Skip to content

Self-signed cert on outbound (rejectUnauthorized: false) #42

Description

@mohamedboukari

Description

Standard practice for MTA-to-MTA delivery, but undetectable MITM is a real concern. At minimum we should log when validation would have failed.

Ref: src/modules/emails/services/mailer.service.ts:78tls: { rejectUnauthorized: false }

Acceptance criteria

  • Capture peer cert details (subject, issuer, expiry, self-signed flag)
  • Log when self-signed or expired
  • Per-domain requireValidCert config flag for known-good MX (e.g. aspmx.l.google.com)
  • Surface "% deliveries with valid cert" in dashboard

Metadata

Metadata

Assignees

No one assigned

    Labels

    observabilityLogs, metrics, tracingsecuritySecurity issue or hardening

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions