Description
Standard practice for MTA-to-MTA delivery, but undetectable MITM is a real concern. At minimum we should log when validation would have failed.
Ref: src/modules/emails/services/mailer.service.ts:78 — tls: { rejectUnauthorized: false }
Acceptance criteria
Description
Standard practice for MTA-to-MTA delivery, but undetectable MITM is a real concern. At minimum we should log when validation would have failed.
Ref:
src/modules/emails/services/mailer.service.ts:78—tls: { rejectUnauthorized: false }Acceptance criteria
requireValidCertconfig flag for known-good MX (e.g.aspmx.l.google.com)