Explicitly decide whether to use TLS in mailer's configuration (#5024)

* explicitly decide on using TLS for mail connections

* explicitly decide on using TLS for mail connections

* keep compatibility

diff --git a/custom/conf/app.ini.sample b/custom/conf/app.ini.sample
index 147c99d942f3ea68d1bb0500736b2b676425642f..58d100d805a8fa89d55a609920ed18d7cca6aa1b 100644 (file)
--- a/custom/conf/app.ini.sample
+++ b/custom/conf/app.ini.sample
@@ -388,6 +388,8 @@ SKIP_VERIFY =
 USE_CERTIFICATE = false
 CERT_FILE = custom/mailer/cert.pem
 KEY_FILE = custom/mailer/key.pem
+; Should SMTP connection use TLS
+IS_TLS_ENABLED = false
 ; Mail from address, RFC 5322. This can be just an email address, or the `"Name" <email@example.com>` format
 FROM =
 ; Mailer user name and password

diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
index a3bded679df18faed0e110f9bdf55e0eac6e8b28..7ea14d2306d47f06ca8ffd64b8f6579d02045baf 100644 (file)
--- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md
+++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
@@ -62,7 +62,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
    HTTP protocol.
 - `USE_COMPAT_SSH_URI`: **false**: Force ssh:// clone url instead of scp-style uri when
    default SSH port is used.
-   
+
 ### Repository - Pull Request (`repository.pull-request`)
 - `WORK_IN_PROGRESS_PREFIXES`: **WIP:,\[WIP\]**: List of prefixes used in Pull Request
  title to mark them as Work In Progress
@@ -222,6 +222,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
      `FROM` and `SENDMAIL_PATH`.
 - `SENDMAIL_PATH`: **sendmail**: The location of sendmail on the operating system (can be
    command or full path).
+- ``IS_TLS_ENABLED`` :  **false** : Decide if SMTP connections should use TLS.
 
 ## Cache (`cache`)
 
@@ -310,8 +311,8 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `TOKEN`: **\<empty\>**: You need to specify the token, if you want to include in the authorization the metrics . The same token need to be used in prometheus parameters `bearer_token` or `bearer_token_file`.
 
 ## API (`api`)
- 
-- `ENABLE_SWAGGER_ENDPOINT`: **true**: Enables /api/swagger, /api/v1/swagger etc. endpoints. True or false; default is true. 
+
+- `ENABLE_SWAGGER_ENDPOINT`: **true**: Enables /api/swagger, /api/v1/swagger etc. endpoints. True or false; default is true.
 - `MAX_RESPONSE_ITEMS`: **50**: Max number of items in a page.
 
 ## i18n (`i18n`)

diff --git a/modules/mailer/mailer.go b/modules/mailer/mailer.go
index a54e8361735dde4e125b386b679cf8bbe641bc93..e9b752e14db507a5c79d3e1a6fadaec893d87e5a 100644 (file)
--- a/modules/mailer/mailer.go
+++ b/modules/mailer/mailer.go
@@ -122,11 +122,10 @@ func (s *smtpSender) Send(from string, to []string, msg io.WriterTo) error {
        }
        defer conn.Close()
 
-       isSecureConn := false
+       isSecureConn := opts.IsTLSEnabled || (strings.HasSuffix(port, "465"))
        // Start TLS directly if the port ends with 465 (SMTPS protocol)
-       if strings.HasSuffix(port, "465") {
+       if isSecureConn {
                conn = tls.Client(conn, tlsconfig)
-               isSecureConn = true
        }
 
        client, err := smtp.NewClient(conn, host)

diff --git a/modules/setting/setting.go b/modules/setting/setting.go
index b0bcd2ead854949536e080c837eb10bc4227e995..1c4814189a46520e8919c4200260560c0293b2f1 100644 (file)
--- a/modules/setting/setting.go
+++ b/modules/setting/setting.go
@@ -1523,6 +1523,7 @@ type Mailer struct {
        SkipVerify        bool
        UseCertificate    bool
        CertFile, KeyFile string
+       IsTLSEnabled      bool
 
        // Sendmail sender
        UseSendmail  bool
@@ -1556,6 +1557,7 @@ func newMailService() {
                UseCertificate: sec.Key("USE_CERTIFICATE").MustBool(),
                CertFile:       sec.Key("CERT_FILE").String(),
                KeyFile:        sec.Key("KEY_FILE").String(),
+               IsTLSEnabled:   sec.Key("IS_TLS_ENABLED").MustBool(),
 
                UseSendmail:  sec.Key("USE_SENDMAIL").MustBool(),
                SendmailPath: sec.Key("SENDMAIL_PATH").MustString("sendmail"),