Avoid the potentially dangerous shell_exec function and use native PHP dns_get_record(); instead

[lakdif]

Is your feature request related to a problem? Please describe. Since Snappymail needs shell_exec function for GPG to function, I tried to look for code references where it might be replaced with a safer alternative. The issue was mentioned multiple times in:

1385

1496

The only reference to shell_exec (besides the OwnCloud/NextCloud variants) was the line #221 in snappymail/v/0.0.0/app/libraries/snappymail/pgp/keyservers.php

Describe the solution you'd like

I suggest to replace it with the native dns_get_record function, in a similar way Mailcow does it: https://github.com/mailcow/mailcow-dockerized/blob/master/data/web/inc/ajax/dns_diagnostics.php - line 267.

The TLSA record is the only function AFAIK that prevents Snappymail to work with all dangerous functions disabled.

Describe alternatives you've considered

An alternative would be using php-curl to query some service like nslookup.io, but it would be not be as desired. Another alternative would be to only whitelist "dig" in shell_exec using the snuffleupagus PHP hardening extension, but this is out of scope.

[the-djmaze]

shell_exec in keyservers.php is not used.