From 8ace30ee23d94cd50f2e51462ccda84227c83d0c Mon Sep 17 00:00:00 2001 From: Jeremy Price Date: Wed, 28 Feb 2024 23:37:52 -0800 Subject: [PATCH] Update mailer configurations for Symfony mailer Newer Laravel uses Symfony mailer instead of SwiftMailer, and that means that some configs and functionality have changed In this change, we update config/mail.php with the new config layout and name/functionality changes of note: * New configuration layout supporting lots of new/different mailers * MAIL_DRIVER has become MAIL_MAILER, though we'll support both * MAIL_ENCRYPTION is mostly useless, and we mark it as such -- symfony mailer detects which type of encryption to use automagically. * MAIL_TLS_VERIFY_PEER is now available in case of self-signed certificates on the mail server, of if you want to access it by a different name, or by IP Accordingly, we also update the .env examples, docker configs, and the .env builder in the snipeit.sh installation script with the above changes --- .env.docker | 4 +- .env.dusk.example | 2 +- .env.example | 10 +- .env.testing-ci | 2 +- .env.tests | 2 +- .env.unit-tests | 2 +- app.json | 8 +- config/mail.php | 249 ++++++++++++++++++++++++++++---------- docker/docker-secrets.env | 4 +- docker/docker.env | 4 +- phpunit.xml | 2 +- snipeit.sh | 6 +- 12 files changed, 213 insertions(+), 82 deletions(-) diff --git a/.env.docker b/.env.docker index 87897b10db..4d0f137d09 100644 --- a/.env.docker +++ b/.env.docker @@ -49,12 +49,12 @@ DB_SSL_CIPHER=null # -------------------------------------------- # REQUIRED: OUTGOING MAIL SERVER SETTINGS # -------------------------------------------- -MAIL_DRIVER=smtp +MAIL_MAILER=smtp MAIL_HOST=mailhog MAIL_PORT=1025 MAIL_USERNAME=null MAIL_PASSWORD=null -MAIL_ENCRYPTION=null +MAIL_TLS_VERIFY_PEER=true MAIL_FROM_ADDR=you@example.com MAIL_FROM_NAME='Snipe-IT' MAIL_REPLYTO_ADDR=you@example.com diff --git a/.env.dusk.example b/.env.dusk.example index 074f6fc3d7..07a5c4a2fc 100644 --- a/.env.dusk.example +++ b/.env.dusk.example @@ -40,7 +40,7 @@ DB_SSL_CIPHER=null # -------------------------------------------- # REQUIRED: OUTGOING MAIL SERVER SETTINGS # -------------------------------------------- -MAIL_DRIVER="log" +MAIL_MAILER="log" # -------------------------------------------- diff --git a/.env.example b/.env.example index f8e1df2987..814ef0c123 100644 --- a/.env.example +++ b/.env.example @@ -46,17 +46,21 @@ DB_SSL_CIPHER=null # -------------------------------------------- # REQUIRED: OUTGOING MAIL SERVER SETTINGS # -------------------------------------------- -MAIL_DRIVER=smtp +MAIL_MAILER=smtp MAIL_HOST=email-smtp.us-west-2.amazonaws.com MAIL_PORT=587 MAIL_USERNAME=YOURUSERNAME MAIL_PASSWORD=YOURPASSWORD -MAIL_ENCRYPTION=null MAIL_FROM_ADDR=you@example.com MAIL_FROM_NAME='Snipe-IT' MAIL_REPLYTO_ADDR=you@example.com MAIL_REPLYTO_NAME='Snipe-IT' MAIL_AUTO_EMBED_METHOD='attachment' +MAIL_TLS_VERIFY_PEER=true + +# MAIL_ENCRYPTION is no longer supported. SymfonyMailer will use tls if it's +# advertised, and won't if it's not. If you want to use your mail server's IP but it's failing +# because of certificate errors, set MAIL_TLS_VERIFY_PEER-true # -------------------------------------------- # REQUIRED: IMAGE LIBRARY @@ -190,4 +194,4 @@ ARGON_TIME=2 # OPTIONAL: SCIM # -------------------------------------------- SCIM_TRACE=false -SCIM_STANDARDS_COMPLIANCE=false \ No newline at end of file +SCIM_STANDARDS_COMPLIANCE=false diff --git a/.env.testing-ci b/.env.testing-ci index f17a5c6c30..3e00eb3fa3 100644 --- a/.env.testing-ci +++ b/.env.testing-ci @@ -22,7 +22,7 @@ DB_PASSWORD=null # -------------------------------------------- # REQUIRED: OUTGOING MAIL SERVER SETTINGS # -------------------------------------------- -MAIL_DRIVER=log +MAIL_MAILER=log # -------------------------------------------- diff --git a/.env.tests b/.env.tests index 038884e5dd..8128d22b55 100644 --- a/.env.tests +++ b/.env.tests @@ -18,6 +18,6 @@ APP_KEY=base64:tu9NRh/a6+dCXBDGvg0Gv/0TcABnFsbT4AKxrr8mwQo= LOGIN_MAX_ATTEMPTS=1000000 LOGIN_LOCKOUT_DURATION=100000000 -MAIL_DRIVER=log +MAIL_MAILER=log MAIL_FROM_ADDR=you@example.com MAIL_FROM_NAME=Snipe-IT diff --git a/.env.unit-tests b/.env.unit-tests index 3a7263f86a..28177839dd 100644 --- a/.env.unit-tests +++ b/.env.unit-tests @@ -15,6 +15,6 @@ APP_KEY=base64:tu9NRh/a6+dCXBDGvg0Gv/0TcABnFsbT4AKxrr8mwQo= LOGIN_MAX_ATTEMPTS=1000000 LOGIN_LOCKOUT_DURATION=100000000 -MAIL_DRIVER=log +MAIL_MAILER=log MAIL_FROM_ADDR=you@example.com MAIL_FROM_NAME=Snipe-IT diff --git a/app.json b/app.json index 97a81d4d7b..0bf523f5e4 100644 --- a/app.json +++ b/app.json @@ -38,7 +38,7 @@ "description": "The maximum number of search results that can be returned at one time.", "value": "500" }, - "MAIL_DRIVER": { + "MAIL_MAILER": { "description": "Mail driver - Generally SMTP on Heroku - https://snipe-it.readme.io/docs/configuration#required-outgoing-mail-settings", "value": "smtp" }, @@ -58,9 +58,9 @@ "description": "SMTP Server Password", "value": "YOURPASSWORD" }, - "MAIL_ENCRYPTION": { - "description": "Encryption protocol for email sending.", - "value": "null" + "MAIL_TLS_VERIFY_PEER": { + "description": "Ensure validity of TLS certificate on remote mail server", + "value": true }, "MAIL_FROM_ADDR": { "description": "Email from address", diff --git a/config/mail.php b/config/mail.php index f650cf5387..4f39fac842 100755 --- a/config/mail.php +++ b/config/mail.php @@ -6,10 +6,11 @@ |-------------------------------------------------------------------------- | This file reads from your .env configuration file and should not | be modified directly. -*/ + */ return [ + /* | *************************************************************************** | DO NOT MAKE CHANGES DIRECTLY TO THIS FILE. @@ -30,33 +31,199 @@ return [ | */ - 'driver' => env('MAIL_DRIVER', 'smtp'), - /* |-------------------------------------------------------------------------- - | SMTP Host Address + | Default Mailer |-------------------------------------------------------------------------- | - | Here you may provide the host address of the SMTP server used by your - | applications. A default option is provided that is compatible with - | the Mailgun mail service which will provide reliable deliveries. + | This option controls the default mailer that is used to send any email + | messages sent by your application. Alternative mailers may be setup + | and used as needed; however, this mailer will be used by default. + | + | Previous versions of Snipe-IT and Laravel used SwiftMailer, which used + | MAIL_DRIVER instead of MAIL_MAILER. In order to not break existing + | installations, we'll accept both | */ - 'host' => env('MAIL_HOST', 'smtp.mailgun.org'), + 'default' => env('MAIL_DRIVER') != null ? env('MAIL_DRIVER') : env('MAIL_MAILER', 'smtp'), /* |-------------------------------------------------------------------------- - | SMTP Host Port + | Mailer Configurations |-------------------------------------------------------------------------- | - | This is the SMTP port used by your application to deliver e-mails to - | users of the application. Like the host we have set this value to - | stay compatible with the Mailgun e-mail application by default. + | Here you may configure all of the mailers used by your application plus + | their respective settings. Several examples have been configured for + | you and you are free to add your own as your application requires. + | + | Laravel supports a variety of mail "transport" drivers to be used while + | sending an e-mail. You will specify which one you are using for your + | mailers below. You are free to add additional mailers as required. + | + | Supported: "smtp", "sendmail", "mailgun", "ses", "ses-v2", + | "postmark", "log", "array", "failover", "roundrobin" | */ - 'port' => env('MAIL_PORT', 587), + 'mailers' => [ + 'smtp' => [ + // Don't touch this. For the smtp mailer, the transport needs to be smtp + 'transport' => 'smtp', + + /* + |-------------------------------------------------------------------------- + | SMTP Host Address + |-------------------------------------------------------------------------- + | + | Here you may provide the host address of the SMTP server used by your + | applications. A default option is provided that is compatible with + | the Mailgun mail service which will provide reliable deliveries. + | + */ + 'host' => env('MAIL_HOST', 'smtp.mailgun.org'), + + + /* + |-------------------------------------------------------------------------- + | SMTP