diff options
| author | Warren Baker <warren@decoy.co.za> | 2013-09-16 15:13:29 +0200 |
|---|---|---|
| committer | Warren Baker <warren@decoy.co.za> | 2013-10-17 10:43:40 +0200 |
| commit | dd33fd4e8b3fb66f49ae8337823264ab0d13504c (patch) | |
| tree | e5a7f0b8a85ae22717f5e8ac8165f27737e984f7 /etc | |
| parent | 78b0e51e9a135804bfea307ea30c25fe16473da1 (diff) | |
| download | pfsense-dd33fd4e8b3fb66f49ae8337823264ab0d13504c.zip pfsense-dd33fd4e8b3fb66f49ae8337823264ab0d13504c.tar.gz | |
Split SSL/TLS into separate checkboxes so that plaintext connections can be made secured by using STARTTLS. Support for SMTPS connections should probably be done away with in future. Fixes #3180
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/notices.inc | 1 | ||||
| -rw-r--r-- | etc/inc/smtp.inc | 115 |
2 files changed, 67 insertions, 49 deletions
diff --git a/etc/inc/notices.inc b/etc/inc/notices.inc index ff45054..c7ae7db 100644 --- a/etc/inc/notices.inc +++ b/etc/inc/notices.inc @@ -310,6 +310,7 @@ function send_smtp_message($message, $subject = "(no subject)") { $smtp->direct_delivery = 0; $smtp->ssl = ($config['notifications']['smtp']['ssl'] == "checked") ? 1 : 0; + $smtp->tls = ($config['notifications']['smtp']['tls'] == "checked") ? 1 : 0; $smtp->debug = 0; $smtp->html_debug = 0; $smtp->localhost=$config['system']['hostname'].".".$config['system']['domain']; diff --git a/etc/inc/smtp.inc b/etc/inc/smtp.inc index d884c86..ec8a7c9 100644 --- a/etc/inc/smtp.inc +++ b/etc/inc/smtp.inc @@ -20,6 +20,7 @@ class smtp_class var $host_name=""; var $host_port=25; var $ssl=0; + var $tls=0; var $localhost=""; var $timeout=0; var $data_timeout=0; @@ -213,7 +214,7 @@ class smtp_class Function ConnectToHost($domain, $port, $resolve_message) { - if($this->ssl) + if($this->ssl || $this->tls) { $version=explode(".",function_exists("phpversion") ? phpversion() : "3.0.7"); $php_version=intval($version[0])*1000000+intval($version[1])*1000+intval($version[2]); @@ -461,62 +462,20 @@ class smtp_class socket_set_timeout($this->connection,$timeout,0); if($this->debug) $this->OutputDebug(sprintf(gettext("Connected to SMTP server \"%s\"."), $domain)); - if(!strcmp($localhost=$this->localhost,"") - && !strcmp($localhost=getenv("SERVER_NAME"),"") - && !strcmp($localhost=getenv("HOST"),"") - && !strcmp($localhost=getenv("HOSTNAME"),"") - && !strcmp($localhost=exec("/bin/hostname"),"")) - $localhost="localhost"; - $success=0; if($this->VerifyResultLines("220",$responses)>0) { - $fallback=1; - if($this->esmtp - || strlen($this->user)) - { - if($this->PutLine("EHLO $localhost")) - { - if(($success_code=$this->VerifyResultLines("250",$responses))>0) - { - $this->esmtp_host=$this->Tokenize($responses[0]," "); - for($response=1;$response<count($responses);$response++) - { - $extension=strtoupper($this->Tokenize($responses[$response]," ")); - $this->esmtp_extensions[$extension]=$this->Tokenize(""); - } - $success=1; - $fallback=0; - } - else - { - if($success_code==0) - { - $code=$this->Tokenize($this->error," -"); - switch($code) - { - case "421": - $fallback=0; - break; - } - } - } - } - else - $fallback=0; - } - if($fallback) - { - if($this->PutLine("HELO $localhost") - && $this->VerifyResultLines("250",$responses)>0) - $success=1; - } + // Send our HELLO + $success = $this->hello($this->hostname()); + if ($this->tls) + $success = $this->startTLS(); + if($success && strlen($this->user) && strlen($this->pop3_auth_host)==0) { if(!IsSet($this->esmtp_extensions["AUTH"])) { - $this->error=gettext("server does not require authentication"); + $this->error = gettext("server does not require authentication"); $success=0; } else @@ -599,6 +558,64 @@ class smtp_class return($success); } + Function hostname() { + if(!strcmp($localhost=$this->localhost,"") + && !strcmp($localhost=getenv("SERVER_NAME"),"") + && !strcmp($localhost=getenv("HOST"),"") + && !strcmp($localhost=getenv("HOSTNAME"),"") + && !strcmp($localhost=exec("/bin/hostname"),"")) + $localhost="localhost"; + + return $localhost; + } + + Function hello() + { + $success = 0; + $fallback = 1; + if ($this->esmtp || strlen($this->user)) { + if ($this->PutLine("EHLO ".$this->hostname())) { + if (($success_code = $this->VerifyResultLines("250",$responses)) > 0) { + $this->esmtp_host = $this->Tokenize($responses[0]," "); + for($response=1;$response<count($responses);$response++) { + $extension = strtoupper($this->Tokenize($responses[$response]," ")); + $this->esmtp_extensions[$extension]=$this->Tokenize(""); + } + $success = 1; + $fallback = 0; + } else { + if ($success_code == 0) { + $code = $this->Tokenize($this->error," -"); + switch($code) { + case "421": + $fallback=0; + break; + } + } + } + } else + $fallback=0; + } + + if ($fallback) { + if ($this->PutLine("HELO $localhost") && $this->VerifyResultLines("250",$responses)>0) + $success=1; + } + return $success; + } + + Function startTLS() { + if ($this->PutLine("STARTTLS") && $this->VerifyResultLines("220",$responses)>0) { + if (!stream_socket_enable_crypto($this->connection,true,STREAM_CRYPTO_METHOD_TLS_CLIENT)) { + return false; + } else { + // Resend HELO since session has been reset + return $this->hello($this->hostname); + } + } else + return false; + } + Function MailFrom($sender) { if($this->direct_delivery) |
