Securing SMTP Transport

Reading Mail Messages

Zend_Mail can read mail messages from several local or remote mail storages. All of them have the same basic API to count and fetch messages and some of them implement additional interfaces for not so common features. For a feature overview of the implemented storages, see the following table.

Mail Read Feature Overview
Feature Mbox Maildir Pop3 IMAP
Storage type local local remote remote
Fetch message Yes Yes Yes Yes
Fetch MIME-part emulated emulated emulated emulated
Folders Yes Yes No Yes
Create message/folder No todo No todo
Flags No Yes No Yes
Quota No Yes No No

Simple example using Pop3

  1. $mail = new Zend_Mail_Storage_Pop3(array('host'     => 'localhost',
  2.                                          'user'     => 'test',
  3.                                          'password' => 'test'));
  4.  
  5. echo $mail->countMessages() . " messages found\n";
  6. foreach ($mail as $message) {
  7.     echo "Mail from '{$message->from}': {$message->subject}\n";
  8. }

Opening a local storage

Mbox and Maildir are the two supported formats for local mail storages, both in their most simple formats.

If you want to read from a Mbox file you only need to give the filename to the constructor of Zend_Mail_Storage_Mbox:

  1. $mail = new Zend_Mail_Storage_Mbox(array('filename' =>
  2.                                              '/home/test/mail/inbox'));

Maildir is very similar but needs a dirname:

  1. $mail = new Zend_Mail_Storage_Maildir(array('dirname' =>
  2.                                                 '/home/test/mail/'));

Both constructors throw a Zend_Mail_Exception if the storage can't be read.

Opening a remote storage

For remote storages the two most popular protocols are supported: Pop3 and Imap. Both need at least a host and a user to connect and login. The default password is an empty string, the default port as given in the protocol RFC.

  1. // connecting with Pop3
  2. $mail = new Zend_Mail_Storage_Pop3(array('host'     => 'example.com',
  3.                                          'user'     => 'test',
  4.                                          'password' => 'test'));
  5.  
  6. // connecting with Imap
  7. $mail = new Zend_Mail_Storage_Imap(array('host'     => 'example.com',
  8.                                          'user'     => 'test',
  9.                                          'password' => 'test'));
  10.  
  11. // example for a none standard port
  12. $mail = new Zend_Mail_Storage_Pop3(array('host'     => 'example.com',
  13.                                          'port'     => 1120
  14.                                          'user'     => 'test',
  15.                                          'password' => 'test'));

For both storages SSL and TLS are supported. If you use SSL the default port changes as given in the RFC.

  1. // examples for Zend_Mail_Storage_Pop3, same works for Zend_Mail_Storage_Imap
  2.  
  3. // use SSL on different port (default is 995 for Pop3 and 993 for Imap)
  4. $mail = new Zend_Mail_Storage_Pop3(array('host'     => 'example.com',
  5.                                          'user'     => 'test',
  6.                                          'password' => 'test',
  7.                                          'ssl'      => 'SSL'));
  8.  
  9. // use TLS
  10. $mail = new Zend_Mail_Storage_Pop3(array('host'     => 'example.com',
  11.                                          'user'     => 'test',
  12.                                          'password' => 'test',
  13.                                          'ssl'      => 'TLS'));

Both constructors can throw Zend_Mail_Exception or Zend_Mail_Protocol_Exception (extends Zend_Mail_Exception), depending on the type of error.

Fetching messages and simple methods

Messages can be fetched after you've opened the storage . You need the message number, which is a counter starting with 1 for the first message. To fetch the message, you use the method getMessage():

  1. $message = $mail->getMessage($messageNum);

Array access is also supported, but this access method won't supported any additional parameters that could be added to getMessage(). As long as you don't mind, and can live with the default values, you may use:

  1. $message = $mail[$messageNum];

For iterating over all messages the Iterator interface is implemented:

  1. foreach ($mail as $messageNum => $message) {
  2.     // do stuff ...
  3. }

To count the messages in the storage, you can either use the method countMessages() or use array access:

  1. // method
  2. $maxMessage = $mail->countMessages();
  3.  
  4. // array access
  5. $maxMessage = count($mail);

To remove a mail, you use the method removeMessage() or again array access:

  1. // method
  2. $mail->removeMessage($messageNum);
  3.  
  4. // array access
  5. unset($mail[$messageNum]);

Working with messages

After you fetch the messages with getMessage() you want to fetch headers, the content or single parts of a multipart message. All headers can be accessed via properties or the method getHeader() if you want more control or have unusual header names. The header names are lower-cased internally, thus the case of the header name in the mail message doesn't matter. Also headers with a dash can be written in camel-case. If no header is found for both notations an exception is thrown. To encounter this the method headerExists() can be used to check the existence of a header.

