airajena commented on PR #5369: URL: https://github.com/apache/fineract/pull/5369#issuecomment-3795315011
> I'm not sure about this, simply hard coding this logic is not the correct way to do it. What if google adds new SMTP hostname, de we have to maintain this setting everytime A new provider gets add. I think it should handled based on configuration based. This logic seems too fragile for me. Maybe I am wrong but way it is implemented in not right, these type of settings should be configuration driven. > […](#) > On Sat, 24 Jan, 2026, 6:58 pm Aira Jena, ***@***.***> wrote: *airajena* left a comment ([apache/fineract#5369](https://github.com/apache/fineract/pull/5369)) <[#5369 (comment)](https://github.com/apache/fineract/pull/5369#issuecomment-3794632194)> Brother, by your logic if it's for strict gmail. Then what about cases which uses their custom domain for example organization email or education email from Google workspace. What would happen to that? Will that work? … <#m_800436846468510565_> On Sat, 24 Jan, 2026, 5:05 pm Aira Jena, *@*.*> wrote: @.** commented on this pull request. ------------------------------ In fineract-provider/src/main/java/org/apache/fineract/infrastructure/core/service/GmailBackedPlatformEmailService.java <#5369 (comment) <[#5369 (comment)](https://github.com/apache/fineract/pull/5369#discussion_r2724067122)>>: > @@ -74,12 +74,16 @@ public void sendDefinedEmail(EmailDetail emailDetails) { props.put("mail.debug", "true"); // these are the added lines - prop s.put("mail.smtp.starttls.enable", "true"); - // props.put("mail.smtp.ssl.enable", "true"); - - props.put("mail.smtp.socketFactory.port", Integer.parseInt(smtpCredentialsData.getPort())); - props.put("mail.smtp.socketFactory.class", "javax.net.ssl.SSLSocketFactory");// NOSONAR - props.put("mail.smtp.socketFactory.fallback", "true"); + // Only apply strict Gmail settings if we are actually connecting to Gmail + if (smtpCredentialsData.getHost() != null && smtpCredentialsData.getHost().endsWith("gmail.com")) { The code already handles this - it only applies strict SSL/TLS settings when the SMTP host ends with gmail.com. For other providers (Yahoo, Outlook, ProtonMail, or even local testing with Mailhog), it uses relaxed settings without forcing the SSL SocketFactory. This way, the email service works with any SMTP provider configured in the external services settings. — Reply to this email directly, view it on GitHub <#5369 (comment) <[#5369 (comment)](https://github.com/apache/fine ract/pull/5369#discussion_r2724067122)>>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHV6TA63OV2P7O3AEJXFMS34INKIHAVCNFSM6AAAAACSUFDBTOVHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMZTOMBRGQ3TKMRRG4 . You are receiving this because you commented.Message ID: *@*.***> The check is based on the SMTP host (smtpCredentialsData.getHost()), not the user's email domain. For Google Workspace with custom domains (e.g., ***@***.*** or ***@***.***), the SMTP server is still smtp.gmail.com. So the condition getHost().endsWith("gmail.com") would correctly apply the Gmail-specific SSL settings. Examples: Gmail ***@***.***) → SMTP host: smtp.gmail.com → Gmail settings applied Google Workspace ***@***.***) → SMTP host: smtp.gmail.com → Gmail settings applied Outlook 365 ***@***.***) → SMTP host: smtp.office365.com → elaxed settings Yahoo → SMTP host: smtp.mail.yahoo.com → Relaxed settings The SMTP host is configured in Fineract's external services settings by t he administrator, so it correctly identifies the mail provider regardless of the sender's email domain. — Reply to this email directly, view it on GitHub <[#5369 (comment)](https://github.com/apache/fineract/pull/5369#issuecomment-3794632194)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AHV6TA4DQKCTCOXHYJ4GUE34INXQXAVCNFSM6AAAAACSUFDBTOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTOOJUGYZTEMJZGQ> . You are receiving this because you commented.Message ID: ***@***.***> You make a very valid point. Ideally, these SSL/TLS settings (socketFactory, starttls, etc.) should be stored in the database configuration rather than inferred from the hostname. However, the current SMTPCredentialsData only supports basic fields (host, port, username, password). Making this fully configuration-driven would require schema changes, API updates, and UI changes to the External Services configuration, which is a significant refactor outside the scope of this "Forgot Password" feature. This logic was added as a pragmatic "bridge" to support standard Gmail configurations (which many users employ) while preventing breakage for non-standard providers (like Mailtrap/Mailhog/Outlook) that fail if SSLSocketFactory is forced. Would you be okay if we keep this safeguard for now to unblock this feature? I can create a follow-up issue/PR to refactor the Email Service to be fully generic and configuration-driven. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
