starred/cypht

Fork 0

mirror of https://github.com/cypht-org/cypht.git synced 2026-04-25 04:56:03 +03:00

[GH-ISSUE #773] Use proxy to connect to mail servers #473

New issue

Open

opened 2026-02-25 21:35:07 +03:00 by kerem · 7 comments

kerem commented

2026-02-25 21:35:07 +03:00

Owner

Originally created by @tianze0926 on GitHub (Sep 19, 2023).
Original GitHub issue: https://github.com/cypht-org/cypht/issues/773

🚀 Feature

Is it possible to make cypht connect to IMAP and SMTP servers through proxies such as SOCKS5? There are occasions when the client cannot directly access the mail server. So proxies such as SOCKS5 can be used to proxy TCP payload, like IMAP.

Design, Layout, Architecture

Since I am not familiar with php, a golang implementation reference can be found at https://stackoverflow.com/a/71182894.

The procedure can be roughly described as:

Open a TCP connection to the SOCKS5 server
send and receive SOCKS5 data
send and receive TLS data
sned and receive application layer data, such as IMAP and SMTP

Originally created by @tianze0926 on GitHub (Sep 19, 2023). Original GitHub issue: https://github.com/cypht-org/cypht/issues/773 ## 🚀 Feature Is it possible to make cypht connect to IMAP and SMTP servers through proxies such as SOCKS5? There are occasions when the client cannot directly access the mail server. So proxies such as SOCKS5 can be used to proxy TCP payload, like IMAP. ### Design, Layout, Architecture Since I am not familiar with php, a golang implementation reference can be found at https://stackoverflow.com/a/71182894. The procedure can be roughly described as: - Open a TCP connection to the SOCKS5 server - send and receive [SOCKS5](https://en.wikipedia.org/wiki/SOCKS#SOCKS5) data - send and receive TLS data - sned and receive application layer data, such as IMAP and SMTP

kerem added the

help wanted

label

2026-02-25 21:35:07 +03:00

kerem commented

2026-02-25 21:35:07 +03:00

Author

Owner

@jasonmunro commented on GitHub (Sep 21, 2023):

Currently Cypht cannot use SOCKS5. PHP has no built in support for SOCKS5, though it looks like some user written libraries exist. This is possible to implement but would need some dev resources to understand the SOCKS5 protocol and implement the request/response process. We do already support enabling TLS on an open socket since that is how STARTTLS works.

@jasonmunro commented on GitHub (Sep 21, 2023): Currently Cypht cannot use SOCKS5. PHP has no built in support for SOCKS5, though it looks like some user written libraries exist. This is possible to implement but would need some dev resources to understand the SOCKS5 protocol and implement the request/response process. We do already support enabling TLS on an open socket since that is how STARTTLS works.

kerem commented

2026-02-25 21:35:07 +03:00

Author

Owner

@marclaporte commented on GitHub (Sep 23, 2023):

@tianze0926 Is this something Cypht should do vs something done via the server? (and transparent to Cypht)

@marclaporte commented on GitHub (Sep 23, 2023): @tianze0926 Is this something Cypht should do vs something done via the server? (and transparent to Cypht)

kerem commented

2026-02-25 21:35:07 +03:00

Author

Owner

@tianze0926 commented on GitHub (Sep 23, 2023):

@marclaporte Cypht should support the client side of SOCKS protocol.

Taking IMAP TLS for example, Cypht currently executes the TCP and TLS handshakes with the IMAP server in one function call. However in order to use SOCKS proxy, Cypht should:

make TCP connection with the proxy server
send some SOCKS payload to tell the proxy server which remote address (the IMAP server in this case) to connect to
after the proxy server connects to the IMAP server, Cypht can then treat the proxy server as if it were the IMAP and establish TLS and send IMAP stuff

Here is a example sequence diagram: (replies from the proxy server and the IMAP server are omitted)

sequenceDiagram
  participant C as Cypht
  participant P as SOCKS Proxy
  participant I as IMAP
  C->>P: open a TCP connection
  C->>P: tell the proxy to connect to `imap.gmail.com:993`
  P->>I: open a TCP connection
  C->>P: TLS
  P->>I: TLS
  C->>P: IMAP commands
  P->>I: IMAP commands

As you can see, the TCP and TLS handshakes should be seperated instead of done by single function call. The SOCKS5 protocol is very simple and can be easily implemented even from scratch. It's the TLS part that troubles me since I couldn't find appropriate methods to perform TLS after a plain TCP connection is established.

