RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
authelia/docs/configuration/notifier/smtp.md

118 lines
4.5 KiB
Markdown
Raw Normal View History

[DOCS] Bootstrap new documentation website based on just-the-docs (#659)
2020-02-29 00:43:59 +00:00
---
layout: default
title: SMTP
parent: Notifier
grand_parent: Configuration
nav_order: 2
---
# SMTP
**Authelia** can send emails to users through an SMTP server.
It can be configured as described below.
```yaml
[FEATURE] Customizable Email Subject (#830) * [FEATURE] Customizable Email Subject * allow users to optionally change email subject * this is so they can more easily communicate the source of the email * Update docs/configuration/notifier/smtp.md Co-Authored-By: Amir Zarrinkafsh <nightah@me.com> Co-authored-by: Clément Michaud <clement.michaud34@gmail.com> Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-04-09 00:21:28 +00:00
# Configuration of the notification system.
#
# Notifications are sent to users when they require a password reset, a u2f
# registration or a TOTP registration.
[FEATURE] Notifier Startup Checks (#889) * implement SMTP notifier startup check * check dial, starttls, auth, mail from, rcpt to, reset, and quit * log the error on failure * implement mock * misc optimizations, adjustments, and refactoring * implement validate_skip config option * fix comments to end with period * fix suites that used smtp notifier without a smtp container * add docs * add file notifier startup check * move file mode into const.go * disable gosec linting on insecureskipverify since it's intended, warned, and discouraged * minor PR commentary adjustment * apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
2020-04-21 04:59:38 +00:00
# Use only an available configuration: filesystem, smtp.
[DOCS] Bootstrap new documentation website based on just-the-docs (#659)
2020-02-29 00:43:59 +00:00
notifier:
[FEATURE] Notifier Startup Checks (#889) * implement SMTP notifier startup check * check dial, starttls, auth, mail from, rcpt to, reset, and quit * log the error on failure * implement mock * misc optimizations, adjustments, and refactoring * implement validate_skip config option * fix comments to end with period * fix suites that used smtp notifier without a smtp container * add docs * add file notifier startup check * move file mode into const.go * disable gosec linting on insecureskipverify since it's intended, warned, and discouraged * minor PR commentary adjustment * apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
2020-04-21 04:59:38 +00:00
# You can disable the notifier startup check by setting this to true.
disable_startup_check: false
[FEATURE] Plain Text Email Notifications (#1238) * add a plain text email template * use plain text email template for file based emails * add config option to SMTP emails named disable_html_emails * config option is a boolean that when set to true will only send plain text emails * add docs for more complex SMTP notifier options * update template * add rfc1341 multipart logic to notifier * check for errors after identity_verification * * fix nil ptr * go mod tidy * remove needless checks * * use multipart/atlernative instead * * add rfc5322 compliant date header * * fix linting issues
2020-08-21 02:16:23 +00:00
# For testing purpose, notifications can be sent in a file
[FEATURE] Customizable Email Subject (#830) * [FEATURE] Customizable Email Subject * allow users to optionally change email subject * this is so they can more easily communicate the source of the email * Update docs/configuration/notifier/smtp.md Co-Authored-By: Amir Zarrinkafsh <nightah@me.com> Co-authored-by: Clément Michaud <clement.michaud34@gmail.com> Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-04-09 00:21:28 +00:00
## filesystem:
[FEATURE] Docker simplification and configuration generation (#1113) * [FEATURE] Docker simplification and configuration generation The Authelia binary now will attempt to generate configuration based on the latest template assuming that the config location specified on startup does not exist. If a file based backend is selected and the backend cannot be found similarly it will generate a `user_database.yml` based a template. This will allow more seamless bootstrapping of an environment no matter the deployment method. We have also squashed the Docker volume requirement down to just `/config` thus removing the requirement for `/var/lib/authelia` this is primarily in attempts to simplify the Docker deployment. Users with the old volume mappings have two options: 1. Change their mappings to conform to `/config` 2. Change the container entrypoint from `authelia --config /config/configuration.yml` to their old mapping * Adjust paths relative to `/etc/authelia` and simplify to single volume for compose * Add generation for file backend based user database * Refactor Docker volumes and paths to /config * Refactor Docker WORKDIR to /app * Fix integration tests * Update BREAKING.md for v4.20.0 * Run go mod tidy * Fix log_file_path in miscellaneous.md docs * Generate config and userdb with 0600 permissions * Fix log_file_path in config.template.yml
2020-06-17 06:25:35 +00:00
## filename: /config/notification.txt
[FEATURE] Customizable Email Subject (#830) * [FEATURE] Customizable Email Subject * allow users to optionally change email subject * this is so they can more easily communicate the source of the email * Update docs/configuration/notifier/smtp.md Co-Authored-By: Amir Zarrinkafsh <nightah@me.com> Co-authored-by: Clément Michaud <clement.michaud34@gmail.com> Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-04-09 00:21:28 +00:00
[DOCS] Bootstrap new documentation website based on just-the-docs (#659)
