Skip to content

fix: set NoStartTLS when disable_startttls=true #4516

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Flgado wants to merge 2 commits into
base: master
Choose a base branch
from
+8 −2
Open

fix: set NoStartTLS when disable_startttls=true #4516

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3d15539
Set NoStartTLS when disable_startttls=true
Flgado Dec 31, 2025
57a493d
Change unit test
Flgado Dec 31, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions courier/smtp.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,12 @@ func NewSMTPClient(deps Dependencies, cfg *config.SMTPConfig) (*SMTPClient, erro
dialer.TLSConfig = tlsConfig
// Enforcing StartTLS
dialer.StartTLSPolicy = gomail.MandatoryStartTLS
} else {
// Set NoStartTLS to completely disable TLS negotiation when disable_starttls=true.
// This is required for development environments and SMTP servers that don't support TLS.
// Without this, the default OpportunisticStartTLS would still attempt TLS if the server
// advertises STARTTLS capability
dialer.StartTLSPolicy = gomail.NoStartTLS
}
case "smtps":
dialer.TLSConfig = tlsConfig
Expand Down
4 changes: 2 additions & 2 deletions courier/smtp_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,9 +71,9 @@ func TestNewSMTP(t *testing.T) {
smtp = setupSMTPClient("smtps://foo:bar@my-server:1234/")
assert.Equal(t, smtp.SSL, true, "Implicit TLS should be enabled")

// Should allow cleartext => dialer.StartTLSPolicy = gomail.OpportunisticStartTLS and dialer.SSL = false
// Should disable StartTLS completely => dialer.StartTLSPolicy = gomail.NoStartTLS and dialer.SSL = false
smtp = setupSMTPClient("smtp://foo:bar@my-server:1234/?disable_starttls=true")
assert.Equal(t, smtp.StartTLSPolicy, gomail.OpportunisticStartTLS, "StartTLS is enforced")
assert.Equal(t, int(smtp.StartTLSPolicy), int(gomail.NoStartTLS), "StartTLS should be completely disabled")
assert.Equal(t, smtp.SSL, false, "Implicit TLS should not be enabled")

// Test cert based SMTP client auth
Expand Down
Loading