From 988b10fd65d328d180bdadb3153c7775c6bfd4a1 Mon Sep 17 00:00:00 2001 From: Jeff Emmett Date: Tue, 7 Apr 2026 23:01:07 -0400 Subject: [PATCH] fix(encryptid): use port 25 without auth for internal Mailcow SMTP SMTP auth (port 587) credentials are stale, causing 535 auth failures on startup. Detect internal mailcow/postfix hosts and connect on port 25 without auth, matching the pattern already used in server/spaces.ts. Co-Authored-By: Claude Opus 4.6 --- src/encryptid/server.ts | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/src/encryptid/server.ts b/src/encryptid/server.ts index 096de10..a8ec91e 100644 --- a/src/encryptid/server.ts +++ b/src/encryptid/server.ts @@ -213,17 +213,17 @@ const CONFIG = { let smtpTransport: Transporter | null = null; -if (CONFIG.smtp.pass) { +const isInternalSmtp = CONFIG.smtp.host.includes('mailcow') || CONFIG.smtp.host.includes('postfix'); +if (CONFIG.smtp.pass || isInternalSmtp) { smtpTransport = createTransport({ host: CONFIG.smtp.host, - port: CONFIG.smtp.port, - secure: CONFIG.smtp.port === 465, - auth: { - user: CONFIG.smtp.user, - pass: CONFIG.smtp.pass, - }, + port: isInternalSmtp ? 25 : CONFIG.smtp.port, + secure: !isInternalSmtp && CONFIG.smtp.port === 465, + ...(isInternalSmtp ? {} : { + auth: { user: CONFIG.smtp.user, pass: CONFIG.smtp.pass }, + }), tls: { - rejectUnauthorized: false, // Internal Mailcow uses self-signed cert + rejectUnauthorized: false, }, }); @@ -232,11 +232,11 @@ if (CONFIG.smtp.pass) { console.log('EncryptID: SMTP connected to', CONFIG.smtp.host); }).catch((err) => { console.error('EncryptID: SMTP connection failed —', err.message); - console.error('EncryptID: Email recovery will not work until SMTP is configured'); + console.error('EncryptID: Email delivery will not work until SMTP is configured'); smtpTransport = null; }); } else { - console.warn('EncryptID: SMTP_PASS not set — email recovery disabled (tokens logged to console)'); + console.warn('EncryptID: SMTP not configured — email delivery disabled'); } async function sendRecoveryEmail(to: string, token: string, username: string): Promise {