summary refs log tree commit diff
path: root/docs
diff options
context:
space:
mode:
authorJan Schär <jan@jschaer.ch>2022-07-25 17:27:19 +0200
committerGitHub <noreply@github.com>2022-07-25 16:27:19 +0100
commite8519e0ed289b67fa07c1bdbb6898852dc1a50b9 (patch)
treec43eaafeef1b50506cbd23425071dbaaa27106dd /docs
parentAdditional fixes for opentracing type hints. (#13362) (diff)
downloadsynapse-e8519e0ed289b67fa07c1bdbb6898852dc1a50b9.tar.xz
Support Implicit TLS for sending emails (#13317)
Previously, TLS could only be used with STARTTLS.
Add a new option `force_tls`, where TLS is used from the start.
Implicit TLS is recommended over STARTLS,
see https://datatracker.ietf.org/doc/html/rfc8314

Fixes #8046.

Signed-off-by: Jan Schär <jan@jschaer.ch>
Diffstat (limited to 'docs')
-rw-r--r--docs/usage/configuration/config_documentation.md11
1 files changed, 10 insertions, 1 deletions
diff --git a/docs/usage/configuration/config_documentation.md b/docs/usage/configuration/config_documentation.md

index a10f6662eb..eefcc7829d 100644
--- a/docs/usage/configuration/config_documentation.md
+++ b/docs/usage/configuration/config_documentation.md
@@ -3187,9 +3187,17 @@ Server admins can configure custom templates for email content. See
 
 This setting has the following sub-options:
 * `smtp_host`: The hostname of the outgoing SMTP server to use. Defaults to 'localhost'.
-* `smtp_port`: The port on the mail server for outgoing SMTP. Defaults to 25.
+* `smtp_port`: The port on the mail server for outgoing SMTP. Defaults to 465 if `force_tls` is true, else 25.
+  
+  _Changed in Synapse 1.64.0:_ the default port is now aware of `force_tls`.
 * `smtp_user` and `smtp_pass`: Username/password for authentication to the SMTP server. By default, no
    authentication is attempted.
+* `force_tls`: By default, Synapse connects over plain text and then optionally upgrades
+   to TLS via STARTTLS. If this option is set to true, TLS is used from the start (Implicit TLS),
+   and the option `require_transport_security` is ignored.
+   It is recommended to enable this if supported by your mail server.
+  
+  _New in Synapse 1.64.0._
 * `require_transport_security`: Set to true to require TLS transport security for SMTP.
    By default, Synapse will connect over plain text, and will then switch to
    TLS via STARTTLS *if the SMTP server supports it*. If this option is set,
@@ -3254,6 +3262,7 @@ email:
   smtp_port: 587
   smtp_user: "exampleusername"
   smtp_pass: "examplepassword"
+  force_tls: true
   require_transport_security: true
   enable_tls: false
   notif_from: "Your Friendly %(app)s homeserver <noreply@example.com>"
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-04-01 16:15:12 +0000