Files
wehub-resource-sync 3a28426bf4
Lint and Format Check / lint-and-format (push) Failing after 0s
Check Migrations / Check for duplicate migration numbers (push) Failing after 1s
CI Pre-merge Check / CI Pre-merge Check (push) Failing after 2m17s
chore: import upstream snapshot with attribution
2026-07-13 12:23:40 +08:00

57 lines
2.4 KiB
Plaintext

---
title: Custom SMTP
description: Route every outgoing email through your own SMTP server
---
When enabled, every email (auth flows and `emails.send()` calls) routes through your SMTP server. Toggle off to revert; credentials are preserved.
## Concepts
Provider is resolved on every send, so saves take effect on the next request. InsForge runs `transporter.verify()` before saving, so a persisted config always works. Passwords are encrypted at rest with AES-256-GCM and never returned by the API.
## Usage
Configure SMTP under **Authentication → Email**.
<Steps>
<Step title="Enable custom SMTP">
Flip the switch on the **SMTP Provider** card.
</Step>
<Step title="Enter credentials">
Host, port (`25`, `465`, `587`, `2525`), username, password, sender email, sender name. Private IPs and self-signed certs are rejected.
</Step>
<Step title="Save">
InsForge runs an SMTP handshake before persisting. Bad credentials fail fast.
</Step>
<Step title="Edit templates (optional)">
The **Email Templates** card unlocks the four auth templates.
</Step>
</Steps>
The `From:` header is always your configured sender. SDK callers cannot spoof it.
## Email templates
Templates render locally from `email.templates`. Variables use `{{ variable }}` and are HTML-escaped.
| Template | When it sends |
|----------|---------------|
| `email-verification-code` | New-user verification with a 6-digit code |
| `email-verification-link` | New-user verification with a clickable link |
| `reset-password-code` | Password reset with a 6-digit code |
| `reset-password-link` | Password reset with a clickable link |
Variables: `{{ token }}` (code templates), `{{ link }}` (link templates, must start with `http://` or `https://`), `{{ name }}` and `{{ email }}` (all templates).
## Considerations
- **Rate limiting.** **Min interval (seconds)** caps per-recipient frequency. Sends within the cooldown return HTTP `429`. Defaults to `60`; `0` disables.
- **SSRF protection.** Private, loopback, link-local, and carrier-NAT ranges are rejected.
- **Audit log.** Config saves log `UPDATE_SMTP_CONFIG`; template edits log `UPDATE_EMAIL_TEMPLATE`.
## More resources
- [Messaging overview](/core-concepts/messaging/overview) for the routing model.
- [nodemailer SMTP transport](https://nodemailer.com/smtp/) for connection options.
- [Authentication overview](/core-concepts/authentication/overview) for the flows that emit these emails.