A few words on SMTP enhancements

[zdeneksvarc]

First of all, let me say that Authorizer is a promising project and I am glad that something like this has been created and is being developed.

Let me mention the SMTP configurations. It is not obvious from the documentation or the environment variables how Authorizer approaches SMTP. That is, what authentication methods it uses (cram-md5, login, plain) and in what order in case of fallback. This is fortunately the less important part.

An important lack of documentation is related to SMTP encryption. That is, whether Authorizer uses opportunistic TLS (STARTLS) or implicit TLS or plain SMTP or a combination. A good practice is an environment variable that defines the encryption. Nowadays, the choice of implicit TLS or plain SMTP is sufficient. As mentioned in another thread, someone can also use local SMTP docker sidecar which accepts SMTP without authentication credentials and TLS.

Of course, these documentation flaws can be found by examining the gopkg.in/mail.v2 library and email.go, but documented for non-Golang users like me should be.

In this context, I would also like to mention that it would certainly be beneficial if the documentation contained more debugging information. For example, my current ENV=test behaves the same as ENV=production, i.e. it doesn't show me any logging related to SMTP binding.

I understand that Authorizer is at the start of its journey, so my post is not even meant to be a criticism. It's rather thought provoking. You’re on the right track, guys 👏

[lakhansamani]

Thank you for sharing your views @zdeneksvarc looking forward for more such insight.

I certainly agree documentation for few pieces can be improved and I will work on it.

Regarding mailing use-case right now it is raw username+password based auth and no encryption is considered. But a good point raised here I will see what I can do about it with upcoming releases

On the logging end instead of setting env you will have to set log level and that is missing in docs I will fix it thanks for catching that

[zdeneksvarc]

Thank you for your response. TLS encryption for SMTP should definitely be enabled. This can possibly be handled very easily via container sidecar like juanluisbaptiste/postfix.