📧 feat: Allow usage of custom SMTP server (#1219)

Co-authored-by: David Reis <post@d-reis.com>

.env.example

@@ -1,10 +1,10 @@
 ##########################
-# Server configuration: 
+# Server configuration:
 ##########################
 
 APP_TITLE=LibreChat
 
-# Uncomment to add a custom footer. 
+# Uncomment to add a custom footer.
 # Uncomment and make empty "" to remove the footer.
 # CUSTOM_FOOTER="My custom footer"
 
@@ -15,11 +15,11 @@ APP_TITLE=LibreChat
 
 # ENDPOINTS=openAI,azureOpenAI,bingAI,chatGPTBrowser,google,gptPlugins,anthropic
 
-# The server will listen to localhost:3080 by default. You can change the target IP as you want. 
+# The server will listen to localhost:3080 by default. You can change the target IP as you want.
-# If you want to make this server available externally, for example to share the server with others 
+# If you want to make this server available externally, for example to share the server with others
-# or expose this from a Docker container, set host to 0.0.0.0 or your external IP interface. 
+# or expose this from a Docker container, set host to 0.0.0.0 or your external IP interface.
-# Tips: Setting host to 0.0.0.0 means listening on all interfaces. It's not a real IP.  
+# Tips: Setting host to 0.0.0.0 means listening on all interfaces. It's not a real IP.
-# Use localhost:port rather than 0.0.0.0:port to access the server. 
+# Use localhost:port rather than 0.0.0.0:port to access the server.
 # Set Node env to development if running in dev mode.
 HOST=localhost
 PORT=3080
@@ -83,27 +83,27 @@ MESSAGE_USER_WINDOW=1 # in minutes, determines the window of time for MESSAGE_US
 # UID=1000
 # GID=1000
 
-# Change this to proxy any API request. 
+# Change this to proxy any API request.
-# It's useful if your machine has difficulty calling the original API server. 
+# It's useful if your machine has difficulty calling the original API server.
 # PROXY=
 
-# Change this to your MongoDB URI if different. I recommend appending LibreChat. 
+# Change this to your MongoDB URI if different. I recommend appending LibreChat.
 MONGO_URI=mongodb://127.0.0.1:27018/LibreChat
 
 ##########################
-# OpenAI Endpoint: 
+# OpenAI Endpoint:
 ##########################
 
-# Access key from OpenAI platform. 
+# Access key from OpenAI platform.
 # Leave it blank to disable this feature.
 # Set to "user_provided" to allow the user to provide their API key from the UI.
 OPENAI_API_KEY=user_provided
 
 DEBUG_OPENAI=false # Set to true to enable debug mode for the OpenAI endpoint
 
-# Identify the available models, separated by commas *without spaces*. 
+# Identify the available models, separated by commas *without spaces*.
-# The first will be default. 
+# The first will be default.
-# Leave it blank to use internal settings. 
+# Leave it blank to use internal settings.
 # OPENAI_MODELS=gpt-3.5-turbo-1106,gpt-4-1106-preview,gpt-3.5-turbo,gpt-3.5-turbo-16k,gpt-3.5-turbo-0301,text-davinci-003,gpt-4,gpt-4-0314,gpt-4-0613
 
 # Titling is enabled by default when initiating a conversation.
@@ -129,7 +129,7 @@ DEBUG_OPENAI=false # Set to true to enable debug mode for the OpenAI endpoint
 # Must be compatible with the OpenAI Endpoint.
 # OPENAI_SUMMARY_MODEL=gpt-3.5-turbo
 
-# Reverse proxy settings for OpenAI: 
+# Reverse proxy settings for OpenAI:
 # https://github.com/waylaidwanderer/node-chatgpt-api#using-a-reverse-proxy
 # The URL must match the "url/v1," pattern, the "openai" suffix is also allowed.
 # Examples:
@@ -145,12 +145,15 @@ DEBUG_OPENAI=false # Set to true to enable debug mode for the OpenAI endpoint
 # This may be the case for LocalAI with some models. To do so, uncomment the following:
 # OPENAI_FORCE_PROMPT=true
 
