From a19863045665ffc45fc4885df4fa7489c25ade3c Mon Sep 17 00:00:00 2001
From: 3wc <3wc.coopcloud@doesthisthing.work>
Date: Sun, 22 Mar 2026 22:48:26 -0400
Subject: [PATCH] fix: Add starttls_only option

---
 .env.sample      | 3 +++
 abra.sh          | 2 +-
 compose.smtp.yml | 1 +
 config.toml.tmpl | 1 +
 4 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/.env.sample b/.env.sample
index f631f65..a2788bc 100644
--- a/.env.sample
+++ b/.env.sample
@@ -5,6 +5,8 @@ ENABLE_BACKUPS=true
 
 COMPOSE_FILE="compose.yml"
 
+# See https://sebadob.github.io/rauthy/config/config.html
+
 ADMIN_EMAIL=admin@example.org
 ADMIN_FORCE_MFA=true
 
@@ -25,3 +27,4 @@ SECRET_HQL_API_VERSION=v1
 #SMTP_FROM=
 #SMTP_USERNAME=
 #SECRET_SMTP_PASSWORD_VERSION=v1
+#SMTP_STARTTLS_ONLY=true
diff --git a/abra.sh b/abra.sh
index f43a849..bfc64ee 100644
--- a/abra.sh
+++ b/abra.sh
@@ -1,6 +1,6 @@
 set -e
 
-export CONFIG_TOML_VERSION=v3
+export CONFIG_TOML_VERSION=v4
 
 generate_enc_keys() {
   KEY_A="$(openssl rand -base64 32)"
diff --git a/compose.smtp.yml b/compose.smtp.yml
index f493068..e278edb 100644
--- a/compose.smtp.yml
+++ b/compose.smtp.yml
@@ -7,6 +7,7 @@ services:
       - SMTP_URL
       - SMTP_PORT
       - SMTP_USERNAME
+      - SMTP_STARTTLS_ONLY
     secrets:
       - smtp_password
 
diff --git a/config.toml.tmpl b/config.toml.tmpl
index 79cbd6b..54d00ad 100644
--- a/config.toml.tmpl
+++ b/config.toml.tmpl
@@ -17,6 +17,7 @@ smtp_url = '{{ env "SMTP_URL" }}'
 smtp_username = '{{ env "SMTP_USERNAME" }}'
 smtp_password = '{{ secret "smtp_password" }}'
 smtp_from = '{{ env "SMTP_FROM" }}'
+starttls_only = {{ or (env "SMTP_STARTTLS_ONLY") "false" }}
 {{ end }}
 
 [logging]