public/librenotes
1
0
Fork 0
Code Issues 4 Pull Requests 1 Actions Packages Projects Releases 1 Wiki Activity

Configure prod SMTP relay for magic-link delivery on netcup #40

New Issue
Open
opened 2026-04-29 01:32:08 +02:00 by libretech · 0 comments
libretech commented 2026-04-29 01:32:08 +02:00
Owner
Copy Link

Summary

Replace the placeholder SMTP configuration on the netcup deployment (/srv/librenotes/.env currently has LIBRENOTES_SMTP_HOST=localhost, port 1025, no creds) with a working transactional SMTP relay so magic-link login works end-to-end at https://ln.cloud.librete.ch/.

Context

  • librenotes uses magic-link auth only — no password fallback. Without a real SMTP relay, sign-in is non-functional.
  • internal/auth.SMTPMailer ships with the binary; configuration is purely env-var driven.
  • Current placeholders cause magic-link emails to be silently dropped (no relay listening).

Options

  • A reputable transactional provider (Postmark, SES, Mailgun, Brevo, Sendgrid)
  • Self-hosted relay (Postfix/exim on netcup or another host) — adds a maintenance burden, deferred unless deliberately chosen

Tasks

  • Pick provider and create credentials
  • Set up sender domain auth (SPF, DKIM, DMARC) on the envelope domain (e.g. librete.ch if using no-reply@librete.ch, or a dedicated subdomain like mail.librete.ch)
  • Update /srv/librenotes/.env:
    • LIBRENOTES_SMTP_HOST=...
    • LIBRENOTES_SMTP_PORT=587
    • LIBRENOTES_SMTP_USER=...
    • LIBRENOTES_SMTP_PASS=...
    • LIBRENOTES_SMTP_FROM=no-reply@<envelope-domain>
  • docker compose ... up -d librenotes to pick up the new env (recreate, not just restart)
  • Smoke-test: trigger a sign-in from https://ln.cloud.librete.ch/, click the link from a real inbox

Acceptance Criteria

  • A magic-link email lands in a real inbox within ~5s
  • Clicking the link signs the user in
  • SPF/DKIM/DMARC pass at the receiving MTA (mail-tester.com score ≥ 9/10)
  • Sender domain matches LIBRENOTES_SMTP_FROM
  • Credentials stored only in /srv/librenotes/.env (chmod 600), never committed

Dependencies

  • None (deployment is live; only config + creds blocking)
## Summary Replace the placeholder SMTP configuration on the netcup deployment (`/srv/librenotes/.env` currently has `LIBRENOTES_SMTP_HOST=localhost`, port `1025`, no creds) with a working transactional SMTP relay so magic-link login works end-to-end at `https://ln.cloud.librete.ch/`. ## Context - librenotes uses magic-link auth only — no password fallback. Without a real SMTP relay, sign-in is non-functional. - `internal/auth.SMTPMailer` ships with the binary; configuration is purely env-var driven. - Current placeholders cause magic-link emails to be silently dropped (no relay listening). ## Options - A reputable transactional provider (Postmark, SES, Mailgun, Brevo, Sendgrid) - Self-hosted relay (Postfix/exim on netcup or another host) — adds a maintenance burden, deferred unless deliberately chosen ## Tasks - [ ] Pick provider and create credentials - [ ] Set up sender domain auth (SPF, DKIM, DMARC) on the envelope domain (e.g. `librete.ch` if using `no-reply@librete.ch`, or a dedicated subdomain like `mail.librete.ch`) - [ ] Update `/srv/librenotes/.env`: - `LIBRENOTES_SMTP_HOST=...` - `LIBRENOTES_SMTP_PORT=587` - `LIBRENOTES_SMTP_USER=...` - `LIBRENOTES_SMTP_PASS=...` - `LIBRENOTES_SMTP_FROM=no-reply@<envelope-domain>` - [ ] `docker compose ... up -d librenotes` to pick up the new env (recreate, not just restart) - [ ] Smoke-test: trigger a sign-in from `https://ln.cloud.librete.ch/`, click the link from a real inbox ## Acceptance Criteria - [ ] A magic-link email lands in a real inbox within ~5s - [ ] Clicking the link signs the user in - [ ] SPF/DKIM/DMARC pass at the receiving MTA (`mail-tester.com` score ≥ 9/10) - [ ] Sender domain matches `LIBRENOTES_SMTP_FROM` - [ ] Credentials stored only in `/srv/librenotes/.env` (chmod 600), never committed ## Dependencies - None (deployment is live; only config + creds blocking)
libretech added the
phase-6
task
infrastructure
 labels 2026-04-29 01:32:08 +02:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
backend
Backend changes
database
Database changes
documentation
Documentation improvements
epic
frontend
Frontend changes
infrastructure
Infrastructure and deployment
launch
Launch and release tasks
phase-0
phase-1
phase-2
phase-3
phase-4
phase-5
phase-6
security
Security-related
task
Actionable task
No Label
infrastructure
phase-6
task
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
libretech
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: public/librenotes#40
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?