@tianze0926 commented on GitHub (Sep 23, 2023): @marclaporte Cypht should support the client side of SOCKS protocol. Taking IMAP TLS for example, Cypht currently executes the TCP and TLS handshakes with the IMAP server in **one** [function call](https://github.com/cypht-org/cypht/blob/82f6c3ffb1b3f8ea727ea16975863d342f912246/modules/imap/hm-imap.php#L198). However in order to use SOCKS proxy, Cypht should: 1. make TCP connection with the proxy server 2. send some SOCKS payload to tell the proxy server which remote address (the IMAP server in this case) to connect to 3. after the proxy server connects to the IMAP server, Cypht can then treat the proxy server as if it were the IMAP and establish TLS and send IMAP stuff Here is a example sequence diagram: (replies from the proxy server and the IMAP server are omitted) ```mermaid sequenceDiagram participant C as Cypht participant P as SOCKS Proxy participant I as IMAP C->>P: open a TCP connection C->>P: tell the proxy to connect to `imap.gmail.com:993` P->>I: open a TCP connection C->>P: TLS P->>I: TLS C->>P: IMAP commands P->>I: IMAP commands ``` As you can see, the TCP and TLS handshakes should be seperated instead of done by single function call. The SOCKS5 protocol is very simple and can be easily implemented even from scratch. It's the TLS part that troubles me since I couldn't find appropriate methods to perform TLS after a plain TCP connection is established.

kerem commented

2026-02-25 21:35:07 +03:00

Author

Owner

@marclaporte commented on GitHub (Sep 23, 2023):

The SOCKS5 protocol is very simple and can be easily implemented even from scratch.

Ok, but for the record, here are some options: https://packagist.org/?query=SOCKS

@marclaporte commented on GitHub (Sep 23, 2023): > The SOCKS5 protocol is very simple and can be easily implemented even from scratch. Ok, but for the record, here are some options: https://packagist.org/?query=SOCKS

kerem commented

2026-02-25 21:35:07 +03:00

Author

Owner

@marclaporte commented on GitHub (Sep 1, 2025):

@tianze0926 This is a good topic for our monthly Cypht community meetings: https://github.com/cypht-org/cypht/wiki/Monthly-Community-Meetings

@marclaporte commented on GitHub (Sep 1, 2025): @tianze0926 This is a good topic for our monthly Cypht community meetings: https://github.com/cypht-org/cypht/wiki/Monthly-Community-Meetings

kerem commented

2026-02-25 21:35:07 +03:00

Author

Owner

@marclaporte commented on GitHub (Sep 26, 2025):

@tianze0926 We discussed a bit at the meeting today, but if you could come to the meeting next month, it would be great!

@marclaporte commented on GitHub (Sep 26, 2025): @tianze0926 We discussed a bit at the meeting today, but if you could come to the meeting next month, it would be great!

kerem commented

2026-02-25 21:35:07 +03:00

Author

Owner

@marclaporte commented on GitHub (Oct 31, 2025):

@tianze0926 We are ready to discuss when you are :-)

https://github.com/cypht-org/cypht/wiki/Monthly-Community-Meetings

@marclaporte commented on GitHub (Oct 31, 2025): @tianze0926 We are ready to discuss when you are :-) https://github.com/cypht-org/cypht/wiki/Monthly-Community-Meetings

kerem referenced this issue

2026-02-25 21:36:22 +03:00

[PR #473] [MERGED] Revert "use uniqid instead of php array indexing for server list" #831