fix: add option to disable STARTTLS for SMTP servers without TLS support (#6770)

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Frank Elsinga <frank@elsinga.de>
2026-01-20 05:02:06 +05:30 · 2026-01-20 05:02:06 +05:30 · b638ae48ef
commit b638ae48ef
parent f8d494a03d
3 changed files with 38 additions and 3 deletions
--- a/server/notification-providers/smtp.js
+++ b/server/notification-providers/smtp.js
@ -1,5 +1,6 @@
 const nodemailer = require("nodemailer");
 const NotificationProvider = require("./notification-provider");
+const { log } = require("../../src/util");

 class SMTP extends NotificationProvider {
    name = "smtp";
@ -14,11 +15,25 @@ class SMTP extends NotificationProvider {
            host: notification.smtpHost,
            port: notification.smtpPort,
            secure: notification.smtpSecure,
-            tls: {
-                rejectUnauthorized: !notification.smtpIgnoreTLSError || false,
-            },
        };

+        // Handle TLS/STARTTLS options
+        if (!notification.smtpSecure && notification.smtpIgnoreSTARTTLS) {
+            // Disable STARTTLS completely for servers that don't support it
+            // Connection will remain unencrypted
+            log.warn(
+                "notification",
+                `SMTP notification using unencrypted connection (STARTTLS disabled) to ${notification.smtpHost}:${notification.smtpPort}`
+            );
+            config.ignoreTLS = true;
+        } else {
+            // SMTPS (implicit TLS on port 465)
+            // or STARTTLS (default behavior for ports 25, 587)
+            config.tls = {
+                rejectUnauthorized: !notification.smtpIgnoreTLSError || false,
+            };
+        }
+
        // Fix #1129
        if (notification.smtpDkimDomain) {
            config.dkim = {
--- a/src/components/notifications/SMTP.vue
+++ b/src/components/notifications/SMTP.vue
@ -56,6 +56,24 @@
            </div>
        </div>

+        <div v-if="!$parent.notification.smtpSecure" class="mb-3">
+            <div class="form-check">
+                <input
+                    id="ignore-starttls"
+                    v-model="$parent.notification.smtpIgnoreSTARTTLS"
+                    class="form-check-input"
+                    type="checkbox"
+                    value=""
+                />
+                <label class="form-check-label" for="ignore-starttls">
+                    {{ $t("Disable STARTTLS") }}
+                </label>
+            </div>
+            <div class="form-text">
+                {{ $t("disableSTARTTLSDescription") }}
+            </div>
+        </div>
+
        <div class="mb-3">
            <label for="username" class="form-label">{{ $t("Username") }}</label>
            <input
--- a/src/lang/en.json
+++ b/src/lang/en.json
@ -585,6 +585,8 @@
    "secureOptionNone": "None / STARTTLS (25, 587)",
    "secureOptionTLS": "TLS (465)",
    "Ignore TLS Error": "Ignore TLS Error",
+    "Disable STARTTLS": "Disable STARTTLS",
+    "disableSTARTTLSDescription": "Enable this option for SMTP servers that do not support STARTTLS. This will send emails over an unencrypted connection.",
    "From Email": "From Email",
    "emailCustomisableContent": "Customisable content",
    "smtpLiquidIntroduction": "The following two fields are templatable via the Liquid templating Language. Please refer to the {0} for usage instructions. These are the available variables:",