# Configure email notifications

By default, no email notifications are sent. You can configure email notifications using SMTP.

SMTP is a protocol that allows applications to send emails.

## Key terminology

To avoid confusion, let's define some key terms:

* The **SMTP Server**: The server that sends the emails like `smtp.gmail.com`.
* **SMTP Ports Security Measures**: SMTP is a protocol that can use different secure layers:
  * **StartTLS (or explicit TLS)**: By default, all SMTP communications are unencrypted. To upgrade to a secure TLS connection, services negotiate using the StartTLS protocol. This protocol is often associated with the port 587.
  * **Direct TLS (or implicit TLS)**: An exception to the rule above, the **`submissions`** port begins immediately secured with TLS (similar to HTTPS). When the `submissions` service port is available, it [should be preferred](https://datatracker.ietf.org/doc/html/rfc8314#section-3.3) over any StartTLS port for submitting mail. This protocol is often associated with the port 465.
* The **SMTP Client**: The program that sends emails like Curity and Laputa.

{% hint style="warning" %}
Do note that the `smtps`, which is also on port 465 and used old SSL, is deprecated. Make sure that the port 465 uses TLS1.2 (or greater).

You can check using:

{% code title="bash" overflow="wrap" %}

```bash
openssl s_client -connect smtp.gmail.com:465 -crlf
```

{% endcode %}

Read the [RFC8314](https://datatracker.ietf.org/doc/html/rfc8314#section-3.3) for more details.
{% endhint %}

## Parameters

While you could configure SMTP parameters as environment variable like in Toucan v2 and directly on the UI of Curity, the Helm Charts allow you to configure the SMTP parameters directly in the `values.override.yaml` file.

Here's the location of the parameters you need to configure:

{% code title="yaml: values.override.yaml" %}

```yaml
global:
  ## Configure Curity and Laputa SMTP settings
  smtp:
    enabled: false
    host: ''
    port: 587
    ## @param global.smtp.sender Sender email address.
    sender:
      displayName: 'Toucan Toco'
      email: '' # Example: 'no-reply@example.com'
    ## @param global.smtp.username SMTP username.
    username: ''
    ## @param global.smtp.password SMTP password.
    password: ''
    ## @param global.smtp.existingSecret Name of an existing secret to use for Curity email
    ## It must contain the key `toucan-smtp-password`. If set, `password` is ignored.
    existingSecret: ''
    tls:
      enabled: true
      ## @param global.smtp.tls.type Type of TLS.
      ## Allowed values: starttls (often port 587), tls (often port 465)
      type: starttls
```

{% endcode %}