From f313d9395d62f5d845360941221e25beae742225 Mon Sep 17 00:00:00 2001
From: Jeff Emmett <jeff@jeffemmett.com>
Date: Fri, 20 Feb 2026 22:41:46 +0000
Subject: [PATCH] fix(encryptid): allow self-signed TLS for internal SMTP

Mailcow at mail.rmail.online uses a self-signed certificate.
Set tls.rejectUnauthorized: false for the SMTP transport.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 src/encryptid/server.ts | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/encryptid/server.ts b/src/encryptid/server.ts
index 9ca5b99..b288c0b 100644
--- a/src/encryptid/server.ts
+++ b/src/encryptid/server.ts
@@ -126,6 +126,9 @@ if (CONFIG.smtp.pass) {
       user: CONFIG.smtp.user,
       pass: CONFIG.smtp.pass,
     },
+    tls: {
+      rejectUnauthorized: false,  // Internal Mailcow uses self-signed cert
+    },
   });
 
   // Verify connection on startup