mirror of
https://github.com/postfixadmin/postfixadmin.git
synced 2024-09-20 03:36:20 +02:00
Add support for implicit TLS, replace "smtp_sendmail_tls" with "smtp_type"
For reference: https://datatracker.ietf.org/doc/html/rfc8314 Please note that this only applies to the "send email" feature. In the future we should implement it for the "fetch email" one too.
This commit is contained in:
parent
59e33915f4
commit
626bd43def
@ -167,14 +167,18 @@ $CONF['admin_name'] = 'Postmaster';
|
|||||||
$CONF['smtp_server'] = 'localhost';
|
$CONF['smtp_server'] = 'localhost';
|
||||||
$CONF['smtp_port'] = '25';
|
$CONF['smtp_port'] = '25';
|
||||||
|
|
||||||
|
// The communication layer used.
|
||||||
|
//
|
||||||
|
// 'plain' Everything in plain text (standard port: 25).
|
||||||
|
// 'tls' TLS/SSL from the very beginning (standard port: 465).
|
||||||
|
// 'starttls' "STARTTLS" in plain text and then TLS/SSL (standard port: 587).
|
||||||
|
$CONF['smtp_type'] = 'plain';
|
||||||
|
|
||||||
// SMTP Client
|
// SMTP Client
|
||||||
// Hostname (FQDN) of the server hosting Postfix Admin
|
// Hostname (FQDN) of the server hosting Postfix Admin
|
||||||
// Used in the HELO when sending emails from Postfix Admin
|
// Used in the HELO when sending emails from Postfix Admin
|
||||||
$CONF['smtp_client'] = '';
|
$CONF['smtp_client'] = '';
|
||||||
|
|
||||||
// Set 'YES' to use TLS when sending emails.
|
|
||||||
$CONF['smtp_sendmail_tls'] = 'NO';
|
|
||||||
|
|
||||||
// Encrypt - how passwords are stored/hashed in the database.
|
// Encrypt - how passwords are stored/hashed in the database.
|
||||||
//
|
//
|
||||||
// See: https://github.com/postfixadmin/postfixadmin/blob/master/DOCUMENTS/HASHING.md
|
// See: https://github.com/postfixadmin/postfixadmin/blob/master/DOCUMENTS/HASHING.md
|
||||||
|
@ -1451,7 +1451,12 @@ function to64($v, $n)
|
|||||||
return $ret;
|
return $ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function enable_socket_crypto($fh)
|
||||||
|
{
|
||||||
|
stream_set_blocking($fh, true);
|
||||||
|
stream_socket_enable_crypto($fh, true, STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT);
|
||||||
|
stream_set_blocking($fh, true);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* smtp_mail
|
* smtp_mail
|
||||||
@ -1472,6 +1477,7 @@ function smtp_mail($to, $from, $data, $password = "", $body = "")
|
|||||||
|
|
||||||
$smtpd_server = $CONF['smtp_server'];
|
$smtpd_server = $CONF['smtp_server'];
|
||||||
$smtpd_port = $CONF['smtp_port'];
|
$smtpd_port = $CONF['smtp_port'];
|
||||||
|
$smtpd_type = $CONF['smtp_type'];
|
||||||
|
|
||||||
$smtp_server = php_uname('n');
|
$smtp_server = php_uname('n');
|
||||||
if (!empty($CONF['smtp_client'])) {
|
if (!empty($CONF['smtp_client'])) {
|
||||||
@ -1503,15 +1509,16 @@ function smtp_mail($to, $from, $data, $password = "", $body = "")
|
|||||||
error_log("fsockopen failed - errno: $errno - errstr: $errstr");
|
error_log("fsockopen failed - errno: $errno - errstr: $errstr");
|
||||||
return false;
|
return false;
|
||||||
} else {
|
} else {
|
||||||
|
if ($smtpd_type === "tls") {
|
||||||
|
enable_socket_crypto($fh);
|
||||||
|
}
|
||||||
|
|
||||||
smtp_get_response($fh);
|
smtp_get_response($fh);
|
||||||
|
|
||||||
if (Config::bool('smtp_sendmail_tls')) {
|
if ($smtpd_type === "starttls") {
|
||||||
fputs($fh, "STARTTLS\r\n");
|
fputs($fh, "STARTTLS\r\n");
|
||||||
smtp_get_response($fh);
|
smtp_get_response($fh);
|
||||||
|
enable_socket_crypto($fh);
|
||||||
stream_set_blocking($fh, true);
|
|
||||||
stream_socket_enable_crypto($fh, true, STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT);
|
|
||||||
stream_set_blocking($fh, true);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
fputs($fh, "EHLO $smtp_server\r\n");
|
fputs($fh, "EHLO $smtp_server\r\n");
|
||||||
|
Loading…
Reference in New Issue
Block a user