  1. // get the message object
  2. $message = $mail->getMessage(1);
  3.  
  4. // output subject of message
  5. echo $message->subject . "\n";
  6.  
  7. // get content-type header
  8. $type = $message->contentType;
  9.  
  10. // check if CC isset:
  11. if( isset($message->cc) ) { // or $message->headerExists('cc');
  12.     $cc = $message->cc;
  13. }

If you have multiple headers with the same name- i.e. the Received headers- you might want an array instead of a string. In this case, use the getHeader() method.

  1. // get header as property - the result is always a string,
  2. // with new lines between the single occurrences in the message
  3. $received = $message->received;
  4.  
  5. // the same via getHeader() method
  6. $received = $message->getHeader('received', 'string');
  7.  
  8. // better an array with a single entry for every occurrences
  9. $received = $message->getHeader('received', 'array');
  10. foreach ($received as $line) {
  11.     // do stuff
  12. }
  13.  
  14. // if you don't define a format you'll get the internal representation
  15. // (string for single headers, array for multiple)
  16. $received = $message->getHeader('received');
  17. if (is_string($received)) {
  18.     // only one received header found in message
  19. }

The method getHeaders() returns all headers as array with the lower-cased name as key and the value as and array for multiple headers or as string for single headers.

  1. // dump all headers
  2. foreach ($message->getHeaders() as $name => $value) {
  3.     if (is_string($value)) {
  4.         echo "$name: $value\n";
  5.         continue;
  6.     }
  7.     foreach ($value as $entry) {
  8.         echo "$name: $entry\n";
  9.     }
  10. }

If you don't have a multipart message, fetching the content is easily done via getContent(). Unlike the headers, the content is only fetched when needed (aka late-fetch).

  1. // output message content for HTML
  2. echo '<pre>';
  3. echo $message->getContent();
  4. echo '</pre>';

Checking for multipart messages is done with the method isMultipart(). If you have multipart message you can get an instance of Zend_Mail_Part with the method getPart(). Zend_Mail_Part is the base class of Zend_Mail_Message, so you have the same methods: getHeader(), getHeaders(), getContent(), getPart(), isMultipart() and the properties for headers.

  1. // get the first none multipart part
  2. $part = $message;
  3. while ($part->isMultipart()) {
  4.     $part = $message->getPart(1);
  5. }
  6. echo 'Type of this part is ' . strtok($part->contentType, ';') . "\n";
  7. echo "Content:\n";
  8. echo $part->getContent();

Zend_Mail_Part also implements RecursiveIterator, which makes it easy to scan through all parts. And for easy output, it also implements the magic method __toString(), which returns the content.

  1. // output first text/plain part
  2. $foundPart = null;
  3. foreach (new RecursiveIteratorIterator($mail->getMessage(1)) as $part) {
  4.     try {
  5.         if (strtok($part->contentType, ';') == 'text/plain') {
  6.             $foundPart = $part;
  7.             break;
  8.         }
  9.     } catch (Zend_Mail_Exception $e) {
  10.         // ignore
  11.     }
  12. }
  13. if (!$foundPart) {
  14.     echo 'no plain text part found';
  15. } else {
  16.     echo "plain text part: \n" . $foundPart;
  17. }

Checking for flags

Maildir and IMAP support storing flags. The class Zend_Mail_Storage has constants for all known maildir and IMAP system flags, named Zend_Mail_Storage::FLAG_<flagname>. To check for flags Zend_Mail_Message has a method called hasFlag(). With getFlags() you'll get all set flags.

