Currently, the application’s email sending functionality for verification messages does not support TLS/STARTTLS. This limits secure communication with modern SMTP servers, as many providers require encrypted connections to accept messages. Without TLS/STARTTLS, verification emails may fail to deliver or risk being intercepted.
Related code:
|
async fn get_mailer(cfg: &Configuration) -> Mailer { |
|
let settings = cfg.settings.read().await; |
|
|
|
if !settings.mail.smtp.credentials.username.is_empty() && !settings.mail.smtp.credentials.password.is_empty() { |
|
// SMTP authentication |
|
let creds = Credentials::new( |
|
settings.mail.smtp.credentials.username.clone(), |
|
settings.mail.smtp.credentials.password.clone(), |
|
); |
|
|
|
AsyncSmtpTransport::<Tokio1Executor>::builder_dangerous(&settings.mail.smtp.server) |
|
.port(settings.mail.smtp.port) |
|
.credentials(creds) |
|
.authentication(vec![Mechanism::Login, Mechanism::Xoauth2, Mechanism::Plain]) |
|
.build() |
|
} else { |
|
// SMTP without authentication |
|
AsyncSmtpTransport::<Tokio1Executor>::builder_dangerous(&settings.mail.smtp.server) |
|
.port(settings.mail.smtp.port) |
|
.build() |
|
} |
|
} |
Doc ref:
https://docs.rs/lettre/latest/lettre/transport/smtp/struct.AsyncSmtpTransport.html#method.builder_dangerous
