+# IMAP authentication type
+# Possible values: login, plain, cram-md5, digest-md5
+# Now offers to detect supported mechs, assuming server & port are set correctly
+
+sub command112a {
+ if ($use_imap_tls ne "0") {
+ # 1. Script does not handle TLS.
+ # 2. Server does not have to declare all supported authentication mechs when
+ # STARTTLS is used. Supported mechs are declared only after STARTTLS.
+ print "Auto-detection of login methods is unavailable when using TLS or STARTTLS.\n";
+ } else {
+ print "If you have already set the hostname and port number, I can try to\n";
+ print "detect the mechanisms your IMAP server supports.\n";
+ print "I will try to detect CRAM-MD5 and DIGEST-MD5 support. I can't test\n";
+ print "for \"login\" or \"plain\" without knowing a username and password.\n";
+ print "Auto-detecting is optional - you can safely say \"n\" here.\n";
+ print "\nTry to detect supported mechanisms? [y/N]: ";
+ $inval=<STDIN>;
+ chomp($inval);
+ if ($inval =~ /^y\b/i) {
+ # Yes, let's try to detect.
+ print "Trying to detect IMAP capabilities...\n";
+ my $host = $imapServerAddress . ':'. $imapPort;
+ print "CRAM-MD5:\t";
+ my $tmp = detect_auth_support('IMAP',$host,'CRAM-MD5');
+ if (defined($tmp)) {
+ if ($tmp eq 'YES') {
+ print "$WHT SUPPORTED$NRM\n";
+ } else {
+ print "$WHT NOT SUPPORTED$NRM\n";
+ }
+ } else {
+ print $WHT . " ERROR DETECTING$NRM\n";
+ }
+
+ print "DIGEST-MD5:\t";
+ $tmp = detect_auth_support('IMAP',$host,'DIGEST-MD5');
+ if (defined($tmp)) {
+ if ($tmp eq 'YES') {
+ print "$WHT SUPPORTED$NRM\n";
+ } else {
+ print "$WHT NOT SUPPORTED$NRM\n";
+ }
+ } else {
+ print $WHT . " ERROR DETECTING$NRM\n";
+ }
+
+ }
+ }
+ print "\nWhat authentication mechanism do you want to use for IMAP connections?\n\n";
+ print $WHT . "login" . $NRM . " - Plaintext. If you can do better, you probably should.\n";
+ print $WHT . "plain" . $NRM . " - SASL PLAIN. If you need this, you already know it.\n";
+ print $WHT . "cram-md5" . $NRM . " - Slightly better than plaintext methods.\n";
+ print $WHT . "digest-md5" . $NRM . " - Privacy protection - better than cram-md5.\n";
+ print "\n*** YOUR IMAP SERVER MUST SUPPORT THE MECHANISM YOU CHOOSE HERE ***\n";
+ print "If you don't understand or are unsure, you probably want \"login\"\n\n";
+ print "login, plain, cram-md5, or digest-md5 [$WHT$imap_auth_mech$NRM]: $WHT";
+ $inval=<STDIN>;
+ chomp($inval);
+ if ( ($inval =~ /^cram-md5\b/i) || ($inval =~ /^digest-md5\b/i) || ($inval =~ /^login\b/i) || ($inval =~ /^plain\b/i)) {
+ return lc($inval);
+ } else {
+ # user entered garbage or default value so nothing needs to be set
+ return $imap_auth_mech;
+ }
+}
+
+
+# SMTP authentication type
+# Possible choices: none, plain, cram-md5, digest-md5
+sub command112b {
+ if ($use_smtp_tls ne "0") {
+ print "Auto-detection of login methods is unavailable when using TLS or STARTTLS.\n";
+ } elsif (eval ("use IO::Socket; 1")) {
+ # try loading IO::Socket module
+ print "If you have already set the hostname and port number, I can try to\n";
+ print "automatically detect some of the mechanisms your SMTP server supports.\n";
+ print "Auto-detection is *optional* - you can safely say \"n\" here.\n";
+ print "\nTry to detect auth mechanisms? [y/N]: ";
+ $inval=<STDIN>;
+ chomp($inval);
+ if ($inval =~ /^y\b/i) {
+ # Yes, let's try to detect.
+ print "Trying to detect supported methods (SMTP)...\n";
+
+ # Special case!
