feat(SMTP): disallow unencrypted SMTP with credentials

2026-06-01 23:18:45 +02:00
parent b923f3bdb0
commit afd399b84f
1 changed files with 13 additions and 0 deletions
@@ -10,6 +10,7 @@ use poem::middleware::{AddDataEndpoint, Cors, CorsEndpoint};
 use poem::{EndpointExt, Route};
 use poem_openapi::OpenApiService;

+use crate::settings::Starttls;
 use crate::{
    middleware::rate_limit::{RateLimit, RateLimitConfig},
    route::Api,
@@ -93,6 +94,7 @@ impl From<Application> for RunnableApplication {

 impl Application {
    fn setup_app(settings: &Settings) -> poem::Route {
+        Self::prevent_unencrypted_smtp_with_credentials(settings);
        let api_service = OpenApiService::new(
            Api::from(settings).apis(),
            settings.application.clone().name,
@@ -109,6 +111,17 @@ impl Application {
        route
    }

+    fn prevent_unencrypted_smtp_with_credentials(settings: &Settings) {
+        if !settings.email.tls
+            && settings.email.starttls == Starttls::Never
+            && !settings.email.user.is_empty()
+            && settings.email.host != "localhost"
+            && settings.email.host != "127.0.0.1"
+        {
+            panic!("Refusing to send SMTP credentials over cleartext to non-local host");
+        }
+    }
+
    fn setup_server(
        settings: &Settings,
        tcp_listener: Option<poem::listener::TcpListener<String>>,