Improve SMTP config

.env.sample

@@ -1,3 +1,5 @@
+# === Basic Phoenix configuration ===
+
 BASE_URL=http://localhost:4000
 # SAME_SITE_COOKIE=Lax
 # SECURE_COOKIE=false
@@ -6,51 +8,75 @@ DATABASE_URL=postgres://claper:claper@db:5432/claper
 SECRET_KEY_BASE=0LZiQBLw4WvqPlz4cz8RsHJlxNiSqM9B48y4ChyJ5v1oA0L/TPIqRjQNdPZN3iEG # Generate with `mix phx.gen.secret`
 # ⚠️ Don't use this exact value for SECRET_KEY_BASE or someone would be able to sign a cookie with user_id=1 and log in as the admin!
 
-# Storage configuration
+
+# === Storage configuration ===
 
 PRESENTATION_STORAGE=local
 PRESENTATION_STORAGE_DIR=/app/uploads
-#MAX_FILE_SIZE_MB=15
+# MAX_FILE_SIZE_MB=15
+
+# == Standard AWS environment variables
+
+# S3_ACCESS_KEY_ID=xxx
+# S3_SECRET_ACCESS_KEY=xxx
+# S3_REGION=eu-west-3
+# S3_BUCKET=xxx
 
-# The standard AWS environment variables
-#S3_ACCESS_KEY_ID=xxx
-#S3_SECRET_ACCESS_KEY=xxx
-#S3_REGION=eu-west-3
-#S3_BUCKET=xxx
+# == If you're using an alternative S3-compatible service, port optional
 
-# If you're using an alternative S3-compatible service, port optional
-#S3_SCHEME=https://
-#S3_HOST=www.example.com
-#S3_PORT=443
+# S3_SCHEME=https://
+# S3_HOST=www.example.com
+# S3_PORT=443
 
-# If the public S3-compatible URL is different from the one used to write data
-#S3_PUBLIC_URL=https://www.example.com
+# == If the public S3-compatible URL is different from the one used to write data
 
-# Mail configuration
+# S3_PUBLIC_URL=https://www.example.com
 
-MAIL_TRANSPORT=local
+
+# === Mail configuration ===
+
+MAIL_TRANSPORT=local # smtp or postmark, anything else uses the local adapter
 [email protected]
 MAIL_FROM_NAME=Claper
 
-#SMTP_RELAY=xx.example.com
-#[email protected]
-#SMTP_PASSWORD=xxx
-#SMTP_PORT=465
+# == Use the following if MAIL_TRANSPORT=smtp
+
+# SMTP_RELAY=smtp.example.com
+# SMTP_PORT=465
+# SMTP_RETRIES=1
+# SMTP_NO_MX_LOOKUPS=false
+
+# SMTP_AUTH=always # if_available, always or never
+# SMTP_USERNAME=username
+# SMTP_PASSWORD=xxx
+
+# SMTP_SSL=false
+# SMTP_TLS=if_available # if_available, always or never
+# SMTP_SSL_DEPTH=2
+# SMTP_SSL_SERVER=*.example.com
+
+# == Use the following if MAIL_TRANSPORT=postmark
+
+# POSTMARK_API_KEY=xxx
+
+# == Dev mailbox
+
+# ENABLE_MAILBOX_ROUTE=false
+# MAILBOX_USER=admin
+# MAILBOX_PASSWORD=admin
+
 
-#ENABLE_MAILBOX_ROUTE=false
-#MAILBOX_USER=admin
-#MAILBOX_PASSWORD=admin
+# === Claper configuration ===
 
-# Claper configuration
+# ENABLE_ACCOUNT_CREATION=true
+# EMAIL_CONFIRMATION=true
+# ALLOW_UNLINK_EXTERNAL_PROVIDER=false
+# LOGOUT_REDIRECT_URL=https://google.com
+# GS_JPG_RESOLUTION=300x300
+# LANGUAGES=en,fr,es,it,nl,de
 
-#ENABLE_ACCOUNT_CREATION=true
-#EMAIL_CONFIRMATION=true
-#ALLOW_UNLINK_EXTERNAL_PROVIDER=false
-#LOGOUT_REDIRECT_URL=https://google.com
-#GS_JPG_RESOLUTION=300x300
-#LANGUAGES=en,fr,es,it,nl,de
 
-# OIDC configuration
+# === OIDC configuration ===
 
 # OIDC_PROVIDER_NAME="OpenID"
 # OIDC_ISSUER=https://my-idp.example/application/o/claper/

config/runtime.exs

@@ -76,16 +76,6 @@ email_confirmation =
 pool_size = get_int_from_path_or_env(config_dir, "POOL_SIZE", 10)
 queue_target = get_int_from_path_or_env(config_dir, "QUEUE_TARGET", 5_000)
 
-mail_transport = get_var_from_path_or_env(config_dir, "MAIL_TRANSPORT", "local")
-
-smtp_relay = get_var_from_path_or_env(config_dir, "SMTP_RELAY", nil)
-smtp_username = get_var_from_path_or_env(config_dir, "SMTP_USERNAME", nil)
-smtp_password = get_var_from_path_or_env(config_dir, "SMTP_PASSWORD", nil)
-smtp_ssl = get_var_from_path_or_env(config_dir, "SMTP_SSL", "true") |> String.to_existing_atom()
-smtp_tls = get_var_from_path_or_env(config_dir, "SMTP_TLS", "always")
-smtp_auth = get_var_from_path_or_env(config_dir, "SMTP_AUTH", "always")
-smtp_port = get_int_from_path_or_env(config_dir, "SMTP_PORT", 25)
-
 storage = get_var_from_path_or_env(config_dir, "PRESENTATION_STORAGE", "local")
 if storage not in ["local", "s3"], do: raise("Invalid PRESENTATION_STORAGE value #{storage}")
 
