Add more mail config options (#4211)

Currently cozy-stack only send mail through plain SMTP or over STARTTLS connections but is unable to connect to an SSL/SMTPS server. This PR adds missing mail config option to allow sending mail through SSL connections (SMTPS) It also add an option to modify the local hostname used in HELO command to SMTP servers (required for some mail servers). This is currently hardcoded to ` localhost` which will be refused in some cases. Some config examples: - Plain SMTP on submission port : ```yaml mail: host: smtp.home port: 587 use_ssl: false disable_tls: true local_name: cozy.domain.example ``` - STARTTLS over SMTP submission port ```yaml mail: host: smtp.home port: 587 use_ssl: false disable_tls: false skip_certificate_validation: false local_name: cozy.domain.example ``` - SSL connection to SMTPS submission port ```yaml mail: host: smtp.home port: 465 use_ssl: true disable_tls: false skip_certificate_validation: false local_name: cozy.domain.example ```
cozy · Nov 8, 2023 · 8cabafe · 8cabafe
2 parents 23138d1 + 2196e4f
commit 8cabafe
Show file tree

Hide file tree

Showing 6 changed files with 50 additions and 22 deletions.
diff --git a/cmd/serve.go b/cmd/serve.go
@@ -85,6 +85,7 @@ example), you can use the --appdir flag like this:
 
 		if flagMailhog {
 			cfg := config.GetConfig()
+			cfg.Mail.NativeTLS = false
 			cfg.Mail.DisableTLS = true
 			cfg.Mail.Port = 1025
 		}
@@ -220,9 +221,15 @@ func init() {
 	flags.String("mail-password", "", "mail smtp password")
 	checkNoErr(viper.BindPFlag("mail.password", flags.Lookup("mail-password")))
 
-	flags.Bool("mail-disable-tls", false, "disable smtp over tls")
+	flags.Bool("mail-use-ssl", false, "use ssl for mail sending (smtps)")
+	checkNoErr(viper.BindPFlag("mail.use_ssl", flags.Lookup("mail-use-ssl")))
+
+	flags.Bool("mail-disable-tls", false, "disable starttls on smtp")
 	checkNoErr(viper.BindPFlag("mail.disable_tls", flags.Lookup("mail-disable-tls")))
 
+	flags.String("mail-local-name", "localhost", "hostname sent to the smtp server with the HELO command")
+	checkNoErr(viper.BindPFlag("mail.local_name", flags.Lookup("mail-local-name")))
+
 	flags.String("move-url", "https://move.cozycloud.cc/", "URL for the move wizard")
 	checkNoErr(viper.BindPFlag("move.url", flags.Lookup("move-url")))
 

diff --git a/cozy.example.yaml b/cozy.example.yaml
@@ -205,21 +205,32 @@ mail:
   # mail smtp host - flags: --mail-host
   host: smtp.home
   # mail smtp port - flags: --mail-port
-  port: 465
+  port: 587
   # mail smtp username - flags: --mail-username
   username: {{.Env.COZY_MAIL_USERNAME}}
   # mail smtp password - flags: --mail-password
   password: {{.Env.COZY_MAIL_PASSWORD}}
-  # disable mail tls - flags: --mail-disable-tls
+  # Use SSL connection (SMTPS)
+  # Means no STARTTLS
+  # flags: --mail-use-ssl
+  use_ssl: false
+  # disable mail STARTTLS
+  # Means using plain unencrypted SMTP
+  # flags: --mail-disable-tls
   disable_tls: false
   # skip the certificate validation (may be useful on localhost)
   skip_certificate_validation: false
+  # Local Name
+  # The hostname sent to the SMTP server with the HELO command
+  # Defaults to localhost
+  # flags: --mail-local-name
+  local_name: cozy.domain.example
   # It is also possible to override the mail server per context.
   contexts:
     beta:
       # If the host is set to "-", no mail will be sent on this context
       host: smtp.cozy.beta
-      port: 465
+      port: 587
       username: {{.Env.COZY_BETA_MAIL_USERNAME}}
       password: {{.Env.COZY_BETA_MAIL_PASSWORD}}
 
