diff options
author | Warren Baker <warren@decoy.co.za> | 2013-09-16 15:13:29 +0200 |
---|---|---|
committer | Warren Baker <warren@decoy.co.za> | 2013-09-16 15:13:29 +0200 |
commit | 1cddd59c4ed2341f87cf58d9b67d45c82ffd99d0 (patch) | |
tree | 909b7adcddf8f0960fed048870281b3e5a35c783 /etc/inc/smtp.inc | |
parent | 4f9476693bed97d4b04b4e23e766cf9971fdfd98 (diff) | |
download | pfsense-1cddd59c4ed2341f87cf58d9b67d45c82ffd99d0.zip pfsense-1cddd59c4ed2341f87cf58d9b67d45c82ffd99d0.tar.gz |
Split SSL/TLS into separate checkboxes so that plaintext connections can be made secured by using STARTTLS. Support for SMTPS connections should probably be done away with in future. Fixes #3180
Diffstat (limited to 'etc/inc/smtp.inc')
-rw-r--r-- | etc/inc/smtp.inc | 115 |
1 files changed, 66 insertions, 49 deletions
diff --git a/etc/inc/smtp.inc b/etc/inc/smtp.inc index d884c86..ec8a7c9 100644 --- a/etc/inc/smtp.inc +++ b/etc/inc/smtp.inc @@ -20,6 +20,7 @@ class smtp_class var $host_name=""; var $host_port=25; var $ssl=0; + var $tls=0; var $localhost=""; var $timeout=0; var $data_timeout=0; @@ -213,7 +214,7 @@ class smtp_class Function ConnectToHost($domain, $port, $resolve_message) { - if($this->ssl) + if($this->ssl || $this->tls) { $version=explode(".",function_exists("phpversion") ? phpversion() : "3.0.7"); $php_version=intval($version[0])*1000000+intval($version[1])*1000+intval($version[2]); @@ -461,62 +462,20 @@ class smtp_class socket_set_timeout($this->connection,$timeout,0); if($this->debug) $this->OutputDebug(sprintf(gettext("Connected to SMTP server \"%s\"."), $domain)); - if(!strcmp($localhost=$this->localhost,"") - && !strcmp($localhost=getenv("SERVER_NAME"),"") - && !strcmp($localhost=getenv("HOST"),"") - && !strcmp($localhost=getenv("HOSTNAME"),"") - && !strcmp($localhost=exec("/bin/hostname"),"")) - $localhost="localhost"; - $success=0; if($this->VerifyResultLines("220",$responses)>0) { - $fallback=1; - if($this->esmtp - || strlen($this->user)) - { - if($this->PutLine("EHLO $localhost")) - { - if(($success_code=$this->VerifyResultLines("250",$responses))>0) - { - $this->esmtp_host=$this->Tokenize($responses[0]," "); - for($response=1;$response<count($responses);$response++) - { - $extension=strtoupper($this->Tokenize($responses[$response]," ")); - $this->esmtp_extensions[$extension]=$this->Tokenize(""); - } - $success=1; - $fallback=0; - } - else - { - if($success_code==0) - { - $code=$this->Tokenize($this->error," -"); - switch($code) - { - case "421": - $fallback=0; - break; - } - } - } - } - else - $fallback=0; - } - if($fallback) - { - if($this->PutLine("HELO $localhost") - && $this->VerifyResultLines("250",$responses)>0) - $success=1; - } + // Send our HELLO + $success = $this->hello($this->hostname()); + if ($this->tls) + $success = $this->startTLS(); + if($success && strlen($this->user) && strlen($this->pop3_auth_host)==0) { if(!IsSet($this->esmtp_extensions["AUTH"])) { - $this->error=gettext("server does not require authentication"); + $this->error = gettext("server does not require authentication"); $success=0; } else @@ -599,6 +558,64 @@ class smtp_class return($success); } + Function hostname() { + if(!strcmp($localhost=$this->localhost,"") + && !strcmp($localhost=getenv("SERVER_NAME"),"") + && !strcmp($localhost=getenv("HOST"),"") + && !strcmp($localhost=getenv("HOSTNAME"),"") + && !strcmp($localhost=exec("/bin/hostname"),"")) + $localhost="localhost"; + + return $localhost; + } + + Function hello() + { + $success = 0; + $fallback = 1; + if ($this->esmtp || strlen($this->user)) { + if ($this->PutLine("EHLO ".$this->hostname())) { + if (($success_code = $this->VerifyResultLines("250",$responses)) > 0) { + $this->esmtp_host = $this->Tokenize($responses[0]," "); + for($response=1;$response<count($responses);$response++) { + $extension = strtoupper($this->Tokenize($responses[$response]," ")); + $this->esmtp_extensions[$extension]=$this->Tokenize(""); + } + $success = 1; + $fallback = 0; + } else { + if ($success_code == 0) { + $code = $this->Tokenize($this->error," -"); + switch($code) { + case "421": + $fallback=0; + break; + } + } + } + } else + $fallback=0; + } + + if ($fallback) { + if ($this->PutLine("HELO $localhost") && $this->VerifyResultLines("250",$responses)>0) + $success=1; + } + return $success; + } + + Function startTLS() { + if ($this->PutLine("STARTTLS") && $this->VerifyResultLines("220",$responses)>0) { + if (!stream_socket_enable_crypto($this->connection,true,STREAM_CRYPTO_METHOD_TLS_CLIENT)) { + return false; + } else { + // Resend HELO since session has been reset + return $this->hello($this->hostname); + } + } else + return false; + } + Function MailFrom($sender) { if($this->direct_delivery) |