Host Port + |-------------------------------------------------------------------------- + | + | This is the SMTP port used by your application to deliver e-mails to + | users of the application. Like the host we have set this value to + | stay compatible with the Mailgun e-mail application by default. + | + */ + + 'port' => env('MAIL_PORT', 587), + + /* + |-------------------------------------------------------------------------- + | SMTP Server Username + |-------------------------------------------------------------------------- + | + | If your SMTP server requires a username for authentication, you should + | set it here. This will get used to authenticate with your server on + | connection. You may also set the "password" value below this one. + | + */ + + 'username' => env('MAIL_USERNAME'), + + /* + |-------------------------------------------------------------------------- + | SMTP Server Password + |-------------------------------------------------------------------------- + | + | Here you may set the password required by your SMTP server to send out + | messages from your application. This will be given to the server on + | connection so that the application will be able to send messages. + | + */ + + 'password' => env('MAIL_PASSWORD'), + + /* + |-------------------------------------------------------------------------- + | SMTP Server connection timeout + |-------------------------------------------------------------------------- + | + | Give up trying to connect to the mail server after this many seconds + | + */ + + 'timeout' => 30, + + /* + |-------------------------------------------------------------------------- + | mostly pointless encryption option + |-------------------------------------------------------------------------- + | + | This used to let you specify whether or not to use TLS, but now it really + | just helps inform the code about which SMTP port to use. SymfonMailer will + | still use TLS if the server offers it, regardless of how this is set. + | We're only including it here for reference, and the extreme edge-case where + | Symfony can't figure out what to do on its own. + | + */ + + 'encryption' => env('MAIL_ENCRYPTION', 'tls'), + + /* + |-------------------------------------------------------------------------- + | Verify SMTP TLS certificate + |-------------------------------------------------------------------------- + | + | As noted above, Swiftmailer WILL use TLS if the server offers it, so if + | you're using a self-signed certificate or want to refer to your mailserver + | by a name that isn't in the certificate (like the IP address), set this + | to 0 or false. + | + */ + + 'verify_peer' => env('MAIL_TLS_VERIFY_PEER', 1), + + ], + + 'ses' => [ + 'transport' => 'ses', + ], + + 'postmark' => [ + 'transport' => 'postmark', + // 'message_stream_id' => null, + // 'client' => [ + // 'timeout' => 5, + // ], + ], + + 'mailgun' => [ + 'transport' => 'mailgun', + // 'client' => [ + // 'timeout' => 5, + // ], + ], + + /* + |-------------------------------------------------------------------------- + | Sendmail System Path + |-------------------------------------------------------------------------- + | + | When using the "sendmail" driver to send e-mails, we will need to know + | the path to where Sendmail lives on this server. A default path has + | been provided here, which will work well on most of your systems. + | + */ + 'sendmail' => [ + 'transport' => 'sendmail', + 'path' => env('MAIL_SENDMAIL_PATH', '/usr/sbin/sendmail -bs -i'), + ], + + 'log' => [ + 'transport' => 'log', + 'channel' => env('MAIL_LOG_CHANNEL'), + ], + + 'array' => [ + 'transport' => 'array', + ], + + 'failover' => [ + 'transport' => 'failover', + 'mailers' => [ + 'smtp', + 'log', + ], + ], + + 'roundrobin' => [ + 'transport' => 'roundrobin', + 'mailers' => [ + 'ses', + 'postmark', + ], + ], + ], /* |-------------------------------------------------------------------------- @@ -70,9 +237,9 @@ return [ */ 'from' => [ - 'address' => env('MAIL_FROM_ADDR', null), - 'name' => env('MAIL_FROM_NAME', null), - ], + 'address' => env('MAIL_FROM_ADDR', null), + 'name' => env('MAIL_FROM_NAME', null), + ], /* |-------------------------------------------------------------------------- @@ -92,58 +259,18 @@ return [ /* |-------------------------------------------------------------------------- - | E-Mail Encryption Protocol + | Markdown Mail Settings |-------------------------------------------------------------------------- | - | Here you may specify the encryption protocol that should be used when - | the application send e-mail messages. A sensible default using the - | transport layer security protocol should provide great security. + | If you are using Markdown based email rendering, you may configure your + | theme and component paths here, allowing you to customize the design + | of the emails. Or, you may simply stick with the Laravel defaults! | */ - 'encryption' => env('MAIL_ENCRYPTION', 'tls'), - - /* - |-------------------------------------------------------------------------- - | SMTP Server Username - |-------------------------------------------------------------------------- - | - | If your SMTP server requires a username for authentication, you should - | set it here. This will get used to authenticate with your server on - | connection. You may also set the "password" value below this one. - | - */ - - 'username' => env('MAIL_USERNAME'), - - /* - |-------------------------------------------------------------------------- - | SMTP Server Password - |-------------------------------------------------------------------------- - | - | Here you may set the password required by your SMTP server to send out - | messages from your application. This will be given to the server on - | connection so that the application will be able to send messages. - | - */ - - 'password' => env('MAIL_PASSWORD'), - - /* - |-------------------------------------------------------------------------- - | Sendmail System Path - |-------------------------------------------------------------------------- - | - | When using the "sendmail" driver to send e-mails, we will need to know - | the path to where Sendmail lives on this server. A default path has - | been provided here, which will work well on most of your systems. - | - */ - - 'sendmail' => env('SENDMAIL_PATH', ini_get('sendmail_path')), - 'markdown' => [ 'theme' => 'default', + 'paths' => [ resource_path('views/vendor/mail'), ], diff --git a/docker/docker-secrets.env b/docker/docker-secrets.env index 45a777f5d8..f18ee202bc 100644 --- a/docker/docker-secrets.env +++ b/docker/docker-secrets.env @@ -20,8 +20,8 @@ DB_DUMP_PATH='/usr/bin' # -------------------------------------------- # REQUIRED: OUTGOING MAIL SERVER SETTINGS # -------------------------------------------- -MAIL_DRIVER=smtp -MAIL_ENCRYPTION=${MAIL_ENV_ENCRYPTION} +MAIL_MAILER=smtp +MAIL_TLS_VERIFY_PEER=${MAIL_TLS_VERIFY_PEER} MAIL_FROM_ADDR=${MAIL_ENV_FROM_ADDR} MAIL_FROM_NAME=${MAIL_ENV_FROM_NAME} MAIL_REPLYTO_ADDR=${MAIL_ENV_FROM_ADDR} diff --git a/docker/docker.env b/docker/docker.env index 7ee226109b..785da07ee1 100644 --- a/docker/docker.env +++ b/docker/docker.env @@ -25,12 +25,12 @@ DB_DUMP_PATH='/usr/bin' # -------------------------------------------- # REQUIRED: OUTGOING MAIL SERVER SETTINGS # -------------------------------------------- -MAIL_DRIVER=smtp +MAIL_MAILER=smtp MAIL_HOST=${MAIL_PORT_587_TCP_ADDR} MAIL_PORT=${MAIL_PORT_587_TCP_PORT} MAIL_USERNAME=${MAIL_ENV_USERNAME} MAIL_PASSWORD=${MAIL_ENV_PASSWORD} -MAIL_ENCRYPTION=${MAIL_ENV_ENCRYPTION} +MAIL_TLS_VERIFY_PEER=${MAIL_TLS_VERIFY_PEER} MAIL_FROM_ADDR=${MAIL_ENV_FROM_ADDR} MAIL_FROM_NAME=${MAIL_ENV_FROM_NAME} MAIL_REPLYTO_ADDR=${MAIL_ENV_FROM_ADDR} diff --git a/phpunit.xml b/phpunit.xml index 4ee53b57b3..9d4fa91144 100644 --- a/phpunit.xml +++ b/phpunit.xml @@ -28,7 +28,7 @@ - + diff --git a/snipeit.sh b/snipeit.sh index 06cb332f03..0f379b90bc 100755 --- a/snipeit.sh +++ b/snipeit.sh @@ -922,9 +922,9 @@ case $setupmail in sed -i "s|^\\(MAIL_PASSWORD=\\).*|\\1$mailpassword|" "$APP_PATH/.env" echo "" - echo -n " Encryption(null/TLS/SSL):" - read -r mailencryption - sed -i "s|^\\(MAIL_ENCRYPTION=\\).*|\\1$mailencryption|" "$APP_PATH/.env" + echo -n " Verify TLS certificate on remote server? (true/false):" + read -r mailverifypeer + sed -i "s|^\\(MAIL_TLS_VERIFY_PEER=\\).*|\\1$mailverifypeer|" "$APP_PATH/.env" echo -n " From address:" read -r mailfromaddr