@@ -303,7 +314,7 @@ deprecated_apps:
   apps:
 #     - software_id: "github.com/cozy/some-app"
 #       name: "some-app"
-#       store_urls: 
+#       store_urls:
 #         iphone: https://some-apple-store-url
 #         android: https://some-android-store-url
 

diff --git a/pkg/config/config/config.go b/pkg/config/config/config.go
@@ -821,8 +821,10 @@ func UseViper(v *viper.Viper) error {
 			Port:                      v.GetInt("mail.port"),
 			Username:                  v.GetString("mail.username"),
 			Password:                  v.GetString("mail.password"),
+			NativeTLS:                 v.GetBool("mail.use_ssl"),
 			DisableTLS:                v.GetBool("mail.disable_tls"),
 			SkipCertificateValidation: v.GetBool("mail.skip_certificate_validation"),
+			LocalName:                 v.GetString("mail.local_name"),
 		},
 		MailPerContext: v.GetStringMap("mail.contexts"),
 		Contexts:       v.GetStringMap("contexts"),

diff --git a/pkg/config/config/config_test.go b/pkg/config/config/config_test.go
@@ -92,8 +92,10 @@ func TestConfigUnmarshal(t *testing.T) {
 		Port:                      25,
 		Username:                  "some-username",
 		Password:                  "some-password",
+		NativeTLS:                 false,
 		DisableTLS:                true,
 		SkipCertificateValidation: true,
+		LocalName:                 "some.host",
 	}, cfg.Mail)
 	assert.EqualValues(t, map[string]interface{}{
 		"my-context": map[string]interface{}{"host": "-"},

diff --git a/pkg/config/config/testdata/full_config.yaml b/pkg/config/config/testdata/full_config.yaml
@@ -7,7 +7,7 @@ admin:
   host: 127.0.0.1
 
 vault:
-  #  credentials_encryptor_key: /some/key.enc
+  # credentials_encryptor_key: /some/key.enc
   # credentials_decryptor_key: /some/key.dec
 
 assets: "some/assets/path"
@@ -16,17 +16,17 @@ assets_polling_interval: 1h
 
 fs:
   url: https://some-url
-    # root_ca: /some/ca.crt
+  # root_ca: /some/ca.crt
   EndpointType: internal
   can_query_info: true
-  default_layout: 2 
+  default_layout: 2
   versioning:
     max_number_of_versions_to_keep: 4
     min_delay_between_two_versions: 1m
 
 couchdb:
   url: https://some-couchdb-url
-    #root_ca: /some/ca/path.crt
+  # root_ca: /some/ca/path.crt
 
 redis:
   addrs: url-1:12 url2:23 url3:34
@@ -61,13 +61,15 @@ mail:
   reply_to: support@cozycloud.cc
   contexts:
     my-context:
-      host: '-'
+      host: "-"
   host: localhost
   username: some-username
   password: some-password
   port: 25
+  use_ssl: false
   disable_tls: true
   skip_certificate_validation: true
+  local_name: some.host
 
 geodb: /geo/db/path
 
@@ -80,13 +82,13 @@ konnectors:
 registries:
   default: []
   example:
-  - https://registry-url-1
-  - https://registry-url-2
+    - https://registry-url-1
+    - https://registry-url-2
 
 office:
   foo:
     onlyoffice_url: https://onlyoffice-url
-    onlyoffice_inbox_secret: inbox_secret 
+    onlyoffice_inbox_secret: inbox_secret
     onlyoffice_outbox_secret: outbox_secret
 
 clouderies:
@@ -156,15 +158,15 @@ contexts:
     help_link: https://cozy.io/fr/support
     enable_premium_links: false
     claudy_actions:
-    - desktop
-    - support
+      - desktop
+      - support
     additional_platform_apps:
-    - some-app
+      - some-app
     features:
-    - hide_konnector_errors: true
-    - home.konnectors.hide-errors: true
-    - home_hidden_apps:
-      - foobar
+      - hide_konnector_errors: true
+      - home.konnectors.hide-errors: true
+      - home_hidden_apps:
+          - foobar
     home_logos:
-      /logos/1.png: 'Title 1'
-      /logos/2.png: 'Title 2'
+      /logos/1.png: "Title 1"
+      /logos/2.png: "Title 2"
diff --git a/worker/mails/mail.go b/worker/mails/mail.go
@@ -60,15 +60,19 @@ func SendMail(ctx *job.WorkerContext) error {
 			port, _ := ctxConfig["port"].(int)
 			username, _ := ctxConfig["username"].(string)
 			password, _ := ctxConfig["username"].(string)
+			UseSSL, _ := ctxConfig["use_ssl"].(bool)
 			disableTLS, _ := ctxConfig["disable_tls"].(bool)
 			skipCertValid, _ := ctxConfig["skip_certificate_validation"].(bool)
+			LocalName, _ := ctxConfig["local_name"].(string)
 			opts.Dialer = &gomail.DialerOptions{
 				Host:                      host,
 				Port:                      port,
 				Username:                  username,
 				Password:                  password,
+				NativeTLS:                 UseSSL,
 				DisableTLS:                disableTLS,
 				SkipCertificateValidation: skipCertValid,
+				LocalName:                 LocalName,
 			}
 		}
 	}