Add support for implicit TLS, replace "smtp_sendmail_tls" with "smtp_type"

For reference: https://datatracker.ietf.org/doc/html/rfc8314 Please note that this only applies to the "send email" feature. In the future we should implement it for the "fetch email" one too.
2024-09-19 19:22:14 +02:00 · 2021-11-29 07:10:20 +01:00 · 2021-11-29 07:10:20 +01:00 · 626bd43def
commit 626bd43def
parent 59e33915f4
2 changed files with 20 additions and 9 deletions
--- a/config.inc.php
+++ b/config.inc.php
@ -167,14 +167,18 @@ $CONF['admin_name'] = 'Postmaster';
 $CONF['smtp_server'] = 'localhost';
 $CONF['smtp_port'] = '25';

+// The communication layer used.
+//
+// 'plain'    Everything in plain text (standard port: 25).
+// 'tls'      TLS/SSL from the very beginning (standard port: 465).
+// 'starttls' "STARTTLS" in plain text and then TLS/SSL (standard port: 587).
+$CONF['smtp_type'] = 'plain';
+
 // SMTP Client
 // Hostname (FQDN) of the server hosting Postfix Admin
 // Used in the HELO when sending emails from Postfix Admin
 $CONF['smtp_client'] = '';

-// Set 'YES' to use TLS when sending emails.
-$CONF['smtp_sendmail_tls'] = 'NO';
-
 // Encrypt - how passwords are stored/hashed in the database.
 //
 // See: https://github.com/postfixadmin/postfixadmin/blob/master/DOCUMENTS/HASHING.md
--- a/functions.inc.php
+++ b/functions.inc.php
@ -1451,7 +1451,12 @@ function to64($v, $n)
    return $ret;
 }

-
+function enable_socket_crypto($fh)
+{
+    stream_set_blocking($fh, true);
+    stream_socket_enable_crypto($fh, true, STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT);
+    stream_set_blocking($fh, true);
+}

 /**
 * smtp_mail
@ -1472,6 +1477,7 @@ function smtp_mail($to, $from, $data, $password = "", $body = "")

    $smtpd_server = $CONF['smtp_server'];
    $smtpd_port = $CONF['smtp_port'];
+    $smtpd_type = $CONF['smtp_type'];

    $smtp_server = php_uname('n');
    if (!empty($CONF['smtp_client'])) {
@ -1503,15 +1509,16 @@ function smtp_mail($to, $from, $data, $password = "", $body = "")
        error_log("fsockopen failed - errno: $errno - errstr: $errstr");
        return false;
    } else {
+        if ($smtpd_type === "tls") {
+            enable_socket_crypto($fh);
+        }
+
        smtp_get_response($fh);

-        if (Config::bool('smtp_sendmail_tls')) {
+        if ($smtpd_type === "starttls") {
            fputs($fh, "STARTTLS\r\n");
            smtp_get_response($fh);
-
-            stream_set_blocking($fh, true);
-            stream_socket_enable_crypto($fh, true, STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT);
-            stream_set_blocking($fh, true);
+            enable_socket_crypto($fh);
        }

        fputs($fh, "EHLO $smtp_server\r\n");