From 5c30d2dfccfdf39045436c984b68104ff9eab136 Mon Sep 17 00:00:00 2001
From: Jeff Emmett <jeffemmett@gmail.com>
Date: Wed, 18 Feb 2026 03:36:28 -0700
Subject: [PATCH] fix: add TLS rejectUnauthorized:false for Mailcow self-signed
 cert

Nodemailer rejects self-signed certificates by default, causing
STARTTLS handshake failures with Mailcow Postfix. Added tls option
to both waitlist and application SMTP transports.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 api/application.js | 1 +
 api/waitlist-db.js | 1 +
 2 files changed, 2 insertions(+)

diff --git a/api/application.js b/api/application.js
index f2e3f61..2fdf762 100644
--- a/api/application.js
+++ b/api/application.js
@@ -19,6 +19,7 @@ const smtp = nodemailer.createTransport({
     user: process.env.SMTP_USER || 'noreply@jeffemmett.com',
     pass: process.env.SMTP_PASS || '',
   },
+  tls: { rejectUnauthorized: false },
 });
 
 // Email templates
diff --git a/api/waitlist-db.js b/api/waitlist-db.js
index c1bdfeb..fbb6043 100644
--- a/api/waitlist-db.js
+++ b/api/waitlist-db.js
@@ -19,6 +19,7 @@ const smtp = nodemailer.createTransport({
     user: process.env.SMTP_USER || 'noreply@jeffemmett.com',
     pass: process.env.SMTP_PASS || '',
   },
+  tls: { rejectUnauthorized: false },
 });
 
 const welcomeEmail = (signup) => ({