@@ -222,26 +212,45 @@ config :claper, ClaperWeb.MailboxGuard,
     get_var_from_path_or_env(config_dir, "ENABLE_MAILBOX_ROUTE", "false")
     |> String.to_existing_atom()
 
-case mail_transport do
+case get_var_from_path_or_env(config_dir, "MAIL_TRANSPORT", "local") do
   "smtp" ->
+    relay = get_var_from_path_or_env(config_dir, "SMTP_RELAY", nil)
+    ssl = get_var_from_path_or_env(config_dir, "SMTP_SSL", "true")
+    depth = get_int_from_path_or_env(config_dir, "SMTP_SSL_DEPTH", 2)
+
+    server =
+      get_var_from_path_or_env(config_dir, "SMTP_SSL_SERVER", relay)
+      |> to_charlist()
+
     config :claper, Claper.Mailer,
-      adapter: Swoosh.Adapters.Mua,
-      relay: smtp_relay,
-      port: smtp_port
-
-    cond do
-      smtp_username && smtp_password ->
-        config :claper, Claper.Mailer, auth: [username: smtp_username, password: smtp_password]
-
-      smtp_username || smtp_password ->
-        raise ArgumentError, """
-        Both SMTP_USERNAME and SMTP_PASSWORD must be set for SMTP authentication.
-        Please provide values for both environment variables.
-        """
-
-      true ->
-        nil
-    end
+      adapter: Swoosh.Adapters.SMTP,
+      relay: relay,
+      port: get_int_from_path_or_env(config_dir, "SMTP_PORT", 465),
+      auth: get_var_from_path_or_env(config_dir, "SMTP_AUTH", "always"),
+      username: get_var_from_path_or_env(config_dir, "SMTP_USERNAME", ""),
+      password: get_var_from_path_or_env(config_dir, "SMTP_PASSWORD", ""),
+      retries: get_int_from_path_or_env(config_dir, "SMTP_RETRIES", 1),
+      no_mx_lookups: get_var_from_path_or_env(config_dir, "SMTP_NO_MX_LOOKUPS", "false"),
+      ssl: ssl,
+      sockopts:
+        if(ssl == "true",
+          do: [
+            versions: [:"tlsv1.3", :"tlsv1.2"],
+            verify: :verify_peer,
+            cacerts: :public_key.cacerts_get(),
+            depth: depth,
+            server_name_indication: server
+          ],
+          else: []
+        ),
+      tls: get_var_from_path_or_env(config_dir, "SMTP_TLS", "if_available"),
+      tls_options: [
+        versions: [:"tlsv1.3", :"tlsv1.2"],
+        verify: :verify_peer,
+        cacerts: :public_key.cacerts_get(),
+        depth: depth,
+        server_name_indication: server
+      ]
 
     config :swoosh, :api_client, false
 
@@ -250,7 +259,7 @@ case mail_transport do
       adapter: Swoosh.Adapters.Postmark,
       api_key: get_var_from_path_or_env(config_dir, "POSTMARK_API_KEY", nil)
 
-    config :swoosh, :api_client, Swoosh.ApiClient.Hackney
+    config :swoosh, :api_client, Swoosh.ApiClient.Finch
 
   _ ->
     config :claper, Claper.Mailer, adapter: Swoosh.Adapters.Local
@@ -267,5 +276,3 @@ if s3_scheme && s3_host do
   config :ex_aws,
     s3: [scheme: s3_scheme, host: s3_host, port: s3_port]
 end
-
-config :swoosh, :api_client, Swoosh.ApiClient.Finch

mix.exs

@@ -95,6 +95,7 @@ defmodule Claper.MixProject do
       {:esbuild, "~> 0.10", runtime: Mix.env() == :dev},
       {:dart_sass, "~> 0.7", runtime: Mix.env() == :dev},
       {:swoosh, "~> 1.19"},
+      {:gen_smtp, "~> 1.3"},
       {:finch, "~> 0.19"},
       {:telemetry_metrics, "~> 1.1"},
       {:telemetry_poller, "~> 1.2"},
@@ -105,7 +106,6 @@ defmodule Claper.MixProject do
       {:hashids, "~> 2.1"},
       {:libcluster, "~> 3.5"},
       {:porcelain, "~> 2.0"},
-      {:hackney, "~> 1.24"},
       {:csv, "~> 3.2"},
       {:credo, "~> 1.7", only: [:dev, :test], runtime: false},
       {:joken, "~> 2.6"},
@@ -114,8 +114,6 @@ defmodule Claper.MixProject do
       {:uuid, "~> 1.1"},
       {:oidcc, "~> 3.5"},
       {:oban, "~> 2.19"},
-      {:mua, "~> 0.2"},
-      {:mail, "~> 0.5"},
       {:tailwind, "~> 0.3", runtime: Mix.env() == :dev}
     ]
   end