Skip to content

Commit

Permalink
add ssl/tls option for email encryption (#13)
Browse files Browse the repository at this point in the history
  • Loading branch information
@h44z
h44z committed Apr 22, 2021
1 parent 7042523 commit 926733d
Show file tree
Hide file tree
Showing 3 changed files with 30 additions and 9 deletions.
3 changes: 2 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,8 @@ The following configuration options are available:
| DATABASE_PASSWORD | password | database | | The mysql password. |
| EMAIL_HOST | host | email | 127.0.0.1 | The email server address. |
| EMAIL_PORT | port | email | 25 | The email server port. |
| EMAIL_TLS | tls | email | false | Use STARTTLS. |
| EMAIL_TLS | tls | email | false | Use STARTTLS. DEPRECATED: use EMAIL_ENCRYPTION instead. |
| EMAIL_ENCRYPTION | encryption | email | none | Either none, tls or starttls. |
| EMAIL_CERT_VALIDATION | certcheck | email | false | Validate the email server certificate. |
| EMAIL_USERNAME | user | email | | An optional username for SMTP authentication. |
| EMAIL_PASSWORD | pass | email | | An optional password for SMTP authentication. |
Expand Down
35 changes: 27 additions & 8 deletions internal/common/email.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,16 +7,27 @@ import (
"strconv"
"strings"

"github.com/pkg/errors"

"github.com/jordan-wright/email"
)

type MailEncryption string

const (
MailEncryptionNone MailEncryption = "none"
MailEncryptionTLS MailEncryption = "tls"
MailEncryptionStartTLS MailEncryption = "starttls"
)

type MailConfig struct {
Host string `yaml:"host" envconfig:"EMAIL_HOST"`
Port int `yaml:"port" envconfig:"EMAIL_PORT"`
TLS bool `yaml:"tls" envconfig:"EMAIL_TLS"`
CertValidation bool `yaml:"certcheck" envconfig:"EMAIL_CERT_VALIDATION"`
Username string `yaml:"user" envconfig:"EMAIL_USERNAME"`
Password string `yaml:"pass" envconfig:"EMAIL_PASSWORD"`
Host string `yaml:"host" envconfig:"EMAIL_HOST"`
Port int `yaml:"port" envconfig:"EMAIL_PORT"`
TLS bool `yaml:"tls" envconfig:"EMAIL_TLS"` // Deprecated, use MailConfig.Encryption instead.
Encryption MailEncryption `yaml:"encryption" envconfig:"EMAIL_ENCRYPTION"`
CertValidation bool `yaml:"certcheck" envconfig:"EMAIL_CERT_VALIDATION"`
Username string `yaml:"user" envconfig:"EMAIL_USERNAME"`
Password string `yaml:"pass" envconfig:"EMAIL_PASSWORD"`
}

type MailAttachment struct {
Expand Down Expand Up @@ -64,16 +75,24 @@ func SendEmailWithAttachments(cfg MailConfig, sender, replyTo, subject, body str
for _, attachment := range attachments {
a, err := e.Attach(attachment.Data, attachment.Name, attachment.ContentType)
if err != nil {
return err
return errors.Wrapf(err, "failed to attach %s to mailbody", attachment.Name)
}
if attachment.Embedded {
a.HTMLRelated = true
}
}

// TODO: remove this once the deprecated MailConfig.TLS config option has been removed
if cfg.TLS {
cfg.Encryption = MailEncryptionStartTLS
}

switch cfg.Encryption {
case MailEncryptionTLS:
return e.SendWithTLS(hostname, auth, &tls.Config{InsecureSkipVerify: !cfg.CertValidation})
case MailEncryptionStartTLS:
return e.SendWithStartTLS(hostname, auth, &tls.Config{InsecureSkipVerify: !cfg.CertValidation})
} else {
default: // MailEncryptionNone
return e.Send(hostname, auth)
}
}
1 change: 1 addition & 0 deletions internal/server/configuration.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,7 @@ func NewConfig() *Config {
cfg.WG.ManageIPAddresses = true
cfg.Email.Host = "127.0.0.1"
cfg.Email.Port = 25
cfg.Email.Encryption = common.MailEncryptionNone

// Load config from file and environment
cfgFile, ok := os.LookupEnv("CONFIG_FILE")
Expand Down

0 comments on commit 926733d

Please sign in to comment.