mirror of
https://github.com/dani-garcia/bitwarden_rs
synced 2024-11-25 11:20:04 +01:00
Updated instructions to use SMTP_SECURITY
parent
2f1c0b31f3
commit
936fc6e6df
@ -4,7 +4,6 @@
|
||||
> The new setting is `SMTP_SECURITY` which has the following options: `starttls`, `force_tls` and `off`.<br>
|
||||
> `SMTP_SSL=true` equals `starttls`<br>
|
||||
> `SMTP_EXPLICIT_TLS=true` equals `force_tls`<br>
|
||||
> The examples below still represent v1.24.0 for now.<br>
|
||||
---
|
||||
|
||||
You can configure vaultwarden to send emails via a SMTP agent:
|
||||
@ -14,7 +13,7 @@ docker run -d --name vaultwarden \
|
||||
-e SMTP_HOST=<smtp.domain.tld> \
|
||||
-e SMTP_FROM=<vaultwarden@domain.tld> \
|
||||
-e SMTP_PORT=587 \
|
||||
-e SMTP_SSL=true \
|
||||
-e SMTP_SECURITY=starttls \
|
||||
-e SMTP_USERNAME=<username> \
|
||||
-e SMTP_PASSWORD=<password> \
|
||||
-v /vw-data/:/data/ \
|
||||
@ -22,7 +21,8 @@ docker run -d --name vaultwarden \
|
||||
vaultwarden/server:latest
|
||||
```
|
||||
|
||||
When `SMTP_SSL` is set to `true`(this is the default), only TLSv1.1 and TLSv1.2 protocols will be accepted and `SMTP_PORT` will default to `587`. If set to `false`, `SMTP_PORT` will default to `25` and the opportunistic encryption will be tried (no encryption attempted with code prior to 3/12/2020). This can be very insecure, use this setting only if you know what you're doing. To run SMTP in implicit (forced TLS) mode, set `SMTP_EXPLICIT_TLS` to `true` (Hint: environment-variable is mislabelled, see bug #851). If you can send emails without logging in, you can simply not set `SMTP_USERNAME` and `SMTP_PASSWORD`.
|
||||
From v1.25.0, environment variable for SMTP SSL/TLS configuration has been updated to `SMTP_SECURITY` (which was mislabelled, see bug #851).<br>
|
||||
When `SMTP_SECURITY` is set to `starttls`(this is the default), only TLSv1.1 and TLSv1.2 protocols will be accepted and `SMTP_PORT` will default to `587`. If set to `off`, `SMTP_PORT` will default to `25` and the opportunistic encryption will be tried (no encryption attempted with code prior to 3/12/2020). This can be very insecure, use this setting only if you know what you're doing. To run SMTP in implicit (forced TLS) mode, set `SMTP_SECURITY` to `force_tls`. If you can send emails without logging in, you can simply not set `SMTP_USERNAME` and `SMTP_PASSWORD`.
|
||||
|
||||
Note that if SMTP and invitations are enabled, invitations will be sent to new users via email. You must set the `DOMAIN` configuration option with the base URL of your vaultwarden instance for the invite link to be generated correctly:
|
||||
|
||||
@ -60,20 +60,17 @@ Some general settings per port.
|
||||
* for mail servers that use port 465
|
||||
```ini
|
||||
SMTP_PORT=465
|
||||
SMTP_SSL=false
|
||||
SMTP_EXPLICIT_TLS=true
|
||||
SMTP_SECURITY=force_tls
|
||||
```
|
||||
* for mail servers that use port 587 (or sometimes 25)
|
||||
```ini
|
||||
SMTP_PORT=587
|
||||
SMTP_SSL=true
|
||||
SMTP_EXPLICIT_TLS=false
|
||||
SMTP_SECURITY=starttls
|
||||
```
|
||||
* for mail servers that do not support encryption at all.