2020-02-29 00:43:59 +00:00
# Use a SMTP server for sending notifications. Authelia uses PLAIN or LOGIN method to authenticate.
# [Security] By default Authelia will:
# - force all SMTP connections over TLS including unauthenticated connections
# - use the disable_require_tls boolean value to disable this requirement (only works for unauthenticated connections)
[FEATURE] Enhance LDAP/SMTP TLS Configuration and Unify Them (#1557) * add new directive in the global scope `certificates_directory` which is used to bulk load certs and trust them in Authelia * this is in ADDITION to system certs and are trusted by both LDAP and SMTP * added a shared TLSConfig struct to be used by both SMTP and LDAP, and anything else in the future that requires tuning the TLS * remove usage of deprecated LDAP funcs Dial and DialTLS in favor of DialURL which is also easier to use * use the server name from LDAP URL or SMTP host when validating the certificate unless otherwise defined in the TLS section * added temporary translations from the old names to the new ones for all deprecated options * added docs * updated example configuration * final deprecations to be done in 4.28.0 * doc updates * fix misc linting issues * uniform deprecation notices for ease of final removal * added additional tests covering previously uncovered areas and the new configuration options * add non-fatal to certificate loading when system certs could not be loaded * adjust timeout of Suite ShortTimeouts * add warnings pusher for the StructValidator * make the schema suites uninform * utilize the warnings in the StructValidator * fix test suite usage for skip_verify * extract LDAP filter parsing into it's own function to make it possible to test * test LDAP filter parsing * update ErrorContainer interface * add tests to the StructValidator * add NewTLSConfig test * move baseDN for users/groups into parsed values * add tests to cover many of the outstanding areas in LDAP * add explicit deferred LDAP conn close to UpdatePassword * add some basic testing to SMTP notifier * suggestions from code review
2021-01-04 10:28:55 +00:00
# - validate the SMTP server x509 certificate during the TLS handshake against the hosts trusted certificates (configure in tls section)
[DOCS] Bootstrap new documentation website based on just-the-docs (#659)
2020-02-29 00:43:59 +00:00
smtp:
username: test
[FEATURE] File Secrets (#896) * [FEATURE] File Secret Loading * add a validator for secrets * run the secrets validator before the main config validator * only allow a secret to be defined in one of: config, env, file env * remove LF if found in file * update configuration before main config validation * fix unit tests * implement secret testing * refactor the secrets validator * make check os agnostic * update docs * add warning when user attempts to use ENV instead of ENV file * discourage ENV in docs * update config template * oxford comma * apply suggestions from code review * rename Validate to ValidateConfiguration * add k8s example * add deprecation notice in docs and warning * style changes
2020-04-23 01:11:32 +00:00
# Password can also be set using a secret: https://docs.authelia.com/configuration/secrets.html
[DOCS] Bootstrap new documentation website based on just-the-docs (#659)
2020-02-29 00:43:59 +00:00
password: password
host: 127.0.0.1
port: 1025
sender: admin@example.com
[BUGFIX] Add ability to specify SMTP HELO/EHLO identifier (#1416) * add docs * add configuration option for SMTP called `identifier` * default should act the same as before
2020-11-04 23:22:10 +00:00
# HELO/EHLO Identifier. Some SMTP Servers may reject the default of localhost.
identifier: localhost
[FEATURE] Customizable Email Subject (#830) * [FEATURE] Customizable Email Subject * allow users to optionally change email subject * this is so they can more easily communicate the source of the email * Update docs/configuration/notifier/smtp.md Co-Authored-By: Amir Zarrinkafsh <nightah@me.com> Co-authored-by: Clément Michaud <clement.michaud34@gmail.com> Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-04-09 00:21:28 +00:00
# Subject configuration of the emails sent.
# {title} is replaced by the text from the notifier
subject: "[Authelia] {title}"
[FEATURE] Notifier Startup Checks (#889) * implement SMTP notifier startup check * check dial, starttls, auth, mail from, rcpt to, reset, and quit * log the error on failure * implement mock * misc optimizations, adjustments, and refactoring * implement validate_skip config option * fix comments to end with period * fix suites that used smtp notifier without a smtp container * add docs * add file notifier startup check * move file mode into const.go * disable gosec linting on insecureskipverify since it's intended, warned, and discouraged * minor PR commentary adjustment * apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
2020-04-21 04:59:38 +00:00
# This address is used during the startup check to verify the email configuration is correct. It's not important what it is except if your email server only allows local delivery.