+ # Check none by trying to relay to junk@microsoft.com
+ $host = $smtpServerAddress . ':' . $smtpPort;
+ my $sock = IO::Socket::INET->new($host);
+ print "Testing none:\t\t$WHT";
+ if (!defined($sock)) {
+ print " ERROR TESTING\n";
+ close $sock;
+ } else {
+ print $sock "HELO $domain\r\n";
+ $got = <$sock>; # Discard
+ print $sock "MAIL FROM:<tester\@squirrelmail.org>\r\n";
+ $got = <$sock>; # Discard
+ print $sock "RCPT TO:<junk\@microsoft.com\r\n";
+ $got = <$sock>; # This is the important line
+ if ($got =~ /^250\b/) { # SMTP will relay without auth
+ print "SUPPORTED$NRM\n";
+ } else {
+ print "NOT SUPPORTED$NRM\n";
+ }
+ print $sock "RSET\r\n";
+ print $sock "QUIT\r\n";
+ close $sock;
+ }
+ # Try login (SquirrelMail default)
+ print "Testing login:\t\t";
+ $tmp=detect_auth_support('SMTP',$host,'LOGIN');
+ if (defined($tmp)) {
+ if ($tmp eq 'YES') {
+ print $WHT . "SUPPORTED$NRM\n";
+ } else {
+ print $WHT . "NOT SUPPORTED$NRM\n";
+ }
+ } else {
+ print $WHT . "ERROR DETECTING$NRM\n";
+ }
+
+ # Try CRAM-MD5
+ print "Testing CRAM-MD5:\t";
+ $tmp=detect_auth_support('SMTP',$host,'CRAM-MD5');
+ if (defined($tmp)) {
+ if ($tmp eq 'YES') {
+ print $WHT . "SUPPORTED$NRM\n";
+ } else {
+ print $WHT . "NOT SUPPORTED$NRM\n";
+ }
+ } else {
+ print $WHT . "ERROR DETECTING$NRM\n";
+ }
+
+
+ print "Testing DIGEST-MD5:\t";
+ $tmp=detect_auth_support('SMTP',$host,'DIGEST-MD5');
+ if (defined($tmp)) {
+ if ($tmp eq 'YES') {
+ print $WHT . "SUPPORTED$NRM\n";
+ } else {
+ print $WHT . "NOT SUPPORTED$NRM\n";
+ }
+ } else {
+ print $WHT . "ERROR DETECTING$NRM\n";
+ }
+ }
+ }
+ print "\nWhat authentication mechanism do you want to use for SMTP connections?\n";
+ print $WHT . "none" . $NRM . " - Your SMTP server does not require authorization.\n";
+ print $WHT . "login" . $NRM . " - Plaintext. If you can do better, you probably should.\n";
+ print $WHT . "plain" . $NRM . " - SASL PLAIN. You already know it if you need this.\n";
+ print $WHT . "cram-md5" . $NRM . " - Slightly better than plaintext.\n";
+ print $WHT . "digest-md5" . $NRM . " - Privacy protection - better than cram-md5.\n";
+ print $WHT . "\n*** YOUR SMTP SERVER MUST SUPPORT THE MECHANISM YOU CHOOSE HERE ***\n" . $NRM;
+ print "If you don't understand or are unsure, you probably want \"none\"\n\n";
+ print "none, login, cram-md5, or digest-md5 [$WHT$smtp_auth_mech$NRM]: $WHT";
+ $inval=<STDIN>;
+ chomp($inval);
+ if ($inval =~ /^none\b/i) {
+ # remove sitewide smtp authentication information
+ $smtp_sitewide_user = '';
+ $smtp_sitewide_pass = '';
+ # SMTP doesn't necessarily require logins
+ return "none";
+ } elsif ( ($inval =~ /^cram-md5\b/i) || ($inval =~ /^digest-md5\b/i) ||
+ ($inval =~ /^login\b/i) || ($inval =~/^plain\b/i)) {
+ command_smtp_sitewide_userpass($inval);
+ return lc($inval);
+ } elsif (trim($inval) eq '') {
+ # user selected default value
+ command_smtp_sitewide_userpass($smtp_auth_mech);
+ return $smtp_auth_mech;
+ } else {
+ # user entered garbage
+ return $smtp_auth_mech;
+ }
+}
+
+sub command_smtp_sitewide_userpass($) {
+ # get first function argument
+ my $auth_mech = shift(@_);
+ my $default, $tmp;
+ $auth_mech = lc(trim($auth_mech));
+ if ($auth_mech eq 'none') {
+ return;
+ }
+ print "SMTP authentication uses IMAP username and password by default.\n";
+ print "\n";
+ print "Would you like to use other login and password for all SquirrelMail \n";
+ print "SMTP connections?";
+ if ($smtp_sitewide_user ne '') {
+ $default = 'y';
+ print " [Yn]:";
+ } else {
+ $default = 'n';
+ print " [yN]:";
+ }
+ $tmp=<STDIN>;
+ $tmp = trim($tmp);
+
+ if ($tmp eq '') {
+ $tmp = $default;