  1. // find unread messages
  2. echo "Unread mails:\n";
  3. foreach ($mail as $message) {
  4.     if ($message->hasFlag(Zend_Mail_Storage::FLAG_SEEN)) {
  5.         continue;
  6.     }
  7.     // mark recent/new mails
  8.     if ($message->hasFlag(Zend_Mail_Storage::FLAG_RECENT)) {
  9.         echo '! ';
  10.     } else {
  11.         echo '  ';
  12.     }
  13.     echo $message->subject . "\n";
  14. }
  15.  
  16. // check for known flags
  17. $flags = $message->getFlags();
  18. echo "Message is flagged as: ";
  19. foreach ($flags as $flag) {
  20.     switch ($flag) {
  21.         case Zend_Mail_Storage::FLAG_ANSWERED:
  22.             echo 'Answered ';
  23.             break;
  24.         case Zend_Mail_Storage::FLAG_FLAGGED:
  25.             echo 'Flagged ';
  26.             break;
  27.  
  28.         // ...
  29.         // check for other flags
  30.         // ...
  31.  
  32.         default:
  33.             echo $flag . '(unknown flag) ';
  34.     }
  35. }

As IMAP allows user or client defined flags, you could get flags that don't have a constant in Zend_Mail_Storage. Instead, they are returned as strings and can be checked the same way with hasFlag().

  1. // check message for client defined flags $IsSpam, $SpamTested
  2. if (!$message->hasFlag('$SpamTested')) {
  3.     echo 'message has not been tested for spam';
  4. } else if ($message->hasFlag('$IsSpam')) {
  5.     echo 'this message is spam';
  6. } else {
  7.     echo 'this message is ham';
  8. }

Using folders

All storages, except Pop3, support folders, also called mailboxes. The interface implemented by all storages supporting folders is called Zend_Mail_Storage_Folder_Interface. Also all of these classes have an additional optional parameter called folder, which is the folder selected after login, in the constructor.

For the local storages you need to use separate classes called Zend_Mail_Storage_Folder_Mbox or Zend_Mail_Storage_Folder_Maildir. Both need one parameter called dirname with the name of the base dir. The format for maildir is as defined in maildir++ (with a dot as default delimiter), Mbox is a directory hierarchy with Mbox files. If you don't have a Mbox file called INBOX in your Mbox base dir you need to set another folder in the constructor.

Zend_Mail_Storage_Imap already supports folders by default. Examples for opening these storages:

  1. // mbox with folders
  2. $mail = new Zend_Mail_Storage_Folder_Mbox(array('dirname' =>
  3.                                                     '/home/test/mail/'));
  4.  
  5. // mbox with a default folder not called INBOX, also works
  6. // with Zend_Mail_Storage_Folder_Maildir and Zend_Mail_Storage_Imap
  7. $mail = new Zend_Mail_Storage_Folder_Mbox(array('dirname' =>
  8.                                                     '/home/test/mail/',
  9.                                                 'folder'  =>
  10.                                                     'Archive'));
  11.  
  12. // maildir with folders
  13. $mail = new Zend_Mail_Storage_Folder_Maildir(array('dirname' =>
  14.                                                        '/home/test/mail/'));
  15.  
  16. // maildir with colon as delimiter, as suggested in Maildir++
  17. $mail = new Zend_Mail_Storage_Folder_Maildir(array('dirname' =>
  18.                                                        '/home/test/mail/',
  19.                                                    'delim'   => ':'));
  20.  
  21. // imap is the same with and without folders
  22. $mail = new Zend_Mail_Storage_Imap(array('host'     => 'example.com',
  23.                                          'user'     => 'test',
  24.                                          'password' => 'test'));

With the method getFolders($root = null) you can get the folder hierarchy starting with the root folder or the given folder. It's returned as an instance of Zend_Mail_Storage_Folder, which implements RecursiveIterator and all children are also instances of Zend_Mail_Storage_Folder. Each of these instances has a local and a global name returned by the methods getLocalName() and getGlobalName(). The global name is the absolute name from the root folder (including delimiters), the local name is the name in the parent folder.

