From f7a53e60da80dbc735d4d5cd240c3fa25250bd2f Mon Sep 17 00:00:00 2001
From: Jason Staack <jason@staack.com>
Date: Mon, 9 Mar 2026 21:03:54 -0500
Subject: [PATCH] =?UTF-8?q?fix:=20SMTP=20TLS=20logic=20was=20inverted=20?=
 =?UTF-8?q?=E2=80=94=20plain=20SMTP=20incorrectly=20used=20STARTTLS?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

When use_tls=false, the old logic set start_tls=true for any port != 25,
which broke plain SMTP servers like Mailpit. Now:
- Port 465: implicit TLS
- use_tls=true on other ports: STARTTLS
- use_tls=false: plain SMTP (no TLS)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 backend/app/services/email_service.py | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/backend/app/services/email_service.py b/backend/app/services/email_service.py
index 6e7cff5..6a53dde 100644
--- a/backend/app/services/email_service.py
+++ b/backend/app/services/email_service.py
@@ -59,8 +59,15 @@ async def send_email(
     msg.set_content(plain_text)
     msg.add_alternative(html, subtype="html")
 
-    use_tls = smtp_config.use_tls
-    start_tls = not use_tls if smtp_config.port != 25 else False
+    # Port 465 = implicit TLS (use_tls=True, start_tls=False)
+    # Port 587 = STARTTLS (use_tls=False, start_tls=True) — only when TLS requested
+    # Port 25/other = plain SMTP (use_tls=False, start_tls=False)
+    if smtp_config.port == 465:
+        use_tls, start_tls = True, False
+    elif smtp_config.use_tls:
+        use_tls, start_tls = False, True
+    else:
+        use_tls, start_tls = False, False
 
     await aiosmtplib.send(
         msg,
@@ -80,11 +87,17 @@ async def test_smtp_connection(smtp_config: SMTPConfig) -> dict:
         dict with "success" bool and "message" string.
     """
     try:
+        if smtp_config.port == 465:
+            _use_tls, _start_tls = True, False
+        elif smtp_config.use_tls:
+            _use_tls, _start_tls = False, True
+        else:
+            _use_tls, _start_tls = False, False
         smtp = aiosmtplib.SMTP(
             hostname=smtp_config.host,
             port=smtp_config.port,
-            use_tls=smtp_config.use_tls,
-            start_tls=not smtp_config.use_tls if smtp_config.port != 25 else False,
+            use_tls=_use_tls,
+            start_tls=_start_tls,
         )
         await smtp.connect()
         if smtp_config.user and smtp_config.password: