From 4340ae13069b604beeacefa4158a73620083fd84 Mon Sep 17 00:00:00 2001 From: Ridwan Aguda <59691595+realicon23@users.noreply.github.com> Date: Fri, 3 Jul 2026 11:38:56 +0100 Subject: [PATCH] Expose SMTP TLS controls for local relays Self-hosted Docker installs can relay through an internal SMTP server that advertises STARTTLS with a private or self-signed certificate. Symfony Mailer enables opportunistic STARTTLS by default, so MAIL_ENCRYPTION=null is not enough to avoid certificate verification failures. Expose MAIL_AUTO_TLS and MAIL_VERIFY_PEER through the Hi.Events SMTP mailer config. These map to Symfony's SMTP DSN options, preserve secure defaults, and let trusted internal relays opt out explicitly when needed. Pass the variables through the all-in-one Docker compose file, document the defaults in env examples, and add a focused test that verifies the options reach Symfony's EsmtpTransport and socket stream. --- backend/.env.example | 2 ++ backend/config/mail.php | 2 ++ .../Configuration/MailConfigurationTest.php | 30 +++++++++++++++++++ docker/all-in-one/.env.example | 2 ++ docker/all-in-one/docker-compose.yml | 2 ++ 5 files changed, 38 insertions(+) create mode 100644 backend/tests/Unit/Configuration/MailConfigurationTest.php diff --git a/backend/.env.example b/backend/.env.example index c5ee655b31..d1db304f71 100644 --- a/backend/.env.example +++ b/backend/.env.example @@ -50,6 +50,8 @@ MAIL_PORT=1025 MAIL_USERNAME=null MAIL_PASSWORD=null MAIL_ENCRYPTION=null +MAIL_AUTO_TLS=true +MAIL_VERIFY_PEER=true MAIL_FROM_ADDRESS="hello@example.com" MAIL_FROM_NAME="${APP_NAME}" diff --git a/backend/config/mail.php b/backend/config/mail.php index 5bb2254529..c64277f391 100644 --- a/backend/config/mail.php +++ b/backend/config/mail.php @@ -44,6 +44,8 @@ 'password' => env('MAIL_PASSWORD'), 'timeout' => null, 'local_domain' => env('MAIL_EHLO_DOMAIN'), + 'auto_tls' => env('MAIL_AUTO_TLS', true), + 'verify_peer' => env('MAIL_VERIFY_PEER', true), ], 'ses' => [ diff --git a/backend/tests/Unit/Configuration/MailConfigurationTest.php b/backend/tests/Unit/Configuration/MailConfigurationTest.php new file mode 100644 index 0000000000..7dbe1d1a9b --- /dev/null +++ b/backend/tests/Unit/Configuration/MailConfigurationTest.php @@ -0,0 +1,30 @@ + array_merge(config('mail.mailers.smtp'), [ + 'auto_tls' => false, + 'verify_peer' => false, + ]), + ]); + + /** @var MailManager $mailManager */ + $mailManager = app('mail.manager'); + + $transport = $mailManager->createSymfonyTransport(config('mail.mailers.smtp')); + + $this->assertInstanceOf(EsmtpTransport::class, $transport); + $this->assertFalse($transport->isAutoTls()); + $this->assertFalse($transport->getStream()->getStreamOptions()['ssl']['verify_peer']); + $this->assertFalse($transport->getStream()->getStreamOptions()['ssl']['verify_peer_name']); + } +} diff --git a/docker/all-in-one/.env.example b/docker/all-in-one/.env.example index 3a7b4f6130..cce1ee6b76 100644 --- a/docker/all-in-one/.env.example +++ b/docker/all-in-one/.env.example @@ -34,6 +34,8 @@ MAIL_PORT=1025 MAIL_USERNAME=null MAIL_PASSWORD=null MAIL_ENCRYPTION=null +MAIL_AUTO_TLS=true +MAIL_VERIFY_PEER=true MAIL_FROM_ADDRESS=test@example.com MAIL_FROM_NAME="Hi Events" diff --git a/docker/all-in-one/docker-compose.yml b/docker/all-in-one/docker-compose.yml index 28f912c617..2febdb3554 100644 --- a/docker/all-in-one/docker-compose.yml +++ b/docker/all-in-one/docker-compose.yml @@ -31,6 +31,8 @@ services: - MAIL_USERNAME=${MAIL_USERNAME} - MAIL_PASSWORD=${MAIL_PASSWORD} - MAIL_ENCRYPTION=${MAIL_ENCRYPTION} + - MAIL_AUTO_TLS=${MAIL_AUTO_TLS} + - MAIL_VERIFY_PEER=${MAIL_VERIFY_PEER} - MAIL_FROM_ADDRESS=${MAIL_FROM_ADDRESS} - MAIL_FROM_NAME=${MAIL_FROM_NAME} - FILESYSTEM_PUBLIC_DISK=${FILESYSTEM_PUBLIC_DISK}