Mail Folder Names
Global Name Local Name
/INBOX INBOX
/Archive/2005 2005
List.ZF.General General

If you use the iterator, the key of the current element is the local name. The global name is also returned by the magic method __toString(). Some folders may not be selectable, which means they can't store messages and selecting them results in an error. This can be checked with the method isSelectable(). So it's very easy to output the whole tree in a view:

  1. $folders = new RecursiveIteratorIterator($this->mail->getFolders(),
  2.                                          RecursiveIteratorIterator::SELF_FIRST);
  3. echo '<select name="folder">';
  4. foreach ($folders as $localName => $folder) {
  5.     $localName = str_pad('', $folders->getDepth(), '-', STR_PAD_LEFT) .
  6.                  $localName;
  7.     echo '<option';
  8.     if (!$folder->isSelectable()) {
  9.         echo ' disabled="disabled"';
  10.     }
  11.     echo ' value="' . htmlspecialchars($folder) . '">'
  12.         . htmlspecialchars($localName) . '</option>';
  13. }
  14. echo '</select>';

The current selected folder is returned by the method getCurrentFolder(). Changing the folder is done with the method selectFolder(), which needs the global name as parameter. If you want to avoid to write delimiters you can also use the properties of a Zend_Mail_Storage_Folder instance:

  1. // depending on your mail storage and its settings $rootFolder->Archive->2005
  2. // is the same as:
  3. //   /Archive/2005
  4. //  Archive:2005
  5. //  INBOX.Archive.2005
  6. //  ...
  7. $folder = $mail->getFolders()->Archive->2005;
  8. echo 'Last folder was '
  9.    . $mail->getCurrentFolder()
  10.    . "new folder is $folder\n";
  11. $mail->selectFolder($folder);

Advanced Use

Using NOOP

If you're using a remote storage and have some long tasks you might need to keep the connection alive via noop:

  1. foreach ($mail as $message) {
  2.  
  3.     // do some calculations ...
  4.  
  5.     $mail->noop(); // keep alive
  6.  
  7.     // do something else ...
  8.  
  9.     $mail->noop(); // keep alive
  10. }

Caching instances

Zend_Mail_Storage_Mbox, Zend_Mail_Storage_Folder_Mbox, Zend_Mail_Storage_Maildir and Zend_Mail_Storage_Folder_Maildir implement the magic methods __sleep() and __wakeup(), which means they are serializable. This avoids parsing the files or directory tree more than once. The disadvantage is that your Mbox or Maildir storage should not change. Some easy checks may be done, like reparsing the current Mbox file if the modification time changes, or reparsing the folder structure if a folder has vanished (which still results in an error, but you can search for another folder afterwards). It's better if you have something like a signal file for changes and check it before using the cached instance.

  1. // there's no specific cache handler/class used here,
  2. // change the code to match your cache handler
  3. $signal_file = '/home/test/.mail.last_change';
  4. $mbox_basedir = '/home/test/mail/';
  5. $cache_id = 'example mail cache ' . $mbox_basedir . $signal_file;
  6.  
  7. $cache = new Your_Cache_Class();
  8. if (!$cache->isCached($cache_id) ||
  9.     filemtime($signal_file) > $cache->getMTime($cache_id)) {
  10.     $mail = new Zend_Mail_Storage_Folder_Pop3(array('dirname' =>
  11.                                                         $mbox_basedir));
  12. } else {
  13.     $mail = $cache->get($cache_id);
  14. }
  15.  
  16. // do stuff ...
  17.  
  18. $cache->set($cache_id, $mail);

Extending Protocol Classes

Remote storages use two classes: Zend_Mail_Storage_<Name> and Zend_Mail_Protocol_<Name>. The protocol class translates the protocol commands and responses from and to PHP, like methods for the commands or variables with different structures for data. The other/main class implements the common interface.

If you need additional protocol features, you can extend the protocol class and use it in the constructor of the main class. As an example, assume we need to knock different ports before we can connect to POP3.

