add support for starttls smtp authentication

Adds the option to require smtp connections to use STARTTLS authentication. This is distinct from SSL and TLS and usually shares a port with unencrypted connections. This change enables starttls for the connection and makes it required. This appears as it's own security setting in the email configuration. fixes: https://github.com/metabase/metabase/issues/4272

add support for starttls smtp authentication
e7386f23 · Arthur Ulfeldt · 11609713 · e7386f23 · e7386f23
Commit e7386f23 authored 8 years ago by Arthur Ulfeldt
--- a/frontend/src/metabase/admin/settings/selectors.js
+++ b/frontend/src/metabase/admin/settings/selectors.js
@@ -95,7 +95,7 @@ const SECTIONS = [
                display_name: "SMTP Security",
                description: null,
                type: "radio",
-                options: { none: "None", ssl: "SSL", tls: "TLS" },
+                options: { none: "None", ssl: "SSL", tls: "TLS", starttls: "STARTTLS" },
                defaultValue: 'none'
            },
            {

--- a/src/metabase/email.clj
+++ b/src/metabase/email.clj
@@ -15,11 +15,11 @@
 (defsetting email-smtp-password "SMTP password.")
 (defsetting email-smtp-port     "The port your SMTP server uses for outgoing emails.")
 (defsetting email-smtp-security
-  "SMTP secure connection protocol. (tls, ssl, or none)"
+  "SMTP secure connection protocol. (tls, ssl, starttls, or none)"
  :default "none"
  :setter  (fn [new-value]
             (when-not (nil? new-value)
-               (assert (contains? #{"tls" "ssl" "none"} new-value)))
+               (assert (contains? #{"tls" "ssl" "none" "starttls"} new-value)))
             (setting/set-string! :email-smtp-security new-value)))

 ;; ## PUBLIC INTERFACE
@@ -38,6 +38,8 @@
  (merge m (case (keyword ssl-setting)
             :tls {:tls true}
             :ssl {:ssl true}
+             :starttls {:starttls.enable true
+                        :starttls.required true}
             {})))

 (defn- smtp-settings []
@@ -100,12 +102,13 @@
  {:pre [(string? host)
         (integer? port)]}
  (try
-    (let [ssl?    (= security "ssl")
-          proto   (if ssl? "smtps" "smtp")
+    (let [ssl?      (= security "ssl")
+          starttls? (= security "starttls")
+          proto     (if ssl? "smtps" "smtp")
          details (-> details
                      (assoc :proto proto
                             :connectiontimeout "1000"
-                             :timeout "1000")
+                             :timeout "4000")
                      (add-ssl-settings security))
          session (doto (Session/getInstance (make-props sender details))
                    (.setDebug false))]