From 3d155398ba85fc4be39fc8e38b61a60b134f93ac Mon Sep 17 00:00:00 2001 From: "joao.folgado" Date: Wed, 31 Dec 2025 00:08:09 +0000 Subject: [PATCH 1/2] Set NoStartTLS when disable_startttls=true --- courier/smtp.go | 6 ++++++ courier/smtp_test.go | 4 ++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/courier/smtp.go b/courier/smtp.go index 8b5a1170c71e..f7254f7b7054 100644 --- a/courier/smtp.go +++ b/courier/smtp.go @@ -85,6 +85,12 @@ func NewSMTPClient(deps Dependencies, cfg *config.SMTPConfig) (*SMTPClient, erro dialer.TLSConfig = tlsConfig // Enforcing StartTLS dialer.StartTLSPolicy = gomail.MandatoryStartTLS + } else { + // Set NoStartTLS to completely disable TLS negotiation when disable_starttls=true. + // This is required for development environments and SMTP servers that don't support TLS. + // Without this, the default OpportunisticStartTLS would still attempt TLS if the server + // advertises STARTTLS capability + dialer.StartTLSPolicy = gomail.NoStartTLS } case "smtps": dialer.TLSConfig = tlsConfig diff --git a/courier/smtp_test.go b/courier/smtp_test.go index 5c94e4d7dd7b..115015cbcdc9 100644 --- a/courier/smtp_test.go +++ b/courier/smtp_test.go @@ -71,9 +71,9 @@ func TestNewSMTP(t *testing.T) { smtp = setupSMTPClient("smtps://foo:bar@my-server:1234/") assert.Equal(t, smtp.SSL, true, "Implicit TLS should be enabled") - // Should allow cleartext => dialer.StartTLSPolicy = gomail.OpportunisticStartTLS and dialer.SSL = false + // Should disable StartTLS completely => dialer.StartTLSPolicy = gomail.NoStartTLS and dialer.SSL = false smtp = setupSMTPClient("smtp://foo:bar@my-server:1234/?disable_starttls=true") - assert.Equal(t, smtp.StartTLSPolicy, gomail.OpportunisticStartTLS, "StartTLS is enforced") + assert.Equal(t, smtp.StartTLSPolicy, gomail.NoStartTLS, "StartTLS should be completely disabled") assert.Equal(t, smtp.SSL, false, "Implicit TLS should not be enabled") // Test cert based SMTP client auth From 57a493db06fbad4d1bf94df457401c7694b8c512 Mon Sep 17 00:00:00 2001 From: "joao.folgado" Date: Wed, 31 Dec 2025 01:52:45 +0000 Subject: [PATCH 2/2] Change unit test --- courier/smtp_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/courier/smtp_test.go b/courier/smtp_test.go index 115015cbcdc9..bad4687b41e1 100644 --- a/courier/smtp_test.go +++ b/courier/smtp_test.go @@ -73,7 +73,7 @@ func TestNewSMTP(t *testing.T) { // Should disable StartTLS completely => dialer.StartTLSPolicy = gomail.NoStartTLS and dialer.SSL = false smtp = setupSMTPClient("smtp://foo:bar@my-server:1234/?disable_starttls=true") - assert.Equal(t, smtp.StartTLSPolicy, gomail.NoStartTLS, "StartTLS should be completely disabled") + assert.Equal(t, int(smtp.StartTLSPolicy), int(gomail.NoStartTLS), "StartTLS should be completely disabled") assert.Equal(t, smtp.SSL, false, "Implicit TLS should not be enabled") // Test cert based SMTP client auth