+ } else {
+ $tmp = lc($tmp);
+ }
+
+ if ($tmp eq 'n') {
+ $smtp_sitewide_user = '';
+ $smtp_sitewide_pass = '';
+ } elsif ($tmp eq 'y') {
+ print "Enter username [$smtp_sitewide_user]:";
+ my $new_user = <STDIN>;
+ $new_user = trim($new_user);
+ if ($new_user ne '') {
+ $smtp_sitewide_user = $new_user;
+ }
+ if ($smtp_sitewide_user ne '') {
+ print "If you don't enter any password, current sitewide password will be used.\n";
+ print "If you enter space, password will be set to empty string.\n";
+ print "Enter password:";
+ my $new_pass = <STDIN>;
+ if ($new_pass ne "\n") {
+ $smtp_sitewide_pass = trim($new_pass);
+ }
+ } else {
+ print "Invalid input. You must set username used for SMTP authentication.\n";
+ print "Click enter to continue\n";
+ $tmp = <STDIN>;
+ }
+ } else {
+ print "Invalid input\n";
+ print "Click enter to continue\n";
+ $tmp = <STDIN>;
+ }
+}
+
+# Sub adds information about SMTP authentication type to menu
+sub display_smtp_sitewide_userpass() {
+ my $ret = '';
+ if ($smtp_auth_mech ne 'none') {
+ if ($smtp_sitewide_user ne '') {
+ $ret = ' (with custom username and password)';
+ } else {
+ $ret = ' (with IMAP username and password)';
+ }
+ }
+ return $ret;
+}
+
+# TLS
+# This sub is reused for IMAP and SMTP
+# Args: service name, default value
+sub command_use_tls {
+ my($default_val,$service,$inval);
+ $service=$_[0];
+ $default_val=$_[1];
+ print "TLS (Transport Layer Security) encrypts the traffic between server and client.\n";
+ print "STARTTLS extensions allow to start encryption on existing plain text connection.\n";
+ print "These options add specific PHP and IMAP server configuration requirements.\n";
+ print "See SquirrelMail documentation about connection security.\n";
+ print "\n";
+ print "If your " . $service . " server is localhost, you can safely disable this.\n";
+ print "If it is remote, you may wish to seriously consider enabling this.\n";
+ $valid_input=0;
+ while ($valid_input eq 0) {
+ print "\nSelect connection security model:\n";
+ print " 0 - Use plain text connection\n";
+ print " 1 - Use TLS connection\n";
+ print " 2 - Use STARTTLS extension\n";
+ print "Select [$default_val]: ";
+ $inval=<STDIN>;
+ $inval=trim($inval);
+ if ($inval =~ /^[012]$/ || $inval eq '') {
+ $valid_input = 1;
+ }
+ }
+ if ($inval ne '') {$default_val = $inval};
+ return $default_val;
+}
+
+# This sub is used to display human readable text for
+# $use_imap_tls and $use_smtp_tls values in conf.pl menu
+sub display_use_tls($) {
+ my $val = shift(@_);
+ my $ret = 'disabled';
+ if ($val eq '2') {
+ $ret = 'STARTTLS';
+ } elsif ($val eq '1') {
+ $ret = 'TLS';
+ }
+ return $ret;
+}
+
+# $encode_header_key
+sub command114{
+ print "Encryption key allows to hide SquirrelMail Received: headers\n";
+ print "in outbound messages. Interface uses encryption key to encode\n";
+ print "username, remote address and proxied address, then stores encoded\n";
+ print "information in X-Squirrel-* headers.\n";
+ print "\n";
+ print "Warning: used encryption function is not bulletproof. When used\n";
+ print "with static encryption keys, it provides only minimal security\n";
+ print "measures and information can be decoded quickly.\n";
+ print "\n";
+ print "Encoded information can be decoded with decrypt_headers.php script\n";
+ print "from SquirrelMail contrib/ directory.\n";
+ print "\n";
+ print "Enter encryption key: ";
+ $new_encode_header_key = <STDIN>;
+ if ( $new_encode_header_key eq "\n" ) {
+ $new_encode_header_key = $encode_header_key;
+ } else {
+ $new_encode_header_key =~ s/[\r\n]//g;
+ }
+ return $new_encode_header_key;
+}