summaryrefslogtreecommitdiffstats
path: root/etc/inc/smtp.inc
diff options
context:
space:
mode:
authorWarren Baker <warren@decoy.co.za>2013-09-16 15:13:29 +0200
committerWarren Baker <warren@decoy.co.za>2013-09-16 15:13:29 +0200
commit1cddd59c4ed2341f87cf58d9b67d45c82ffd99d0 (patch)
tree909b7adcddf8f0960fed048870281b3e5a35c783 /etc/inc/smtp.inc
parent4f9476693bed97d4b04b4e23e766cf9971fdfd98 (diff)
downloadpfsense-1cddd59c4ed2341f87cf58d9b67d45c82ffd99d0.zip
pfsense-1cddd59c4ed2341f87cf58d9b67d45c82ffd99d0.tar.gz
Split SSL/TLS into separate checkboxes so that plaintext connections can be made secured by using STARTTLS. Support for SMTPS connections should probably be done away with in future. Fixes #3180
Diffstat (limited to 'etc/inc/smtp.inc')
-rw-r--r--etc/inc/smtp.inc115
1 files changed, 66 insertions, 49 deletions
diff --git a/etc/inc/smtp.inc b/etc/inc/smtp.inc
index d884c86..ec8a7c9 100644
--- a/etc/inc/smtp.inc
+++ b/etc/inc/smtp.inc
@@ -20,6 +20,7 @@ class smtp_class
var $host_name="";
var $host_port=25;
var $ssl=0;
+ var $tls=0;
var $localhost="";
var $timeout=0;
var $data_timeout=0;
@@ -213,7 +214,7 @@ class smtp_class
Function ConnectToHost($domain, $port, $resolve_message)
{
- if($this->ssl)
+ if($this->ssl || $this->tls)
{
$version=explode(".",function_exists("phpversion") ? phpversion() : "3.0.7");
$php_version=intval($version[0])*1000000+intval($version[1])*1000+intval($version[2]);
@@ -461,62 +462,20 @@ class smtp_class
socket_set_timeout($this->connection,$timeout,0);
if($this->debug)
$this->OutputDebug(sprintf(gettext("Connected to SMTP server \"%s\"."), $domain));
- if(!strcmp($localhost=$this->localhost,"")
- && !strcmp($localhost=getenv("SERVER_NAME"),"")
- && !strcmp($localhost=getenv("HOST"),"")
- && !strcmp($localhost=getenv("HOSTNAME"),"")
- && !strcmp($localhost=exec("/bin/hostname"),""))
- $localhost="localhost";
- $success=0;
if($this->VerifyResultLines("220",$responses)>0)
{
- $fallback=1;
- if($this->esmtp
- || strlen($this->user))
- {
- if($this->PutLine("EHLO $localhost"))
- {
- if(($success_code=$this->VerifyResultLines("250",$responses))>0)
- {
- $this->esmtp_host=$this->Tokenize($responses[0]," ");
- for($response=1;$response<count($responses);$response++)
- {
- $extension=strtoupper($this->Tokenize($responses[$response]," "));
- $this->esmtp_extensions[$extension]=$this->Tokenize("");
- }
- $success=1;
- $fallback=0;
- }
- else
- {
- if($success_code==0)
- {
- $code=$this->Tokenize($this->error," -");
- switch($code)
- {
- case "421":
- $fallback=0;
- break;
- }
- }
- }
- }
- else
- $fallback=0;
- }
- if($fallback)
- {
- if($this->PutLine("HELO $localhost")
- && $this->VerifyResultLines("250",$responses)>0)
- $success=1;
- }
+ // Send our HELLO
+ $success = $this->hello($this->hostname());
+ if ($this->tls)
+ $success = $this->startTLS();
+
if($success
&& strlen($this->user)
&& strlen($this->pop3_auth_host)==0)
{
if(!IsSet($this->esmtp_extensions["AUTH"]))
{
- $this->error=gettext("server does not require authentication");
+ $this->error = gettext("server does not require authentication");
$success=0;
}
else
@@ -599,6 +558,64 @@ class smtp_class
return($success);
}
+ Function hostname() {
+ if(!strcmp($localhost=$this->localhost,"")
+ && !strcmp($localhost=getenv("SERVER_NAME"),"")
+ && !strcmp($localhost=getenv("HOST"),"")
+ && !strcmp($localhost=getenv("HOSTNAME"),"")
+ && !strcmp($localhost=exec("/bin/hostname"),""))
+ $localhost="localhost";
+
+ return $localhost;
+ }
+
+ Function hello()
+ {
+ $success = 0;
+ $fallback = 1;
+ if ($this->esmtp || strlen($this->user)) {
+ if ($this->PutLine("EHLO ".$this->hostname())) {
+ if (($success_code = $this->VerifyResultLines("250",$responses)) > 0) {
+ $this->esmtp_host = $this->Tokenize($responses[0]," ");
+ for($response=1;$response<count($responses);$response++) {
+ $extension = strtoupper($this->Tokenize($responses[$response]," "));
+ $this->esmtp_extensions[$extension]=$this->Tokenize("");
+ }
+ $success = 1;
+ $fallback = 0;
+ } else {
+ if ($success_code == 0) {
+ $code = $this->Tokenize($this->error," -");
+ switch($code) {
+ case "421":
+ $fallback=0;
+ break;
+ }
+ }
+ }
+ } else
+ $fallback=0;
+ }
+
+ if ($fallback) {
+ if ($this->PutLine("HELO $localhost") && $this->VerifyResultLines("250",$responses)>0)
+ $success=1;
+ }
+ return $success;
+ }
+
+ Function startTLS() {
+ if ($this->PutLine("STARTTLS") && $this->VerifyResultLines("220",$responses)>0) {
+ if (!stream_socket_enable_crypto($this->connection,true,STREAM_CRYPTO_METHOD_TLS_CLIENT)) {
+ return false;
+ } else {
+ // Resend HELO since session has been reset
+ return $this->hello($this->hostname);
+ }
+ } else
+ return false;
+ }
+
Function MailFrom($sender)
{
if($this->direct_delivery)
OpenPOWER on IntegriCloud