fix

2025-07-31 13:51:30 +02:00 · 2025-07-07 17:47:58 +02:00 · 2025-07-07 17:47:58 +02:00 · 20ca1b32d7
commit 20ca1b32d7
parent ce803dd6de
3 changed files with 47 additions and 5 deletions
--- a/client/pages/config/email.vue
+++ b/client/pages/config/email.vue
@ -46,6 +46,26 @@
          </div>
        </div>

+        <div class="flex items-center mb-2 py-1">
+          <div class="w-full px-1">
+            <div class="flex items-center">
+              <ui-toggle-switch labeledBy="email-settings-advanced-tls" v-model="showAdvancedTlsSettings" :disabled="savingSettings" />
+              <ui-tooltip :text="$strings.LabelEmailSettingsTlsServerNameHelp">
+                <div class="pl-4 flex items-center">
+                  <span id="email-settings-advanced-tls">{{ $strings.LabelEmailSettingsAdvancedTls }}</span>
+                  <span class="material-symbols text-lg pl-1">info</span>
+                </div>
+              </ui-tooltip>
+            </div>
+          </div>
+        </div>
+
+        <div v-if="showAdvancedTlsSettings" class="flex items-center -mx-1 mb-2">
+          <div class="w-full px-1">
+            <ui-text-input-with-label ref="tlsServerNameInput" v-model="newSettings.tlsServerName" :disabled="savingSettings" :label="$strings.LabelEmailSettingsTlsServerName" />
+          </div>
+        </div>
+
        <div class="flex items-center -mx-1 mb-2">
          <div class="w-full md:w-1/2 px-1">
            <ui-text-input-with-label ref="userInput" v-model="newSettings.user" :disabled="savingSettings" :label="$strings.LabelUsername" />
@ -140,8 +160,10 @@ export default {
        user: null,
        pass: null,
        testAddress: null,
-        fromAddress: null
+        fromAddress: null,
+        tlsServerName: null
      },
+      showAdvancedTlsSettings: false,
      newEReaderDevice: {
        name: '',
        email: ''
@ -163,6 +185,13 @@ export default {
      return this.settings?.ereaderDevices || []
    }
  },
+  watch: {
+    showAdvancedTlsSettings(newVal) {
+      if (!newVal) {
+        this.newSettings.tlsServerName = null
+      }
+    }
+  },
  methods: {
    resetChanges() {
      this.newSettings = {
@ -278,7 +307,8 @@ export default {
        user: this.newSettings.user,
        pass: this.newSettings.pass,
        testAddress: this.newSettings.testAddress,
-        fromAddress: this.newSettings.fromAddress
+        fromAddress: this.newSettings.fromAddress,
+        tlsServerName: this.newSettings.tlsServerName
      }
      this.savingSettings = true
      this.$axios
@ -313,6 +343,7 @@ export default {
          this.newSettings = {
            ...this.settings
          }
+          this.showAdvancedTlsSettings = !!this.settings.tlsServerName
        })
        .catch((error) => {
          console.error('Failed to get email settings', error)
--- a/client/strings/en-us.json
+++ b/client/strings/en-us.json
@ -316,12 +316,15 @@
  "LabelEbooks": "Ebooks",
  "LabelEdit": "Edit",
  "LabelEmail": "Email",
+  "LabelEmailSettingsAdvancedTls": "Advanced TLS Settings",
  "LabelEmailSettingsFromAddress": "From Address",
  "LabelEmailSettingsRejectUnauthorized": "Reject unauthorized certificates",
  "LabelEmailSettingsRejectUnauthorizedHelp": "Disabling SSL certificate validation may expose your connection to security risks, such as man-in-the-middle attacks. Only disable this option if you understand the implications and trust the mail server you are connecting to.",
  "LabelEmailSettingsSecure": "Secure",
  "LabelEmailSettingsSecureHelp": "If true the connection will use TLS when connecting to server. If false then TLS is used if server supports the STARTTLS extension. In most cases set this value to true if you are connecting to port 465. For port 587 or 25 keep it false. (from nodemailer.com/smtp/#authentication)",
  "LabelEmailSettingsTestAddress": "Test Address",
+  "LabelEmailSettingsTlsServerName": "TLS Server Name",
+  "LabelEmailSettingsTlsServerNameHelp": "Specify the hostname for TLS certificate validation when using an IP address as the host. This enables proper certificate validation while avoiding hostname resolution issues.",
  "LabelEmbeddedCover": "Embedded Cover",
  "LabelEnable": "Enable",
  "LabelEncodingBackupLocation": "A backup of your original audio files will be stored in:",
--- a/server/objects/settings/EmailSettings.js
+++ b/server/objects/settings/EmailSettings.js
@ -21,6 +21,7 @@ class EmailSettings {
    this.pass = null
    this.testAddress = null
    this.fromAddress = null
+    this.tlsServerName = null

    /** @type {EreaderDeviceObject[]} */
    this.ereaderDevices = []
@ -39,6 +40,7 @@ class EmailSettings {
    this.pass = settings.pass
    this.testAddress = settings.testAddress
    this.fromAddress = settings.fromAddress
+    this.tlsServerName = settings.tlsServerName || process.env.SMTP_TLS_SERVERNAME || null
    this.ereaderDevices = settings.ereaderDevices?.map((d) => ({ ...d })) || []

    // rejectUnauthorized added after v2.10.1 - defaults to true
@ -58,6 +60,7 @@ class EmailSettings {
      pass: this.pass,
      testAddress: this.testAddress,
      fromAddress: this.fromAddress,
+      tlsServerName: this.tlsServerName,
      ereaderDevices: this.ereaderDevices.map((d) => ({ ...d }))
    }
  }
@ -128,9 +131,14 @@ class EmailSettings {
      }
    }
    // Allow self-signed certs (https://nodemailer.com/smtp/#3-allow-self-signed-certificates)
-    if (!this.rejectUnauthorized) {
-      payload.tls = {
-        rejectUnauthorized: false
+    // And allows hostname validation for IP addresses (https://nodemailer.com/smtp/#general-options)
+    if (!this.rejectUnauthorized || this.tlsServerName) {
+      payload.tls = payload.tls || {}
+      if (!this.rejectUnauthorized) {
+        payload.tls.rejectUnauthorized = false
+      }
+      if (this.tlsServerName) {
+        payload.tls.servername = this.tlsServerName
      }
    }