[FEATURE] Plain Text Email Notifications (#1238) * add a plain text email template * use plain text email template for file based emails * add config option to SMTP emails named disable_html_emails * config option is a boolean that when set to true will only send plain text emails * add docs for more complex SMTP notifier options * update template * add rfc1341 multipart logic to notifier * check for errors after identity_verification * * fix nil ptr * go mod tidy * remove needless checks * * use multipart/atlernative instead * * add rfc5322 compliant date header * * fix linting issues
2020-08-21 02:16:23 +00:00
startup_check_address: test@authelia.com
disable_require_tls: false
disable_html_emails: false
[FEATURE] Enhance LDAP/SMTP TLS Configuration and Unify Them (#1557) * add new directive in the global scope `certificates_directory` which is used to bulk load certs and trust them in Authelia * this is in ADDITION to system certs and are trusted by both LDAP and SMTP * added a shared TLSConfig struct to be used by both SMTP and LDAP, and anything else in the future that requires tuning the TLS * remove usage of deprecated LDAP funcs Dial and DialTLS in favor of DialURL which is also easier to use * use the server name from LDAP URL or SMTP host when validating the certificate unless otherwise defined in the TLS section * added temporary translations from the old names to the new ones for all deprecated options * added docs * updated example configuration * final deprecations to be done in 4.28.0 * doc updates * fix misc linting issues * uniform deprecation notices for ease of final removal * added additional tests covering previously uncovered areas and the new configuration options * add non-fatal to certificate loading when system certs could not be loaded * adjust timeout of Suite ShortTimeouts * add warnings pusher for the StructValidator * make the schema suites uninform * utilize the warnings in the StructValidator * fix test suite usage for skip_verify * extract LDAP filter parsing into it's own function to make it possible to test * test LDAP filter parsing * update ErrorContainer interface * add tests to the StructValidator * add NewTLSConfig test * move baseDN for users/groups into parsed values * add tests to cover many of the outstanding areas in LDAP * add explicit deferred LDAP conn close to UpdatePassword * add some basic testing to SMTP notifier * suggestions from code review
2021-01-04 10:28:55 +00:00
tls:
# Server Name for certificate validation (in case you are using the IP or non-FQDN in the host option).
# server_name: smtp.example.com
# Skip verifying the server certificate (to allow a self-signed certificate).
skip_verify: false
# Minimum TLS version for either StartTLS or SMTPS.
minimum_version: TLS1.2
# Sending an email using a Gmail account is as simple as the next section.
# You need to create an app password by following: https://support.google.com/accounts/answer/185833?hl=en
## smtp:
## username: myaccount@gmail.com
## # Password can also be set using a secret: https://docs.authelia.com/configuration/secrets.html
## password: yourapppassword
## sender: admin@example.com
## host: smtp.gmail.com
## port: 587
[DOCS] Bootstrap new documentation website based on just-the-docs (#659)
2020-02-29 00:43:59 +00:00
```
[FEATURE] Plain Text Email Notifications (#1238) * add a plain text email template * use plain text email template for file based emails * add config option to SMTP emails named disable_html_emails * config option is a boolean that when set to true will only send plain text emails * add docs for more complex SMTP notifier options * update template * add rfc1341 multipart logic to notifier * check for errors after identity_verification * * fix nil ptr * go mod tidy * remove needless checks * * use multipart/atlernative instead * * add rfc5322 compliant date header * * fix linting issues
2020-08-21 02:16:23 +00:00
## Configuration options
Most configuration options are self-explanatory, however here is an explanation of the ones that may not
be as obvious.
[DOCS] Add notes for IPv6 literal address (#1541)
2020-12-16 00:31:39 +00:00
### host
[DOCS] Fix typo in IPv6 address notes (#1566)
2020-12-29 19:33:57 +00:00
If utilising an IPv6 literal address it must be enclosed by square brackets and quoted:
[FEATURE] Enhance LDAP/SMTP TLS Configuration and Unify Them (#1557) * add new directive in the global scope `certificates_directory` which is used to bulk load certs and trust them in Authelia * this is in ADDITION to system certs and are trusted by both LDAP and SMTP * added a shared TLSConfig struct to be used by both SMTP and LDAP, and anything else in the future that requires tuning the TLS * remove usage of deprecated LDAP funcs Dial and DialTLS in favor of DialURL which is also easier to use * use the server name from LDAP URL or SMTP host when validating the certificate unless otherwise defined in the TLS section * added temporary translations from the old names to the new ones for all deprecated options * added docs * updated example configuration * final deprecations to be done in 4.28.0 * doc updates * fix misc linting issues * uniform deprecation notices for ease of final removal * added additional tests covering previously uncovered areas and the new configuration options * add non-fatal to certificate loading when system certs could not be loaded * adjust timeout of Suite ShortTimeouts * add warnings pusher for the StructValidator * make the schema suites uninform * utilize the warnings in the StructValidator * fix test suite usage for skip_verify * extract LDAP filter parsing into it's own function to make it possible to test * test LDAP filter parsing * update ErrorContainer interface * add tests to the StructValidator * add NewTLSConfig test * move baseDN for users/groups into parsed values * add tests to cover many of the outstanding areas in LDAP * add explicit deferred LDAP conn close to UpdatePassword * add some basic testing to SMTP notifier * suggestions from code review
2021-01-04 10:28:55 +00:00
[DOCS] Add notes for IPv6 literal address (#1541)
2020-12-16 00:31:39 +00:00
```yaml
host: "[fd00:1111:2222:3333::1]"
```
[BUGFIX] Add ability to specify SMTP HELO/EHLO identifier (#1416) * add docs * add configuration option for SMTP called `identifier` * default should act the same as before
2020-11-04 23:22:10 +00:00
### identifier
The name to send to the SMTP server as the identifier with the HELO/EHLO command. Some SMTP providers like Google Mail
reject the message if it's localhost.
[FEATURE] Plain Text Email Notifications (#1238) * add a plain text email template * use plain text email template for file based emails * add config option to SMTP emails named disable_html_emails * config option is a boolean that when set to true will only send plain text emails * add docs for more complex SMTP notifier options * update template * add rfc1341 multipart logic to notifier * check for errors after identity_verification * * fix nil ptr * go mod tidy * remove needless checks * * use multipart/atlernative instead * * add rfc5322 compliant date header * * fix linting issues
2020-08-21 02:16:23 +00:00
### subject
This is the subject Authelia will use in the email, it has a single placeholder at present `{title}` which should
be included in all emails as it is the internal descriptor for the contents of the email.
### disable_require_tls
For security reasons the default settings for Authelia require the SMTP connection is encrypted by TLS. See [security] for
more information. This option disables this measure (not recommended).
### disable_html_emails
This option forces Authelia to only send plain text email via the notifier. This is the default for the file based
notifier, but some users may wish to use plain text for security reasons.
[FEATURE] Enhance LDAP/SMTP TLS Configuration and Unify Them (#1557) * add new directive in the global scope `certificates_directory` which is used to bulk load certs and trust them in Authelia * this is in ADDITION to system certs and are trusted by both LDAP and SMTP * added a shared TLSConfig struct to be used by both SMTP and LDAP, and anything else in the future that requires tuning the TLS * remove usage of deprecated LDAP funcs Dial and DialTLS in favor of DialURL which is also easier to use * use the server name from LDAP URL or SMTP host when validating the certificate unless otherwise defined in the TLS section * added temporary translations from the old names to the new ones for all deprecated options * added docs * updated example configuration * final deprecations to be done in 4.28.0 * doc updates * fix misc linting issues * uniform deprecation notices for ease of final removal * added additional tests covering previously uncovered areas and the new configuration options * add non-fatal to certificate loading when system certs could not be loaded * adjust timeout of Suite ShortTimeouts * add warnings pusher for the StructValidator * make the schema suites uninform * utilize the warnings in the StructValidator * fix test suite usage for skip_verify * extract LDAP filter parsing into it's own function to make it possible to test * test LDAP filter parsing * update ErrorContainer interface * add tests to the StructValidator * add NewTLSConfig test * move baseDN for users/groups into parsed values * add tests to cover many of the outstanding areas in LDAP * add explicit deferred LDAP conn close to UpdatePassword * add some basic testing to SMTP notifier * suggestions from code review
2021-01-04 10:28:55 +00:00
### TLS (section)
The key `tls` is a map of options for tuning TLS options. You can see how to configure the tls section [here](../index.md#tls-configuration).
[FEATURE] Plain Text Email Notifications (#1238) * add a plain text email template * use plain text email template for file based emails * add config option to SMTP emails named disable_html_emails * config option is a boolean that when set to true will only send plain text emails * add docs for more complex SMTP notifier options * update template * add rfc1341 multipart logic to notifier * check for errors after identity_verification * * fix nil ptr * go mod tidy * remove needless checks * * use multipart/atlernative instead * * add rfc5322 compliant date header * * fix linting issues
2020-08-21 02:16:23 +00:00
[BUGFIX] Add jekyll dependency in Gemfile. (#660) * [BUGFIX] Add jekyll dependency in Gemfile. * [Buildkite] Optimise documentation sync step * [DOC] Fix merge conflict for index.md * [DOC] Fix formatting issues
2020-02-29 05:15:03 +00:00
## Using Gmail
[DOCS] Bootstrap new documentation website based on just-the-docs (#659)
2020-02-29 00:43:59 +00:00
You need to generate an app password in order to use Gmail SMTP servers. The process is
described [here](https://support.google.com/accounts/answer/185833?hl=en)
```yaml
notifier:
[DOCS] Adjust yaml snippets and misc adjustments (#855) * [DOCS] Adjust yaml snippets * use two spaces * use yaml syntax highlighting * other misc uniformity changes * fix misc grammar * add responsible disclosure link Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
2020-04-11 04:46:07 +00:00
smtp:
username: myaccount@gmail.com
[FEATURE] File Secrets (#896) * [FEATURE] File Secret Loading * add a validator for secrets * run the secrets validator before the main config validator * only allow a secret to be defined in one of: config, env, file env * remove LF if found in file * update configuration before main config validation * fix unit tests * implement secret testing * refactor the secrets validator * make check os agnostic * update docs * add warning when user attempts to use ENV instead of ENV file * discourage ENV in docs * update config template * oxford comma * apply suggestions from code review * rename Validate to ValidateConfiguration * add k8s example * add deprecation notice in docs and warning * style changes
2020-04-23 01:11:32 +00:00
# Password can also be set using a secret: https://docs.authelia.com/configuration/secrets.html
[DOCS] Adjust yaml snippets and misc adjustments (#855) * [DOCS] Adjust yaml snippets * use two spaces * use yaml syntax highlighting * other misc uniformity changes * fix misc grammar * add responsible disclosure link Co-Authored-By: Amir Zarrinkafsh <nightah@me.com>
2020-04-11 04:46:07 +00:00
password: yourapppassword
sender: admin@example.com
host: smtp.gmail.com
port: 587
[FEATURE] Customizable Email Subject (#830) * [FEATURE] Customizable Email Subject * allow users to optionally change email subject * this is so they can more easily communicate the source of the email * Update docs/configuration/notifier/smtp.md Co-Authored-By: Amir Zarrinkafsh <nightah@me.com> Co-authored-by: Clément Michaud <clement.michaud34@gmail.com> Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
2020-04-09 00:21:28 +00:00
```
[FEATURE] File Secrets (#896) * [FEATURE] File Secret Loading * add a validator for secrets * run the secrets validator before the main config validator * only allow a secret to be defined in one of: config, env, file env * remove LF if found in file * update configuration before main config validation * fix unit tests * implement secret testing * refactor the secrets validator * make check os agnostic * update docs * add warning when user attempts to use ENV instead of ENV file * discourage ENV in docs * update config template * oxford comma * apply suggestions from code review * rename Validate to ValidateConfiguration * add k8s example * add deprecation notice in docs and warning * style changes
2020-04-23 01:11:32 +00:00
## Loading a password from a secret instead of inside the configuration
[FEATURE] Plain Text Email Notifications (#1238) * add a plain text email template * use plain text email template for file based emails * add config option to SMTP emails named disable_html_emails * config option is a boolean that when set to true will only send plain text emails * add docs for more complex SMTP notifier options * update template * add rfc1341 multipart logic to notifier * check for errors after identity_verification * * fix nil ptr * go mod tidy * remove needless checks * * use multipart/atlernative instead * * add rfc5322 compliant date header * * fix linting issues
2020-08-21 02:16:23 +00:00
Password can also be defined using a [secret](../secrets.md).
[security]: ../../security/measures.md#notifier-security-measures-smtp