starred/mailpit
1
0
Fork 0
mirror of https://github.com/axllent/mailpit.git synced 2026-04-26 00:35:51 +03:00
Code Issues Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #446] -smtp-require-tls ignored when specifying authentication and password file #286

New issue
Closed
opened 2026-03-15 13:41:56 +03:00 by kerem · 4 comments
kerem commented 2026-03-15 13:41:56 +03:00
Owner
Copy link

Originally created by @AAAlvesJr on GitHub (Feb 18, 2025).
Original GitHub issue: https://github.com/axllent/mailpit/issues/446

I am not sure if it is a bug, or a feature, but as I have understood the documentation, it should be possible to activate SSL/TLS and also specify a password file to enable logins on smtp.

I am getting the situation below :

$  ./mailpit --smtp-tls-cert cert.pem --smtp-tls-key key.pem  --smtp-require-tls  --smtp-auth-file passwdfile  --smtp-require-tls
INFO[2025/02/17 21:44:49] [smtpd] enabling login authentication        
INFO[2025/02/17 21:44:49] [smtpd] starting on [::]:1025 (STARTTLS required) 
INFO[2025/02/17 21:44:49] [http] starting on [::]:8025                 
INFO[2025/02/17 21:44:49] [http] accessible via http://localhost:8025/

Mailpit runs with (STARTTLS required).

However, when I remove --smtp-auth-file passwdfile, I get the situation below:

$  ./mailpit --smtp-tls-cert cert.pem --smtp-tls-key key.pem --smtp-require-tls
INFO[2025/02/17 21:54:16] [smtpd] starting on [::]:1025 (SSL/TLS required) 
INFO[2025/02/17 21:54:16] [http] starting on [::]:8025                 
INFO[2025/02/17 21:54:16] [http] accessible via http://localhost:8025/

I am running the latest release v1.22.3 on linux 64bits.

Am I doing something wrong? How to get SSL/TLS and authentication ?

Originally created by @AAAlvesJr on GitHub (Feb 18, 2025). Original GitHub issue: https://github.com/axllent/mailpit/issues/446 I am not sure if it is a bug, or a feature, but as I have understood the documentation, it should be possible to activate SSL/TLS and also specify a password file to enable logins on smtp. I am getting the situation below : ``` $ ./mailpit --smtp-tls-cert cert.pem --smtp-tls-key key.pem --smtp-require-tls --smtp-auth-file passwdfile --smtp-require-tls INFO[2025/02/17 21:44:49] [smtpd] enabling login authentication INFO[2025/02/17 21:44:49] [smtpd] starting on [::]:1025 (STARTTLS required) INFO[2025/02/17 21:44:49] [http] starting on [::]:8025 INFO[2025/02/17 21:44:49] [http] accessible via http://localhost:8025/ ``` Mailpit runs with ` (STARTTLS required) `. However, when I remove `--smtp-auth-file passwdfile`, I get the situation below: ``` $ ./mailpit --smtp-tls-cert cert.pem --smtp-tls-key key.pem --smtp-require-tls INFO[2025/02/17 21:54:16] [smtpd] starting on [::]:1025 (SSL/TLS required) INFO[2025/02/17 21:54:16] [http] starting on [::]:8025 INFO[2025/02/17 21:54:16] [http] accessible via http://localhost:8025/ ``` I am running the latest release `v1.22.3` on linux 64bits. Am I doing something wrong? How to get SSL/TLS and authentication ?
kerem closed this issue 2026-03-15 13:42:01 +03:00
kerem commented 2026-03-15 13:42:08 +03:00
Author
Owner
Copy link

@axllent commented on GitHub (Feb 18, 2025):

You may have discovered a bug, but I'll need to get back to you on this in the next day or two as I have been very busy with other commitments, sorry.

<!-- gh-comment-id:2666475607 --> @axllent commented on GitHub (Feb 18, 2025): You may have discovered a bug, but I'll need to get back to you on this in the next day or two as I have been very busy with other commitments, sorry.
kerem commented 2026-03-15 13:42:13 +03:00
Author
Owner
Copy link

@axllent commented on GitHub (Feb 19, 2025):

I actually believe this is just an error in the Mailpit server output, and not and error in the implementation itself. From what I can tell --smtp-require-tls enforces TLS correctly.

Can you please confirm for me whether you're actually having issues with TLS & authentication, ignoring what Mailpit it telling you while running?

<!-- gh-comment-id:2667404824 --> @axllent commented on GitHub (Feb 19, 2025): I actually believe this is just an error in the Mailpit server output, and not and error in the implementation itself. From what I can tell `--smtp-require-tls` enforces TLS correctly. Can you please confirm for me whether you're actually having issues with TLS & authentication, ignoring what Mailpit it telling you while running?
kerem commented 2026-03-15 13:42:19 +03:00
Author
Owner
Copy link

@AAAlvesJr commented on GitHub (Feb 19, 2025):

Hello, thanks for the prompt reaction.

Indeed, good point this one you raised. I have no issues in my application, which REQUIRES TLS to send emails.
Maybe it is just what you said, a minor issue with the logging.

Is there a more direct and specific way to assert this?
Please, let me know.
Cheers

<!-- gh-comment-id:2668726969 --> @AAAlvesJr commented on GitHub (Feb 19, 2025): Hello, thanks for the prompt reaction. Indeed, good point this one you raised. I have no issues in my application, which REQUIRES TLS to send emails. Maybe it is just what you said, a minor issue with the logging. Is there a more direct and specific way to assert this? Please, let me know. Cheers
kerem commented 2026-03-15 13:42:24 +03:00
Author
Owner
Copy link

@axllent commented on GitHub (Feb 20, 2025):

Most email applications actually automatically go straight to TLS when set to STARTTLS. They are basically the exact same thing, except that STARTTLS is designed to respond to unencrypted SMTP commands until the authentication part (from which point everything must be over TLS). When a server is running with TLS it will just close the connection if your try send anything unencrypted.

