fix(email): derive SMTP secure mode from credentials #76

Merged

addison merged 4 commits from exe-dev-bot/market:refactor/smtp-explicit-secure-flag into main

2026-02-07 18:54:39 -05:00

exe-dev-bot commented

2026-02-07 18:18:37 -05:00

Contributor

Problem

Newsletter delivery fails in production with:

553 5.7.1 market@kwila.cloud: Sender address rejected: not logged in

The SMTP code auto-detected STARTTLS and AUTH from the server's EHLO response. Many SMTP servers only advertise AUTH after the TLS upgrade, but supportsAuth was captured from the pre-TLS EHLO and never re-evaluated.

Solution

Remove capability auto-detection. Instead, derive secure mode from whether SMTP credentials are provided:

Credentials present (user + pass): STARTTLS + AUTH LOGIN (production)
No credentials: Plain TCP, no auth (local dev with Mailpit)

This requires no new env vars or flags. For local dev, SMTP_USER and SMTP_PASS are left empty in .env.

Changes

src/lib/email.ts: Remove EHLO capability parsing; derive secure from !!(user && pass)
.env / .env.example: Clear local SMTP credentials

Testing

Local: Triggered newsletter delivery via wrangler dev → emails delivered to Mailpit (plain TCP, no TLS/AUTH)
Production: Deploy and trigger → verify emails send with TLS + AUTH

## Problem Newsletter delivery fails in production with: > 553 5.7.1 <market@kwila.cloud>: Sender address rejected: not logged in The SMTP code auto-detected STARTTLS and AUTH from the server's EHLO response. Many SMTP servers only advertise `AUTH` **after** the TLS upgrade, but `supportsAuth` was captured from the pre-TLS EHLO and never re-evaluated. ## Solution Remove capability auto-detection. Instead, derive secure mode from whether SMTP credentials are provided: - **Credentials present** (`user` + `pass`): STARTTLS + AUTH LOGIN (production) - **No credentials**: Plain TCP, no auth (local dev with Mailpit) This requires no new env vars or flags. For local dev, `SMTP_USER` and `SMTP_PASS` are left empty in `.env`. ## Changes - `src/lib/email.ts`: Remove EHLO capability parsing; derive `secure` from `!!(user && pass)` - `.env` / `.env.example`: Clear local SMTP credentials ## Testing - [x] Local: Triggered newsletter delivery via `wrangler dev` → emails delivered to Mailpit (plain TCP, no TLS/AUTH) - [ ] Production: Deploy and trigger → verify emails send with TLS + AUTH

exe-dev-bot added 2 commits

2026-02-07 18:18:38 -05:00

refactor(email): replace SMTP auto-detection with explicit secure flag 466bd6a83d

Add `secure: boolean` to SmtpConfig interface. When true, use TLS
(implicit on port 465, STARTTLS on others) and AUTH LOGIN. When false,
use plain TCP with no authentication (for local dev tools like Mailpit).

Derive secure from presence of SMTP_USER/SMTP_PASS in trigger.ts and
worker.ts — no new env vars needed.

Co-authored-by: Shelley <shelley@exe.dev>

refactor(email): use import.meta.env.PROD for SMTP secure mode

CI / Lint, Type Check, Format & Unit Tests (pull_request) Successful in 1m45s

Details

CI / E2E Tests (pull_request) Failing after 2m53s

Details

89a3b0a9ce

Replace the explicit `secure` field in SmtpConfig with
`import.meta.env.PROD` inside sendEmail(). Production builds
automatically get TLS + AUTH; dev mode uses plain TCP with no auth.
No config or env vars needed — Vite/Astro provides the flag.

Co-authored-by: Shelley <shelley@exe.dev>

exe-dev-bot added 2 commits

2026-02-07 18:29:58 -05:00

refactor(email): use explicit SMTP_SECURE env var instead of import.meta.env.PROD 99ea060311

Co-authored-by: Shelley <shelley@exe.dev>

refactor(email): derive secure mode from SMTP credentials

CI / Lint, Type Check, Format & Unit Tests (pull_request) Successful in 1m46s

Details

CI / E2E Tests (pull_request) Failing after 2m42s

Details

bfd15d1336

Co-authored-by: Shelley <shelley@exe.dev>

exe-dev-bot changed title from ~~refactor(email): replace SMTP auto-detection with import.meta.env.PROD~~ to fix(email): derive SMTP secure mode from credentials

2026-02-07 18:30:10 -05:00