From f9c9930a3a4fceb0174954aa674c8e850edb76c5 Mon Sep 17 00:00:00 2001
From: Dharun Ashokkumar <dharuna457@gmail.com>
Date: Mon, 19 Jan 2026 23:57:43 +0530
Subject: [PATCH] chore: add security warning when STARTTLS is disabled

---
 server/notification-providers/smtp.js | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/server/notification-providers/smtp.js b/server/notification-providers/smtp.js
index b1d409948..41e518f66 100644
--- a/server/notification-providers/smtp.js
+++ b/server/notification-providers/smtp.js
@@ -1,5 +1,6 @@
 const nodemailer = require("nodemailer");
 const NotificationProvider = require("./notification-provider");
+const { log } = require("../../src/util");
 
 class SMTP extends NotificationProvider {
     name = "smtp";
@@ -25,6 +26,7 @@ class SMTP extends NotificationProvider {
         } else if (notification.smtpIgnoreSTARTTLS) {
             // Disable STARTTLS completely for servers that don't support it
             // Connection will remain unencrypted
+            log.warn("notification", `SMTP notification using unencrypted connection (STARTTLS disabled) to ${notification.smtpHost}:${notification.smtpPort}`);
             config.ignoreTLS = true;
         } else {
             // Allow STARTTLS (default behavior for ports 25, 587)