Connecting with telnet to STARTTLS:

telnet localhost 1025
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 grunty Mailpit ESMTP Service ready
ehlo example.com         
250-grunty greets example.com
250-SIZE 0
250-STARTTLS
250-AUTH LOGIN PLAIN
250 ENHANCEDSTATUSCODES
...

Connecting with telnet to TLS:

telnet localhost 1025
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
ehlo example.com
Connection closed by foreign host.

There's definitely the correct responses from Mailpit, and I found the issue that caused it to return the wrong information in the log.

I have pushed a fix for this into the develop branch, however given that it's not actually a functionality bug but rather a cosmetic error, I won't release a new version until I have more to add. This will definitely be included in the next release, and in the meantime please just ignore the output. Thanks for your input.

<!-- gh-comment-id:2670335952 --> @axllent commented on GitHub (Feb 20, 2025): Most email applications actually automatically go straight to TLS when set to STARTTLS. They are basically the exact same thing, except that STARTTLS is designed to respond to unencrypted SMTP commands until the authentication part (from which point everything must be over TLS). When a server is running with TLS it will just close the connection if your try send anything unencrypted. Connecting with telnet to STARTTLS: ``` telnet localhost 1025 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 grunty Mailpit ESMTP Service ready ehlo example.com 250-grunty greets example.com 250-SIZE 0 250-STARTTLS 250-AUTH LOGIN PLAIN 250 ENHANCEDSTATUSCODES ... ``` Connecting with telnet to TLS: ``` telnet localhost 1025 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. ehlo example.com Connection closed by foreign host. ``` There's definitely the correct responses from Mailpit, and I found the issue that caused it to return the wrong information in the log. I have pushed a fix for this into the `develop` branch, however given that it's not actually a functionality bug but rather a cosmetic error, I won't release a new version until I have more to add. This will definitely be included in the next release, and in the meantime please just ignore the output. Thanks for your input.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
master
v1.29.7
v1.29.6
v1.29.5
v1.29.4
v1.29.3
v1.29.2
v1.29.1
v1.29.0
v1.28.4
v1.28.3
v1.28.2
v1.28.1
v1.28.0
v1.27.11
v1.27.10
v1.27.9
v1.27.8
v1.27.7
v1.27.6
v1.27.5
v1.27.4
v1.27.3
v1.27.2
v1.27.1
v1.27.0
v1.26.2
v1.26.1
v1.26.0
v1.25.1
v1.25.0
v1.24.2
v1.24.1
v1.24.0
v1.23.2
v1.23.1
v1.23.0
v1.22.3
v1.22.2
v1.22.1
v1.22.0
v1.21.8
v1.21.7
v1.21.6
v1.21.5
v1.21.4
v1.21.3
v1.21.2
v1.21.1
v1.21.0
v1.20.7
v1.20.6
v1.20.5
v1.20.4
v1.20.3
v1.20.2
v1.20.1
v1.20.0
v1.19.3
v1.19.2
v1.19.1
v1.19.0
v1.18.7
v1.18.6
v1.18.5
v1.18.4
v1.18.3
v1.18.2
v1.18.1
v1.18.0
v1.17.1
v1.17.0
v1.16.0
v1.15.1
v1.15.0
v1.14.4
v1.14.3
v1.14.2
v1.14.1
v1.14.0
v1.13.3
v1.13.2
v1.13.1
v1.13.0
v1.12.1
v1.12.0
v1.11.1
v1.11.0
v1.10.4
v1.10.3
v1.10.2
v1.10.1
v1.10.0
v1.9.10
v1.9.9
v1.9.8
v1.9.7
v1.9.6
v1.9.5
v1.9.4
v1.9.3
v1.9.2
v1.9.1
v1.9.0
v1.8.4
v1.8.3
v1.8.2
v1.8.1
v1.8.0
v1.7.1
v1.7.0
v1.6.22
v1.6.21
v1.6.20
v1.6.19
v1.6.18
v1.6.17
v1.6.16
v1.6.15
v1.6.14
v1.6.13
v1.6.12
v1.6.11
v1.6.10
v1.6.9
v1.6.8
v1.6.7
v1.6.6
v1.6.5
v1.6.4
v1.6.3
v1.6.2
v1.6.1
v1.6.0
v1.5.5
v1.5.4
v1.5.3
v1.5.2
v1.5.1
v1.5.0
v1.4.0
v1.3.11
v1.3.10
v1.3.9
v1.3.8
v1.3.7
v1.3.6
v1.3.5
v1.3.4
v1.3.3
v1.3.2
v1.3.1
v1.3.0
v1.2.9
v1.2.8
v1.2.7
v1.2.6
1.2.5
1.2.4
1.2.3
1.2.2
1.2.1
1.2.0
1.1.7
1.1.6
1.1.5
1.1.4
1.1.3
1.1.2
1.1.1
1.1.0
1.0.0
1.0.0-beta1
0.1.5
0.1.4
0.1.3
0.1.2
0.1.1
0.1.0
0.0.9
0.0.8
0.0.7
0.0.6
0.0.5
0.0.4
0.0.3
0.0.2
0.0.1-beta
Labels
Clear labels   
awaiting feedback

   
bug

   
docker

   
documentation

   
enhancement

   
github_actions

   
invalid

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
stale

   
wontfix
No labels
awaiting feedback
bug
docker
documentation
enhancement
github_actions
invalid
pull-request
question
stale
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/mailpit#286
No description provided.