From 626bd43defd3413235c020676f9f2a6ac63f0970 Mon Sep 17 00:00:00 2001
From: Davide Beatrici <git@davidebeatrici.dev>
Date: Mon, 29 Nov 2021 07:10:20 +0100
Subject: [PATCH] Add support for implicit TLS, replace "smtp_sendmail_tls"
 with "smtp_type"

For reference: https://datatracker.ietf.org/doc/html/rfc8314

Please note that this only applies to the "send email" feature.

In the future we should implement it for the "fetch email" one too.
---
 config.inc.php    | 10 +++++++---
 functions.inc.php | 19 +++++++++++++------
 2 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/config.inc.php b/config.inc.php
index f5417418..e4c63286 100644
--- a/config.inc.php
+++ b/config.inc.php
@@ -167,14 +167,18 @@ $CONF['admin_name'] = 'Postmaster';
 $CONF['smtp_server'] = 'localhost';
 $CONF['smtp_port'] = '25';
 
+// The communication layer used.
+//
+// 'plain'    Everything in plain text (standard port: 25).
+// 'tls'      TLS/SSL from the very beginning (standard port: 465).
+// 'starttls' "STARTTLS" in plain text and then TLS/SSL (standard port: 587).
+$CONF['smtp_type'] = 'plain';
+
 // SMTP Client
 // Hostname (FQDN) of the server hosting Postfix Admin
 // Used in the HELO when sending emails from Postfix Admin
 $CONF['smtp_client'] = '';
 
-// Set 'YES' to use TLS when sending emails.
-$CONF['smtp_sendmail_tls'] = 'NO';
-
 // Encrypt - how passwords are stored/hashed in the database.
 //
 // See: https://github.com/postfixadmin/postfixadmin/blob/master/DOCUMENTS/HASHING.md
diff --git a/functions.inc.php b/functions.inc.php
index 9d0d9072..e8197f8b 100644
--- a/functions.inc.php
+++ b/functions.inc.php
@@ -1451,7 +1451,12 @@ function to64($v, $n)
     return $ret;
 }
 
-
+function enable_socket_crypto($fh)
+{
+    stream_set_blocking($fh, true);
+    stream_socket_enable_crypto($fh, true, STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT);
+    stream_set_blocking($fh, true);
+}
 
 /**
  * smtp_mail
@@ -1472,6 +1477,7 @@ function smtp_mail($to, $from, $data, $password = "", $body = "")
 
     $smtpd_server = $CONF['smtp_server'];
     $smtpd_port = $CONF['smtp_port'];
+    $smtpd_type = $CONF['smtp_type'];
 
     $smtp_server = php_uname('n');
     if (!empty($CONF['smtp_client'])) {
@@ -1503,15 +1509,16 @@ function smtp_mail($to, $from, $data, $password = "", $body = "")
         error_log("fsockopen failed - errno: $errno - errstr: $errstr");
         return false;
     } else {
+        if ($smtpd_type === "tls") {
+            enable_socket_crypto($fh);
+        }
+
         smtp_get_response($fh);
 
-        if (Config::bool('smtp_sendmail_tls')) {
+        if ($smtpd_type === "starttls") {
             fputs($fh, "STARTTLS\r\n");
             smtp_get_response($fh);
-
-            stream_set_blocking($fh, true);
-            stream_socket_enable_crypto($fh, true, STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT);
-            stream_set_blocking($fh, true);
+            enable_socket_crypto($fh);
         }
 
         fputs($fh, "EHLO $smtp_server\r\n");