Authelia Get started

SMTP

Variables

Some of the values within this page can automatically be replaced with documentation variables.

Configuration

Example Configuration

This section is intended as an example configuration to help users with a rough contextual layout of this configuration section, it is not intended to explain the options. The configuration shown may not be a valid configuration, and you should see the options section below and the navigation links to properly understand each option individually.

configuration.yml 
notifier:
  disable_startup_check: false
  smtp:
    address: 'smtp://127.0.0.1:25'
    timeout: '5s'
    username: 'test'
    password: 'password'
    sender: "Authelia <admin@example.com>"
    identifier: 'localhost'
    subject: "[Authelia] {title}"
    startup_check_address: 'test@example.com'
    disable_require_tls: false
    disable_starttls: false
    disable_html_emails: false
    tls:
      server_name: 'smtp.example.com'
      skip_verify: false
      minimum_version: 'TLS1.2'
      maximum_version: 'TLS1.3'
      certificate_chain: |
        -----BEGIN CERTIFICATE-----
        ...
        -----END CERTIFICATE-----
        -----BEGIN CERTIFICATE-----
        ...
        -----END CERTIFICATE-----        
      private_key: |
        -----BEGIN RSA PRIVATE KEY-----
        ...
        -----END RSA PRIVATE KEY-----

Options

This section describes the individual configuration options.

address

string address required

Reference Note

This configuration option uses a common syntax. For more information please see both the configuration example and the Common Syntax: Address reference guide.

Configures the address for the SMTP Server. The address itself is a connector and the scheme must be smtp, submission, or submissions. The only difference between these schemes are the default ports and submissions requires a TLS transport per SMTP Ports Security Measures, whereas submission and smtp use a standard TCP transport and typically enforce StartTLS.

Examples:

configuration.yml 
notifier:
  smtp:
    address: 'smtp://127.0.0.1:25'
configuration.yml 
notifier:
  smtp:
    address: 'submissions://[fd00:1111:2222:3333::1]:465'

timeout

string integer duration 5 seconds not required

Reference Note

This configuration option uses a common syntax. For more information please see both the configuration example and the Common Syntax: Duration reference guide.

The SMTP connection timeout.

username

string not required

The username sent for authentication with the SMTP server. Paired with the password.

password

string not required

Important Note

This can also be defined using a secret which is strongly recommended especially for containerized deployments.

The password paired with the username sent for authentication with the SMTP server.

It’s strongly recommended this is a Random Alphanumeric String with 64 or more characters and the user password is changed to this value.

sender

string required

The sender is used to construct both the SMTP command MAIL FROM and to add the FROM header. This address must be in RFC5322 format. This means it must one of two formats:

  • jsmith@domain.com
  • John Smith <jsmith@domain.com>

The MAIL FROM command sent to SMTP servers will not include the name portion, this is only set in the FROM as per specifications.

identifier

string localhost not required

The name to send to the SMTP server as the identifier with the HELO/EHLO command. Some SMTP providers like Google Mail reject the message if it’s localhost.

subject

string [Authelia] {title} not required

This is the subject Authelia will use in the email, it has a single placeholder at present {title} which should be included in all emails as it is the internal descriptor for the contents of the email.

startup_check_address

string test@authelia.com not required

Authelia checks the SMTP server is valid at startup, one of the checks requires we ask the SMTP server if it can send an email from us to a specific address, this is that address. No email is actually sent in the process. It is fine to leave this as is, but you can customize it if you have issues or you desire to.

disable_require_tls

boolean false not required

For security reasons the default settings for Authelia require the SMTP connection is encrypted by TLS. See security for more information. This option disables this measure (not recommended).

disable_starttls

boolean false not required

Some SMTP servers ignore SMTP specifications and claim to support STARTTLS when they in fact do not. For security reasons Authelia refuses to send messages to these servers. This option disables this measure and is enabled AT YOUR OWN RISK. It’s strongly recommended that instead of enabling this option you either fix the issue with the SMTP server’s configuration or have the administrators of the server fix it. If the issue can’t be fixed via the SMTP server configuration we recommend lodging an issue with the authors of the SMTP server.

See security for more information.

disable_html_emails

boolean false not required

This setting completely disables HTML formatting of emails and only sends text emails. Authelia by default sends mixed emails which contain both HTML and text so this option is rarely necessary.

tls

structure tls not required

Reference Note

This configuration option uses a common structure. For more information please see both the configuration example and the Common Structure: TLS reference guide.

Controls the TLS connection validation parameters for either StartTLS or the TLS socket.

Using Gmail

You need to generate an app password in order to use Gmail SMTP servers. The process is described here.

configuration.yml 
notifier:
  smtp:
    address: 'submission://smtp.gmail.com:587'
    username: 'myaccount@gmail.com'
    # Password can also be set using a secret: https://www.authelia.com/configuration/methods/secrets/
    password: 'yourapppassword'
    sender: 'admin@example.com'
Last updated on November 5, 2024
Edit this page on GitHub
Prev
Notifications
Next
File System