-# (Advanced) For customization of the DALL-E-3 System prompt, 
+# (Advanced) For customization of the DALL-E-3 System prompt,
 # uncomment the following, and provide your own prompt:
 # See official prompt for reference:
 # https://github.com/spdustin/ChatGPT-AutoExpert/blob/main/_system-prompts/dall-e.md
 # DALLE3_SYSTEM_PROMPT="Your System Prompt here"
 
+# OpenAI API key for DALL-E / DALL-E-3. Set to user_provided to have the user provide their own key when installing the pluigin.
+# DALLE_API_KEY=user_provided
+
 # (Advanced) DALL-E Proxy settings
 # This is separate from its OpenAI counterpart for customization purposes
 
@@ -166,7 +169,7 @@ DEBUG_OPENAI=false # Set to true to enable debug mode for the OpenAI endpoint
 # Note: if you have PROXY set, it will be used for DALLE calls also, which is universal for the app
 
 ##########################
-# OpenRouter (overrides OpenAI and Plugins Endpoints): 
+# OpenRouter (overrides OpenAI and Plugins Endpoints):
 ##########################
 
 # OpenRouter is a legitimate proxy service to a multitude of LLMs, both closed and open source, including:
@@ -179,11 +182,11 @@ DEBUG_OPENAI=false # Set to true to enable debug mode for the OpenAI endpoint
 # OPENROUTER_API_KEY=
 
 ##########################
-# AZURE Endpoint:   
+# AZURE Endpoint:
 ##########################
 
 # To use Azure with this project, set the following variables. These will be used to build the API URL.
-# Chat completion: 
+# Chat completion:
 # `https://{AZURE_OPENAI_API_INSTANCE_NAME}.openai.azure.com/openai/deployments/{AZURE_OPENAI_API_DEPLOYMENT_NAME}/chat/completions?api-version={AZURE_OPENAI_API_VERSION}`;
 # You should also consider changing the `OPENAI_MODELS` variable above to the models available in your instance/deployment.
 # Note: I've noticed that the Azure API is much faster than the OpenAI API, so the streaming looks almost instantaneous.
@@ -202,7 +205,7 @@ DEBUG_OPENAI=false # Set to true to enable debug mode for the OpenAI endpoint
 # However, you can use non-model deployment names and setting the AZURE_OPENAI_DEFAULT_MODEL to ensure it works as expected.
 
 # Identify the available models, separated by commas *without spaces*.
-# The first will be default. Leave it blank or as is to use internal settings. 
+# The first will be default. Leave it blank or as is to use internal settings.
 # NOTE: as deployment names can't have periods, they will be removed when the endpoint is generated.
 AZURE_OPENAI_MODELS=gpt-3.5-turbo,gpt-4
 
@@ -220,18 +223,18 @@ AZURE_USE_MODEL_AS_DEPLOYMENT_NAME=TRUE
 # PLUGINS_USE_AZURE="true"
 
 ##########################
-# ChatGPT Endpoint: 
+# ChatGPT Endpoint:
 ##########################
 
-# ChatGPT Browser Client (free but use at your own risk) 
+# ChatGPT Browser Client (free but use at your own risk)
-# Access token from https://chat.openai.com/api/auth/session 
+# Access token from https://chat.openai.com/api/auth/session
 # Exposes your access token to `CHATGPT_REVERSE_PROXY`
 # Set to "user_provided" to allow the user to provide its token from the UI.
-# Leave it blank to disable this endpoint 
+# Leave it blank to disable this endpoint
 CHATGPT_TOKEN=user_provided
 
-# Identify the available models, separated by commas. The first will be default. 
+# Identify the available models, separated by commas. The first will be default.
-# Leave it blank to use internal settings. 
+# Leave it blank to use internal settings.
 CHATGPT_MODELS=text-davinci-002-render-sha,gpt-4
 # NOTE: you can add gpt-4-plugins, gpt-4-code-interpreter, and gpt-4-browsing to the list above and use the models for these features;
 # however, the view/display portion of these features are not supported, but you can use the underlying models, which have higher token context
@@ -243,30 +246,30 @@ CHATGPT_MODELS=text-davinci-002-render-sha,gpt-4
 # CHATGPT_REVERSE_PROXY=<YOUR REVERSE PROXY>
 