|
||||
```ini
|
||||
SMTP_PORT=25
|
||||
SMTP_SSL=false
|
||||
SMTP_EXPLICIT_TLS=false
|
||||
SMTP_SECURITY=off
|
||||
```
|
||||
|
||||
### HELO Hostname
|
||||
@ -89,8 +86,7 @@ FullSSL:
|
||||
# Domains: gmail.com, googlemail.com
|
||||
SMTP_HOST=smtp.gmail.com
|
||||
SMTP_PORT=465
|
||||
SMTP_SSL=false
|
||||
SMTP_EXPLICIT_TLS=true
|
||||
SMTP_SECURITY=force_tls
|
||||
SMTP_USERNAME=<mail-address>
|
||||
SMTP_PASSWORD=<less-secure-app-password>
|
||||
```
|
||||
@ -99,8 +95,7 @@ StartTLS:
|
||||
# Domains: gmail.com, googlemail.com
|
||||
SMTP_HOST=smtp.gmail.com
|
||||
SMTP_PORT=587
|
||||
SMTP_SSL=true
|
||||
SMTP_EXPLICIT_TLS=false
|
||||
SMTP_SECURITY=starttls
|
||||
SMTP_USERNAME=<mail-address>
|
||||
SMTP_PASSWORD=<less-secure-app-password>
|
||||
```
|
||||
@ -111,8 +106,7 @@ Also see: https://web.archive.org/web/20210925161633/https://webewizard.com/2019
|
||||
# Domains: hotmail.com, outlook.com, office365.com
|
||||
SMTP_HOST=smtp-mail.outlook.com
|
||||
SMTP_PORT=587
|
||||
SMTP_SSL=true
|
||||
SMTP_EXPLICIT_TLS=false
|
||||
SMTP_SECURITY=starttls
|
||||
SMTP_USERNAME=<mail-address>
|
||||
SMTP_PASSWORD=<password>
|
||||
SMTP_AUTH_MECHANISM="Login"
|
||||
@ -125,8 +119,7 @@ StartTLS:
|
||||
```ini
|
||||
SMTP_HOST=smtp.sendgrid.net
|
||||
SMTP_PORT=587
|
||||
SMTP_SSL=true
|
||||
SMTP_EXPLICIT_TLS=false
|
||||
SMTP_SECURITY=starttls
|
||||
SMTP_USERNAME=apikey
|
||||
SMTP_PASSWORD=<full-api-key>
|
||||
SMTP_AUTH_MECHANISM="Login"
|
||||
@ -136,8 +129,7 @@ Full SSL:
|
||||
```ini
|
||||
SMTP_HOST=smtp.sendgrid.net
|
||||
SMTP_PORT=465
|
||||
SMTP_SSL=false
|
||||
SMTP_EXPLICIT_TLS=true
|
||||
SMTP_SECURITY=force_tls
|
||||
SMTP_USERNAME=apikey
|
||||
SMTP_PASSWORD=<full-api-key>
|
||||
SMTP_AUTH_MECHANISM="Login"
|
||||
@ -155,3 +147,24 @@ Also, the quotes `'` and `"` could cause some issues, so lets enclose this passw
|
||||
To have the password above to work we need to type `'~^",a.%\\,\'}b&@|/c!1(#}'`, here you see that we escaped both the `\` and the `'` characters and used single quotes to surround the whole password.
|
||||
So: `~^",a.%\,'}b&@|/c!1(#}` becomes `'~^",a.%\\,\'}b&@|/c!1(#}'`
|
||||
|
||||
## Using deprecated SMTP environment variable `SMTP_SSL` and `SMTP_EXPLICIT_TLS` (for v1.24.0 and lower)
|
||||
|
||||
Use of `SMTP_SSL` and `SMTP_EXPLICIT_TLS` environment variables has been deprecated since v1.25.0.<br>
|
||||
if you are using v1.24.0 and lower, you can still use `SMTP_SSL` and `SMTP_EXPLICIT_TLS` environment variables:
|
||||
|
||||
```sh
|
||||
docker run -d --name vaultwarden \
|
||||
-e SMTP_HOST=<smtp.domain.tld> \
|
||||
-e SMTP_FROM=<vaultwarden@domain.tld> \
|
||||
-e SMTP_PORT=587 \
|
||||
-e SMTP_SSL=true \
|
||||
-e SMTP_USERNAME=<username> \
|
||||
-e SMTP_PASSWORD=<password> \
|
||||
-v /vw-data/:/data/ \
|
||||
-p 80:80 \
|
||||
vaultwarden/server:latest
|
||||
```
|
||||
|
||||
When `SMTP_SSL` is set to `true`(this is the default), only TLSv1.1 and TLSv1.2 protocols will be accepted and `SMTP_PORT` will default to `587` (equals `SMTP_SECURITY=starttls`). If set to `false`, `SMTP_PORT` will default to `25` and the opportunistic encryption will be tried (no encryption attempted with code prior to 3/12/2020)(equals `SMTP_SECURITY=off`). This can be very insecure, use this setting only if you know what you're doing. To run SMTP in implicit (forced TLS) mode, set `SMTP_EXPLICIT_TLS` to `true` (equals `SMTP_SECURITY=force_tls`). If you can send emails without logging in, you can simply not set `SMTP_USERNAME` and `SMTP_PASSWORD`.
|
||||
|
||||
**NOTE:** if you use these `SMTP_SSL` and `SMTP_EXPLICIT_TLS` settings on v1.25.0 and higher, vaultwarden will omit error for using deprecated setting.
|
Loading…
Reference in New Issue
Block a user