp,$stream)) {
+ return(0);
+ }
+
+ // At this point, $tmp should hold "334 <challenge string>"
+ $chall = substr($tmp,4);
+ // Depending on mechanism, generate response string
+ if ($smtp_auth_mech == 'cram-md5') {
+ $response = cram_md5_response($user,$pass,$chall);
+ } elseif ($smtp_auth_mech == 'digest-md5') {
+ $response = digest_md5_response($user,$pass,$chall,'smtp',$host);
+ }
+ fputs($stream, $response);
+
+ // Let's see what the server had to say about that
+ $tmp = fgets($stream,1024);
+ if ($this->errorCheck($tmp,$stream)) {
+ return(0);
+ }
+
+ // CRAM-MD5 is done at this point. If DIGEST-MD5, there's a bit more to go
+ if ($smtp_auth_mech == 'digest-md5') {
+ // $tmp contains rspauth, but I don't store that yet. (No need yet)
+ fputs($stream,"\r\n");
+ $tmp = fgets($stream,1024);
+
+ if ($this->errorCheck($tmp,$stream)) {
+ return(0);
+ }
+ }
+ // CRAM-MD5 and DIGEST-MD5 code ends here
+ } elseif ($smtp_auth_mech == 'none') {
+ // No auth at all, just send helo and then send the mail
+ // We already said hi earlier, nothing more is needed.
+ } elseif ($smtp_auth_mech == 'login') {
+ // The LOGIN method
+ fputs($stream, "AUTH LOGIN\r\n");
+ $tmp = fgets($stream, 1024);
+
+ if ($this->errorCheck($tmp, $stream)) {
+ return(0);
+ }
+ fputs($stream, base64_encode ($user) . "\r\n");
+ $tmp = fgets($stream, 1024);
+ if ($this->errorCheck($tmp, $stream)) {
+ return(0);
+ }
+
+ fputs($stream, base64_encode($pass) . "\r\n");
+ $tmp = fgets($stream, 1024);
+ if ($this->errorCheck($tmp, $stream)) {
+ return(0);
+ }
+ } elseif ($smtp_auth_mech == "plain") {
+ /* SASL Plain */
+ $auth = base64_encode("$user\0$user\0$pass");
+
+ $query = "AUTH PLAIN\r\n";
+ fputs($stream, $query);
+ $read=fgets($stream, 1024);
+
+ if (substr($read,0,3) == '334') { // OK so far..
+ fputs($stream, "$auth\r\n");
+ $read = fgets($stream, 1024);
+ }
+
+ $results=explode(" ",$read,3);
+ $response=$results[1];
+ $message=$results[2];
+ } else {
+ /* Right here, they've reached an unsupported auth mechanism.
+ This is the ugliest hack I've ever done, but it'll do till I can fix
+ things up better tomorrow. So tired... */
+ if ($this->errorCheck("535 Unable to use this auth type",$stream)) {
+ return(0);
+ }
+ }
+
+ /* Ok, who is sending the message? */
+ $fromaddress = (strlen($from->mailbox) && $from->host) ?
+ $from->mailbox.'@'.$from->host : '';
+ fputs($stream, 'MAIL FROM:<'.$fromaddress.">\r\n");