Email Notifications: Add StartTLSPolicy config flag (#24574)

conf/defaults.ini

@@ -464,6 +464,7 @@ skip_verify = false
 from_address = admin@grafana.localhost
 from_address = admin@grafana.localhost
 from_name = Grafana
 from_name = Grafana
 ehlo_identity =
 ehlo_identity =
+startTLS_policy =
 
 
 [emails]
 [emails]
 welcome_email_on_sign_up = false
 welcome_email_on_sign_up = false

conf/sample.ini

@@ -454,6 +454,8 @@
 ;from_name = Grafana
 ;from_name = Grafana
 # EHLO identity in SMTP dialog (defaults to instance_name)
 # EHLO identity in SMTP dialog (defaults to instance_name)
 ;ehlo_identity = dashboard.example.com
 ;ehlo_identity = dashboard.example.com
+# SMTP startTLS policy (defaults to 'OpportunisticStartTLS') 
+;startTLS_policy = NoStartTLS
 
 
 [emails]
 [emails]
 ;welcome_email_on_sign_up = false
 ;welcome_email_on_sign_up = false

docs/sources/installation/configuration.md

@@ -560,6 +560,9 @@ Name to be used when sending out emails, defaults to `Grafana`
 ### ehlo_identity
 ### ehlo_identity
 Name to be used as client identity for EHLO in SMTP dialog, defaults to instance_name.
 Name to be used as client identity for EHLO in SMTP dialog, defaults to instance_name.
 
 
+### startTLS_policy
+Either "OpportunisticStartTLS", "MandatoryStartTLS", "NoStartTLS". Default is "OpportunisticStartTLS"
+
 ## [log]
 ## [log]
 
 
 ### mode
 ### mode

pkg/services/notifications/mailer.go

@@ -111,6 +111,7 @@ func (ns *NotificationService) createDialer() (*gomail.Dialer, error) {
 
 
 	d := gomail.NewDialer(host, iPort, ns.Cfg.Smtp.User, ns.Cfg.Smtp.Password)
 	d := gomail.NewDialer(host, iPort, ns.Cfg.Smtp.User, ns.Cfg.Smtp.Password)
 	d.TLSConfig = tlsconfig
 	d.TLSConfig = tlsconfig
+	d.StartTLSPolicy = getStartTLSPolicy(ns.Cfg.Smtp.StartTLSPolicy)
 
 
 	if ns.Cfg.Smtp.EhloIdentity != "" {
 	if ns.Cfg.Smtp.EhloIdentity != "" {
 		d.LocalName = ns.Cfg.Smtp.EhloIdentity
 		d.LocalName = ns.Cfg.Smtp.EhloIdentity
@@ -120,6 +121,17 @@ func (ns *NotificationService) createDialer() (*gomail.Dialer, error) {
 	return d, nil
 	return d, nil
 }
 }
 
 
+func getStartTLSPolicy(policy string) gomail.StartTLSPolicy {
+	switch policy {
+	case "NoStartTLS":
+		return -1
+	case "MandatoryStartTLS":
+		return 1
+	default:
+		return 0
+	}
+}
+
 func (ns *NotificationService) buildEmailMessage(cmd *models.SendEmailCommand) (*Message, error) {
 func (ns *NotificationService) buildEmailMessage(cmd *models.SendEmailCommand) (*Message, error) {
 	if !ns.Cfg.Smtp.Enabled {
 	if !ns.Cfg.Smtp.Enabled {
 		return nil, models.ErrSmtpNotEnabled
 		return nil, models.ErrSmtpNotEnabled

pkg/setting/setting_smtp.go

 package setting
 package setting
 
 
 type SmtpSettings struct {
 type SmtpSettings struct {
-	Enabled      bool
-	Host         string
-	User         string
-	Password     string
-	CertFile     string
-	KeyFile      string
-	FromAddress  string
-	FromName     string
-	EhloIdentity string
-	SkipVerify   bool
+	Enabled        bool
+	Host           string
+	User           string
+	Password       string
+	CertFile       string
+	KeyFile        string
+	FromAddress    string
+	FromName       string
+	EhloIdentity   string
+	StartTLSPolicy string
+	SkipVerify     bool
 
 
 	SendWelcomeEmailOnSignUp bool
 	SendWelcomeEmailOnSignUp bool
 	TemplatesPattern         string
 	TemplatesPattern         string
@@ -27,6 +28,7 @@ func (cfg *Cfg) readSmtpSettings() {
 	cfg.Smtp.FromAddress = sec.Key("from_address").String()
 	cfg.Smtp.FromAddress = sec.Key("from_address").String()
 	cfg.Smtp.FromName = sec.Key("from_name").String()
 	cfg.Smtp.FromName = sec.Key("from_name").String()
 	cfg.Smtp.EhloIdentity = sec.Key("ehlo_identity").String()
 	cfg.Smtp.EhloIdentity = sec.Key("ehlo_identity").String()
+	cfg.Smtp.StartTLSPolicy = sec.Key("startTLS_policy").String()
 	cfg.Smtp.SkipVerify = sec.Key("skip_verify").MustBool(false)
 	cfg.Smtp.SkipVerify = sec.Key("skip_verify").MustBool(false)
 
 
 	emails := cfg.Raw.Section("emails")
 	emails := cfg.Raw.Section("emails")