From def4a9d8be1c2b46e951322b10a13811badedd3b Mon Sep 17 00:00:00 2001 From: klmmr <35450576+klmmr@users.noreply.github.com> Date: Wed, 5 Mar 2025 17:22:09 +0100 Subject: [PATCH] config: Set default mail config to validate TLS certs Before this commit, the default was to not validate TLS certificates of the SMTP server. This is perhaps a rather unexpected default and can be considered insecure. This commit activates mail server TLS cert validation by default. This change might break some users' email configuration, if they did not explicitly set the `mail.cert_validation` config variable. Nonetheless, I think that the secure option should be the default option (e.g., to prevent man-in-the-middle attacks and breaching mail server login credentials). Signed-off-by: klmmr <35450576+klmmr@users.noreply.github.com> --- docs/documentation/configuration/overview.md | 4 ++-- internal/config/config.go | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/documentation/configuration/overview.md b/docs/documentation/configuration/overview.md index a890f33..c683d85 100644 --- a/docs/documentation/configuration/overview.md +++ b/docs/documentation/configuration/overview.md @@ -58,7 +58,7 @@ mail: host: 127.0.0.1 port: 25 encryption: none - cert_validation: false + cert_validation: true username: "" password: "" auth_type: plain @@ -289,7 +289,7 @@ Options for configuring email notifications or sending peer configurations via e - **Description:** SMTP encryption type. Valid values: `none`, `tls`, `starttls`. ### `cert_validation` -- **Default:** `false` +- **Default:** `true` - **Description:** If `true`, validate the SMTP server certificate (relevant if `encryption` = `tls`). ### `username` diff --git a/internal/config/config.go b/internal/config/config.go index bf2f837..efca687 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -145,7 +145,7 @@ func defaultConfig() *Config { Host: "127.0.0.1", Port: 25, Encryption: MailEncryptionNone, - CertValidation: false, + CertValidation: true, Username: "", Password: "", AuthType: MailAuthPlain,