Skip to content

feat(mail): add ACKIFY_MAIL_INSECURE_SKIP_VERIFY option #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
btouchard merged 3 commits into from
Nov 22, 2025
Merged

feat(mail): add ACKIFY_MAIL_INSECURE_SKIP_VERIFY option #6

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
eca29c1
feat(mail): add option to skip TLS certificate verification
ArnaudFra Nov 21, 2025
28c1e5f
docs: add ACKIFY_MAIL_INSECURE_SKIP_VERIFY documentation
ArnaudFra Nov 21, 2025
b7192f9
Merge remote-tracking branch 'origin/main' into feature/mail-tls-skip…
ArnaudFra Nov 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .env.example
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@ ACKIFY_OAUTH_PROVIDER=google
# ACKIFY_MAIL_FROM_NAME=Ackify
# ACKIFY_MAIL_TLS=true
# ACKIFY_MAIL_STARTTLS=true
# ACKIFY_MAIL_INSECURE_SKIP_VERIFY=false

# Security Configuration
ACKIFY_OAUTH_COOKIE_SECRET=your_base64_encoded_secret_key
Expand Down
26 changes: 14 additions & 12 deletions backend/internal/infrastructure/config/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,18 +62,19 @@ type LoggerConfig struct {
}

type MailConfig struct {
Host string
Port int
Username string
Password string
TLS bool
StartTLS bool
Timeout string
From string
FromName string
SubjectPrefix string
TemplateDir string
DefaultLocale string
Host string
Port int
Username string
Password string
TLS bool
StartTLS bool
InsecureSkipVerify bool
Timeout string
From string
FromName string
SubjectPrefix string
TemplateDir string
DefaultLocale string
}

type ChecksumConfig struct {
Expand Down Expand Up @@ -181,6 +182,7 @@ func Load() (*Config, error) {
config.Mail.Password = getEnv("ACKIFY_MAIL_PASSWORD", "")
config.Mail.TLS = getEnvBool("ACKIFY_MAIL_TLS", true)
config.Mail.StartTLS = getEnvBool("ACKIFY_MAIL_STARTTLS", true)
config.Mail.InsecureSkipVerify = getEnvBool("ACKIFY_MAIL_INSECURE_SKIP_VERIFY", false)
config.Mail.Timeout = getEnv("ACKIFY_MAIL_TIMEOUT", "10s")
config.Mail.From = getEnv("ACKIFY_MAIL_FROM", "")
config.Mail.FromName = getEnv("ACKIFY_MAIL_FROM_NAME", config.App.Organisation)
Expand Down
9 changes: 8 additions & 1 deletion backend/internal/infrastructure/email/sender.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,9 +96,16 @@ func (s *SMTPSender) Send(ctx context.Context, msg Message) error {
if s.config.TLS {
// Implicit TLS/SSL (typically port 465)
d.SSL = true
d.TLSConfig = &tls.Config{
ServerName: s.config.Host,
InsecureSkipVerify: s.config.InsecureSkipVerify,
}
} else if s.config.StartTLS {
// Explicit TLS via STARTTLS (typically port 587)
d.TLSConfig = &tls.Config{ServerName: s.config.Host}
d.TLSConfig = &tls.Config{
ServerName: s.config.Host,
InsecureSkipVerify: s.config.InsecureSkipVerify,
}
d.StartTLSPolicy = mail.MandatoryStartTLS
}

Expand Down
17 changes: 17 additions & 0 deletions docs/en/configuration/email-setup.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,11 @@ ACKIFY_MAIL_TLS=true
# Enable STARTTLS (default: true)
ACKIFY_MAIL_STARTTLS=true

# Disable TLS certificate verification (default: false)
# Useful for self-signed certificates in development/testing
# /!\ DO NOT USE IN PRODUCTION
ACKIFY_MAIL_INSECURE_SKIP_VERIFY=false

# Connection timeout (default: 10s)
ACKIFY_MAIL_TIMEOUT=10s

Expand Down Expand Up @@ -120,6 +125,8 @@ ACKIFY_MAIL_PASSWORD=secure_password
ACKIFY_MAIL_FROM=ackify@company.com
ACKIFY_MAIL_TLS=true
ACKIFY_MAIL_STARTTLS=true
# For self-signed certificates only (/!\ not in production)
# ACKIFY_MAIL_INSECURE_SKIP_VERIFY=true
```

## Email Templates
Expand Down Expand Up @@ -290,6 +297,16 @@ Verify:
- Your server allows outgoing connections on the SMTP port
- `ACKIFY_MAIL_TLS=true` if the server requires TLS

### Error "tls: failed to verify certificate: x509: certificate signed by unknown authority"

This error occurs with self-signed certificates. **For development/testing environments only**:

```bash
ACKIFY_MAIL_INSECURE_SKIP_VERIFY=true
```

/!\ **Warning**: This option disables TLS certificate verification. NEVER use in production!

### Error "Authentication failed"

Verify:
Expand Down
17 changes: 17 additions & 0 deletions docs/fr/configuration/email-setup.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,11 @@ ACKIFY_MAIL_TLS=true
# Activer STARTTLS (défaut: true)
ACKIFY_MAIL_STARTTLS=true

# Désactiver la vérification des certificats TLS (défaut: false)
# Utile pour les certificats auto-signés en développement/test
# /!\ NE PAS UTILISER EN PRODUCTION
ACKIFY_MAIL_INSECURE_SKIP_VERIFY=false

# Timeout de connexion (défaut: 10s)
ACKIFY_MAIL_TIMEOUT=10s

Expand Down Expand Up @@ -120,6 +125,8 @@ ACKIFY_MAIL_PASSWORD=secure_password
ACKIFY_MAIL_FROM=ackify@company.com
ACKIFY_MAIL_TLS=true
ACKIFY_MAIL_STARTTLS=true
# Pour certificats auto-signés uniquement (/!\ pas en production)
# ACKIFY_MAIL_INSECURE_SKIP_VERIFY=true
```

## Templates Email
Expand Down Expand Up @@ -290,6 +297,16 @@ Vérifier :
- Votre serveur autorise les connexions sortantes sur le port SMTP
- `ACKIFY_MAIL_TLS=true` si le serveur requiert TLS

### Erreur "tls: failed to verify certificate: x509: certificate signed by unknown authority"

Cette erreur se produit avec des certificats auto-signés. **Pour les environnements de développement/test uniquement** :

```bash
ACKIFY_MAIL_INSECURE_SKIP_VERIFY=true
```

/!\ **Attention** : Cette option désactive la vérification des certificats TLS. Ne JAMAIS l'utiliser en production !

### Erreur "Authentication failed"

Vérifier :
Expand Down
1 change: 1 addition & 0 deletions install/.env.example
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,7 @@ ACKIFY_OAUTH_CLIENT_SECRET=your_oauth_client_secret
# SMTP Security Settings
# ACKIFY_MAIL_TLS=true
# ACKIFY_MAIL_STARTTLS=true
# ACKIFY_MAIL_INSECURE_SKIP_VERIFY=false
# ACKIFY_MAIL_TIMEOUT=10s

# Email Template Configuration
Expand Down