fix(email): correct SMTP TLS/STARTTLS configuration for Gmail

Backend changes: - Use 'else if' to prevent activating both TLS and STARTTLS simultaneously - Add StartTLSPolicy = MandatoryStartTLS for proper STARTTLS enforcement - Add comments explaining TLS modes (implicit SSL vs explicit STARTTLS) Install script changes: - Auto-detect TLS configuration based on port number - Port 465 → TLS=true, STARTTLS=false (implicit SSL) - Port 587 → TLS=false, STARTTLS=true (explicit TLS/STARTTLS) - Non-standard ports → manual configuration with clear prompts This fixes timeout errors when sending emails via Gmail SMTP (port 587) which requires STARTTLS, not direct TLS connection.
2026-02-09 23:38:30 -06:00 · 2025-11-06 00:05:16 +01:00
parent d3f7aa4853
commit 2dd7d8686c
2 changed files with 22 additions and 9 deletions
--- a/backend/internal/infrastructure/email/sender.go
+++ b/backend/internal/infrastructure/email/sender.go
@@ -92,12 +92,14 @@ func (s *SMTPSender) Send(ctx context.Context, msg Message) error {

 	d := mail.NewDialer(s.config.Host, s.config.Port, s.config.Username, s.config.Password)

+	// Configure TLS: either SSL (port 465) or STARTTLS (port 587), not both
 	if s.config.TLS {
+		// Implicit TLS/SSL (typically port 465)
 		d.SSL = true
-	}
-
-	if s.config.StartTLS {
+	} else if s.config.StartTLS {
+		// Explicit TLS via STARTTLS (typically port 587)
 		d.TLSConfig = &tls.Config{ServerName: s.config.Host}
+		d.StartTLSPolicy = mail.MandatoryStartTLS
 	}

 	d.Timeout = timeout
--- a/install/install.sh
+++ b/install/install.sh
@@ -251,16 +251,27 @@ if prompt_yes_no "Enable SMTP for email notifications and MagicLink?" "y"; then
    MAIL_FROM_NAME=$(prompt_input "From Name" "$APP_ORGANISATION")

    echo ""
-    if prompt_yes_no "Use TLS?" "y"; then
+    # Auto-configure TLS based on port
+    if [ "$MAIL_PORT" = "465" ]; then
+        print_info "Port 465 detected - using TLS (implicit SSL)"
        MAIL_TLS="true"
-    else
+        MAIL_STARTTLS="false"
+    elif [ "$MAIL_PORT" = "587" ]; then
+        print_info "Port 587 detected - using STARTTLS (explicit TLS)"
        MAIL_TLS="false"
-    fi
-
-    if prompt_yes_no "Use STARTTLS?" "y"; then
        MAIL_STARTTLS="true"
    else
-        MAIL_STARTTLS="false"
+        print_warning "Non-standard port detected, please configure TLS manually"
+        if prompt_yes_no "Use TLS (implicit SSL, typically port 465)?" "n"; then
+            MAIL_TLS="true"
+            MAIL_STARTTLS="false"
+        elif prompt_yes_no "Use STARTTLS (explicit TLS, typically port 587)?" "y"; then
+            MAIL_TLS="false"
+            MAIL_STARTTLS="true"
+        else
+            MAIL_TLS="false"
+            MAIL_STARTTLS="false"
+        fi
    fi

    print_success "SMTP configuration completed"