  1. class Example_Mail_Exception extends Zend_Mail_Exception
  2. {
  3. }
  4.  
  5. class Example_Mail_Protocol_Exception extends Zend_Mail_Protocol_Exception
  6. {
  7. }
  8.  
  9. class Example_Mail_Protocol_Pop3_Knock extends Zend_Mail_Protocol_Pop3
  10. {
  11.     private $host, $port;
  12.  
  13.     public function __construct($host, $port = null)
  14.     {
  15.         // no auto connect in this class
  16.         $this->host = $host;
  17.         $this->port = $port;
  18.     }
  19.  
  20.     public function knock($port)
  21.     {
  22.         $sock = @fsockopen($this->host, $port);
  23.         if ($sock) {
  24.             fclose($sock);
  25.         }
  26.     }
  27.  
  28.     public function connect($host = null, $port = null, $ssl = false)
  29.     {
  30.         if ($host === null) {
  31.             $host = $this->host;
  32.         }
  33.         if ($port === null) {
  34.             $port = $this->port;
  35.         }
  36.         parent::connect($host, $port);
  37.     }
  38. }
  39.  
  40. class Example_Mail_Pop3_Knock extends Zend_Mail_Storage_Pop3
  41. {
  42.     public function __construct(array $params)
  43.     {
  44.         // ... check $params here! ...
  45.         $protocol = new Example_Mail_Protocol_Pop3_Knock($params['host']);
  46.  
  47.         // do our "special" thing
  48.         foreach ((array)$params['knock_ports'] as $port) {
  49.             $protocol->knock($port);
  50.         }
  51.  
  52.         // get to correct state
  53.         $protocol->connect($params['host'], $params['port']);
  54.         $protocol->login($params['user'], $params['password']);
  55.  
  56.         // initialize parent
  57.         parent::__construct($protocol);
  58.     }
  59. }
  60.  
  61. $mail = new Example_Mail_Pop3_Knock(array('host'        => 'localhost',
  62.                                           'user'        => 'test',
  63.                                           'password'    => 'test',
  64.                                           'knock_ports' =>
  65.                                               array(1101, 1105, 1111)));

As you see, we always assume we're connected, logged in and, if supported, a folder is selected in the constructor of the main class. Thus if you assign your own protocol class, you always need to make sure that's done or the next method will fail if the server doesn't allow it in the current state.

Using Quota (since 1.5)

Zend_Mail_Storage_Writable_Maildir has support for Maildir++ quotas. It's disabled by default, but it's possible to use it manually, if the automatic checks are not desired (this means appendMessage(), removeMessage() and copyMessage() do no checks and do not add entries to the maildirsize file). If enabled, an exception is thrown if you try to write to the maildir and it's already over quota.

There are three methods used for quotas: getQuota(), setQuota() and checkQuota():

  1. $mail = new Zend_Mail_Storage_Writable_Maildir(array('dirname' =>
  2.                                                    '/home/test/mail/'));
  3. $mail->setQuota(true); // true to enable, false to disable
  4. echo 'Quota check is now ', $mail->getQuota() ? 'enabled' : 'disabled', "\n";
  5. // check quota can be used even if quota checks are disabled
  6. echo 'You are ', $mail->checkQuota() ? 'over quota' : 'not over quota', "\n";

checkQuota() can also return a more detailed response:

  1. $quota = $mail->checkQuota(true);
  2. echo 'You are ', $quota['over_quota'] ? 'over quota' : 'not over quota', "\n";
  3. echo 'You have ',
  4.      $quota['count'],
  5.      ' of ',
  6.      $quota['quota']['count'],
  7.      ' messages and use ';
  8. echo $quota['size'], ' of ', $quota['quota']['size'], ' octets';

If you want to specify your own quota instead of using the one specified in the maildirsize file you can do with setQuota():

  1. // message count and octet size supported, order does matter
  2. $quota = $mail->setQuota(array('size' => 10000, 'count' => 100));

To add your own quota checks use single letters as keys, and they will be preserved (but obviously not checked). It's also possible to extend Zend_Mail_Storage_Writable_Maildir to define your own quota only if the maildirsize file is missing (which can happen in Maildir++):

  1. class Example_Mail_Storage_Maildir extends Zend_Mail_Storage_Writable_Maildir {
  2.     // getQuota is called with $fromStorage = true by quota checks
  3.     public function getQuota($fromStorage = false) {
  4.         try {
  5.             return parent::getQuota($fromStorage);
  6.         } catch (Zend_Mail_Storage_Exception $e) {
  7.             if (!$fromStorage) {
  8.                 // unknown error:
  9.                 throw $e;
  10.             }
  11.             // maildirsize file must be missing
  12.  
  13.             list($count, $size) = get_quota_from_somewhere_else();
  14.             return array('count' => $count, 'size' => $size);
  15.         }
  16.     }
  17. }

Securing SMTP Transport