From 7f5213f655de4e96441f407b1733f1612a2f57d6 Mon Sep 17 00:00:00 2001 From: Hofa <49520637+thkn-hofa@users.noreply.github.com> Date: Wed, 21 Jan 2026 17:28:36 +0100 Subject: [PATCH 1/2] Update SMTP configuration guide with examples Added configuration examples for unauthenticated SMTP in the documentation. Configuration is different between 'web/opencve/conf/settings.py' and 'scheduler/airflow.cfg': the first allows to omit username and password variables while the second needs them empty or it throws errors. --- docs/guides/smtp_configuration.md | 33 +++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/docs/guides/smtp_configuration.md b/docs/guides/smtp_configuration.md index 3b43c31..2e506d9 100644 --- a/docs/guides/smtp_configuration.md +++ b/docs/guides/smtp_configuration.md @@ -33,6 +33,21 @@ EMAIL_USE_TLS = True DEFAULT_FROM_EMAIL = "OpenCVE.dev " ``` +For unauthenticated SMTP, the configuration should look like this: + +```python +# Email backend +EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend" + +EMAIL_HOST = "smtp.example.com" +#EMAIL_HOST_USER = "user" +#EMAIL_HOST_PASSWORD = "password" +EMAIL_PORT = 25 +EMAIL_USE_TLS = False + +DEFAULT_FROM_EMAIL = "OpenCVE.dev " +``` + !!! info You can follow this Django [documentation](https://docs.djangoproject.com/en/5.1/topics/email/#email-backends) to customize your email backend. @@ -86,6 +101,24 @@ notification_smtp_validate_certs = True notification_smtp_timeout = 30 ``` +For unauthenticated SMTP, the configuration should look like this: + +``` +# The base URL of the OpenCVE webserver +web_base_url = + +# The SMTP server used to send the email notifications +notification_smtp_host = smtp.example.com +notification_smtp_user = # Do not remove this item but leave it empty +notification_smtp_password = # Do not remove this item but leave it empty +notification_smtp_mail_from = john@example.com +notification_smtp_port = 25 +notification_smtp_use_tls = False +notification_smtp_start_tls = False +notification_smtp_validate_certs = False +notification_smtp_timeout = 30 +``` + #### Try it A dedicated [DAG](https://airflow.apache.org/docs/apache-airflow/stable/core-concepts/dags.html#dags) named `check_smtp` has been created for debugging the scheduler’s SMTP configuration. From ca07eca152e5ad4a778440692562302bd99e0b2f Mon Sep 17 00:00:00 2001 From: Hofa <49520637+thkn-hofa@users.noreply.github.com> Date: Sat, 24 Jan 2026 15:29:24 +0100 Subject: [PATCH 2/2] Revise SMTP configuration for unauthenticated usage Updated SMTP configuration details for unauthenticated SMTP, including comments for clarity. Removed example configurations for unauthenticated SMTP. --- docs/guides/smtp_configuration.md | 52 ++++++------------------------- 1 file changed, 10 insertions(+), 42 deletions(-) diff --git a/docs/guides/smtp_configuration.md b/docs/guides/smtp_configuration.md index 2e506d9..e4466f0 100644 --- a/docs/guides/smtp_configuration.md +++ b/docs/guides/smtp_configuration.md @@ -25,25 +25,10 @@ To specify your smtp, add the following lines inside the `web/opencve/conf/setti EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend" EMAIL_HOST = "smtp.example.com" -EMAIL_HOST_USER = "user" -EMAIL_HOST_PASSWORD = "password" -EMAIL_PORT = 587 -EMAIL_USE_TLS = True - -DEFAULT_FROM_EMAIL = "OpenCVE.dev " -``` - -For unauthenticated SMTP, the configuration should look like this: - -```python -# Email backend -EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend" - -EMAIL_HOST = "smtp.example.com" -#EMAIL_HOST_USER = "user" -#EMAIL_HOST_PASSWORD = "password" -EMAIL_PORT = 25 -EMAIL_USE_TLS = False +EMAIL_HOST_USER = "user" # Unauthenticated SMTP: Comment out variable or leave empty +EMAIL_HOST_PASSWORD = "password" # Unauthenticated SMTP: Comment out variable or leave empty +EMAIL_PORT = 587 # Unauthenticated SMTP: Set to 25 (or custom port if necessary) +EMAIL_USE_TLS = True # Unauthenticated SMTP: Set to False DEFAULT_FROM_EMAIL = "OpenCVE.dev " ``` @@ -90,32 +75,15 @@ The SMTP configuration of the scheduler component can be set in the `scheduler/a web_base_url = # The SMTP server used to send the email notifications +# All properties must remain present in config notification_smtp_host = smtp.example.com -notification_smtp_user = user -notification_smtp_password = password -notification_smtp_mail_from = john@example.com -notification_smtp_port = 587 -notification_smtp_use_tls = True -notification_smtp_start_tls = False -notification_smtp_validate_certs = True -notification_smtp_timeout = 30 -``` - -For unauthenticated SMTP, the configuration should look like this: - -``` -# The base URL of the OpenCVE webserver -web_base_url = - -# The SMTP server used to send the email notifications -notification_smtp_host = smtp.example.com -notification_smtp_user = # Do not remove this item but leave it empty -notification_smtp_password = # Do not remove this item but leave it empty +notification_smtp_user = user # Unauthenticated SMTP: Leave empty +notification_smtp_password = password # Unauthenticated SMTP: Leave empty notification_smtp_mail_from = john@example.com -notification_smtp_port = 25 -notification_smtp_use_tls = False +notification_smtp_port = 587 # Unauthenticated SMTP: Set to 25 (or custom port if necessary) +notification_smtp_use_tls = True # Unauthenticated SMTP: Set to False notification_smtp_start_tls = False -notification_smtp_validate_certs = False +notification_smtp_validate_certs = True # Unauthenticated SMTP: Set to False notification_smtp_timeout = 30 ```