go/mailpit
1
0
Fork 0
mirror of https://github.com/axllent/mailpit.git synced 2025-01-28 03:56:50 +02:00
Code Issues Releases Activity

Fix: Enforce SMTP STARTTLS by default if authentication is set

Browse Source
This commit is contained in:
Ralph Slooten 2024-03-17 14:59:14 +13:00
parent 528c35eec6
commit 73446ed6f7
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
config/config.go
View File

@ -273,6 +273,18 @@ func VerifyConfig() error {
if err := auth.SetSMTPAuth(string(b)); err != nil { if err := auth.SetSMTPAuth(string(b)); err != nil {
return err return err
} }
if !SMTPAuthAllowInsecure {
// https://www.rfc-editor.org/rfc/rfc4954
// A server implementation MUST implement a configuration in which
// it does NOT permit any plaintext password mechanisms, unless either
// the STARTTLS [SMTP-TLS] command has been negotiated or some other
// mechanism that protects the session from password snooping has been
// provided. Server sites SHOULD NOT use any configuration which
// permits a plaintext password mechanism without such a protection
// mechanism against password snooping.
SMTPRequireSTARTTLS = true
}
} }
if auth.SMTPCredentials != nil && SMTPAuthAcceptAny { if auth.SMTPCredentials != nil && SMTPAuthAcceptAny {