⚙️Configure email notifications
By default, no email notifications are sent. You can configure email notifications using SMTP.
SMTP is a protocol that allows applications to send emails.
Key terminology
To avoid confusion, let's define some key terms:
The SMTP Server: The server that sends the emails like
smtp.gmail.com
.SMTP Ports Security Measures: SMTP is a protocol that can use different secure layers:
StartTLS (or explicit TLS): By default, all SMTP communications are unencrypted. To upgrade to a secure TLS connection, services negotiate using the StartTLS protocol. This protocol is often associated with the port 587.
Direct TLS (or implicit TLS): An exception to the rule above, the
submissions
port begins immediately secured with TLS (similar to HTTPS). When thesubmissions
service port is available, it should be preferred over any StartTLS port for submitting mail. This protocol is often associated with the port 465.
The SMTP Client: The program that sends emails like Curity and Laputa.
Do note that the smtps
, which is also on port 465 and used old SSL, is deprecated. Make sure that the port 465 uses TLS1.2 (or greater).
You can check using:
openssl s_client -connect smtp.gmail.com:465 -crlf
Read the RFC8314 for more details.
Parameters
While you could configure SMTP parameters as environment variable like in Toucan v2 and directly on the UI of Curity, the Helm Charts allow you to configure the SMTP parameters directly in the values.override.yaml
file.
Here's the location of the parameters you need to configure:
global:
## Configure Curity and Laputa SMTP settings
smtp:
enabled: false
host: ''
port: 587
## @param global.smtp.sender Sender email address.
sender:
displayName: 'Toucan Toco'
email: '' # Example: '[email protected]'
## @param global.smtp.username SMTP username.
username: ''
## @param global.smtp.password SMTP password.
password: ''
## @param global.smtp.existingSecret Name of an existing secret to use for Curity email
## It must contain the key `toucan-smtp-password`. If set, `password` is ignored.
existingSecret: ''
tls:
enabled: true
## @param global.smtp.tls.type Type of TLS.
## Allowed values: starttls (often port 587), tls (often port 465)
type: starttls
Last updated
Was this helpful?