Skip to content

Expose SMTP TLS controls for local relays#1244

Open
realicon23 wants to merge 1 commit into
HiEventsDev:developfrom
realicon23:fix-smtp-auto-tls-config
Open

Expose SMTP TLS controls for local relays#1244
realicon23 wants to merge 1 commit into
HiEventsDev:developfrom
realicon23:fix-smtp-auto-tls-config

Conversation

@realicon23

Copy link
Copy Markdown
Contributor

Fixes #1186.

Why

Self-hosted Docker deployments can relay mail through an internal SMTP server that advertises STARTTLS with a private or self-signed certificate. Symfony Mailer enables opportunistic STARTTLS by default, so leaving MAIL_ENCRYPTION empty does not necessarily stop the transport from upgrading to STARTTLS.

Laravel passes the SMTP mailer config through to Symfony's SMTP DSN options, and Symfony already supports auto_tls and verify_peer. This keeps the secure defaults in place while giving trusted internal relays an explicit opt-out.

What changed

  • Adds MAIL_AUTO_TLS and MAIL_VERIFY_PEER to the SMTP mailer config.
  • Passes those variables through the all-in-one Docker compose environment.
  • Documents the defaults in the backend and all-in-one env examples.
  • Adds a focused unit test proving the options reach Symfony's EsmtpTransport and socket stream.

Verification

/opt/homebrew/opt/php@8.4/bin/php -l backend/config/mail.php
/opt/homebrew/opt/php@8.4/bin/php -l backend/tests/Unit/Configuration/MailConfigurationTest.php
git diff --check
/opt/homebrew/opt/php@8.4/bin/php vendor/bin/phpunit tests/Unit/Configuration/MailConfigurationTest.php --no-coverage

Focused result: 1 test, 4 assertions.

I also ran the full backend unit suite. It completed with the existing NoInternalUrlRuleTest external URL failures, which are unrelated to this mail config change.

Self-hosted Docker installs can relay through an internal SMTP server that advertises STARTTLS with a private or self-signed certificate. Symfony Mailer enables opportunistic STARTTLS by default, so MAIL_ENCRYPTION=null is not enough to avoid certificate verification failures.

Expose MAIL_AUTO_TLS and MAIL_VERIFY_PEER through the Hi.Events SMTP mailer config. These map to Symfony's SMTP DSN options, preserve secure defaults, and let trusted internal relays opt out explicitly when needed.

Pass the variables through the all-in-one Docker compose file, document the defaults in env examples, and add a focused test that verifies the options reach Symfony's EsmtpTransport and socket stream.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

🐛Bug: SMTP always attempts STARTTLS when server advertises it, even with MAIL_ENCRYPTION unset

1 participant