mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
b9fb33d806
* [FEATURE] File Secret Loading * add a validator for secrets * run the secrets validator before the main config validator * only allow a secret to be defined in one of: config, env, file env * remove LF if found in file * update configuration before main config validation * fix unit tests * implement secret testing * refactor the secrets validator * make check os agnostic * update docs * add warning when user attempts to use ENV instead of ENV file * discourage ENV in docs * update config template * oxford comma * apply suggestions from code review * rename Validate to ValidateConfiguration * add k8s example * add deprecation notice in docs and warning * style changes
74 lines
3.0 KiB
Markdown
74 lines
3.0 KiB
Markdown
---
|
|
layout: default
|
|
title: SMTP
|
|
parent: Notifier
|
|
grand_parent: Configuration
|
|
nav_order: 2
|
|
---
|
|
|
|
# SMTP
|
|
|
|
**Authelia** can send emails to users through an SMTP server.
|
|
It can be configured as described below.
|
|
|
|
```yaml
|
|
# Configuration of the notification system.
|
|
#
|
|
# Notifications are sent to users when they require a password reset, a u2f
|
|
# registration or a TOTP registration.
|
|
# Use only an available configuration: filesystem, smtp.
|
|
notifier:
|
|
# You can disable the notifier startup check by setting this to true.
|
|
disable_startup_check: false
|
|
|
|
# For testing purpose, notifications can be sent in a file.
|
|
## filesystem:
|
|
## filename: /tmp/authelia/notification.txt
|
|
|
|
# Use a SMTP server for sending notifications. Authelia uses PLAIN or LOGIN method to authenticate.
|
|
# [Security] By default Authelia will:
|
|
# - force all SMTP connections over TLS including unauthenticated connections
|
|
# - use the disable_require_tls boolean value to disable this requirement (only works for unauthenticated connections)
|
|
# - validate the SMTP server x509 certificate during the TLS handshake against the hosts trusted certificates
|
|
# - trusted_cert option:
|
|
# - this is a string value, that may specify the path of a PEM format cert, it is completely optional
|
|
# - if it is not set, a blank string, or an invalid path; will still trust the host machine/containers cert store
|
|
# - defaults to the host machine (or docker container's) trusted certificate chain for validation
|
|
# - use the trusted_cert string value to specify the path of a PEM format public cert to trust in addition to the hosts trusted certificates
|
|
# - use the disable_verify_cert boolean value to disable the validation (prefer the trusted_cert option as it's more secure)
|
|
smtp:
|
|
username: test
|
|
# Password can also be set using a secret: https://docs.authelia.com/configuration/secrets.html
|
|
password: password
|
|
host: 127.0.0.1
|
|
port: 1025
|
|
sender: admin@example.com
|
|
# Subject configuration of the emails sent.
|
|
# {title} is replaced by the text from the notifier
|
|
subject: "[Authelia] {title}"
|
|
# This address is used during the startup check to verify the email configuration is correct. It's not important what it is except if your email server only allows local delivery.
|
|
## startup_check_address: test@authelia.com
|
|
## trusted_cert: ""
|
|
## disable_require_tls: false
|
|
## disable_verify_cert: false
|
|
```
|
|
|
|
## Using Gmail
|
|
|
|
You need to generate an app password in order to use Gmail SMTP servers. The process is
|
|
described [here](https://support.google.com/accounts/answer/185833?hl=en)
|
|
|
|
```yaml
|
|
notifier:
|
|
smtp:
|
|
username: myaccount@gmail.com
|
|
# Password can also be set using a secret: https://docs.authelia.com/configuration/secrets.html
|
|
password: yourapppassword
|
|
sender: admin@example.com
|
|
host: smtp.gmail.com
|
|
port: 587
|
|
```
|
|
|
|
## Loading a password from a secret instead of inside the configuration
|
|
|
|
Password can also be defined using a [secret](../secrets.md). |