 ##########################
-# BingAI Endpoint:   
+# BingAI Endpoint:
 ##########################
 
 # Also used for Sydney and jailbreak
 # To get your Access token for Bing, login to https://www.bing.com
-# Use dev tools or an extension while logged into the site to copy the content of the _U cookie. 
+# Use dev tools or an extension while logged into the site to copy the content of the _U cookie.
-# If this fails, follow these instructions https://github.com/danny-avila/LibreChat/issues/370#issuecomment-1560382302 to provide the full cookie strings 
+# If this fails, follow these instructions https://github.com/danny-avila/LibreChat/issues/370#issuecomment-1560382302 to provide the full cookie strings
 # or check out our discord https://discord.com/channels/1086345563026489514/1143941308684177429
 # Set to "user_provided" to allow the user to provide its token from the UI.
-# Leave it blank to disable this endpoint. 
+# Leave it blank to disable this endpoint.
 BINGAI_TOKEN=user_provided
 
-# BingAI Host: 
+# BingAI Host:
-# Necessary for some people in different countries, e.g. China (https://cn.bing.com) 
+# Necessary for some people in different countries, e.g. China (https://cn.bing.com)
-# Leave it blank to use default server. 
+# Leave it blank to use default server.
-# BINGAI_HOST=https://cn.bing.com 
+# BINGAI_HOST=https://cn.bing.com
 
 #############################
 # Plugins:
 #############################
 
-# Identify the available models, separated by commas *without spaces*. 
+# Identify the available models, separated by commas *without spaces*.
-# The first will be default. 
+# The first will be default.
-# Leave it blank to use internal settings. 
+# Leave it blank to use internal settings.
 # PLUGIN_MODELS=gpt-3.5-turbo,gpt-3.5-turbo-16k,gpt-3.5-turbo-0301,gpt-4,gpt-4-0314,gpt-4-0613
 
 DEBUG_PLUGINS=true # Set to false or comment out to disable debug mode for plugins
@@ -279,8 +282,8 @@ DEBUG_PLUGINS=true # Set to false or comment out to disable debug mode for plugi
 CREDS_KEY=f34be427ebb29de8d88c107a71546019685ed8b241d8f2ed00c3df97ad2566f0
 CREDS_IV=e2341419ec3dd3d19b13a1a87fafcbfb
 
-# AI-Assisted Google Search  
+# AI-Assisted Google Search
-# This bot supports searching google for answers to your questions with assistance from GPT! 
+# This bot supports searching google for answers to your questions with assistance from GPT!
 # See detailed instructions here: https://github.com/danny-avila/LibreChat/blob/main/docs/features/plugins/google_search.md
 GOOGLE_API_KEY=
 GOOGLE_CSE_ID=
@@ -304,7 +307,7 @@ AZURE_COGNITIVE_SEARCH_SEARCH_OPTION_TOP=
 AZURE_COGNITIVE_SEARCH_SEARCH_OPTION_SELECT=
 
 ##########################
-# PaLM (Google) Endpoint: 
+# PaLM (Google) Endpoint:
 ##########################
 
 # Follow the instruction here to setup:
@@ -313,10 +316,10 @@ AZURE_COGNITIVE_SEARCH_SEARCH_OPTION_SELECT=
 PALM_KEY=user_provided
 
 # In case you need a reverse proxy for this endpoint:
-# GOOGLE_REVERSE_PROXY= 
+# GOOGLE_REVERSE_PROXY=
 
 ##########################
-# Anthropic Endpoint: 
+# Anthropic Endpoint:
 ##########################
 # Access key from https://console.anthropic.com/
 # Leave it blank to disable this feature.
@@ -337,28 +340,28 @@ ANTHROPIC_MODELS=claude-1,claude-instant-1,claude-2
 PROXY=
 
 ##########################
-# Search: 
+# Search:
 ##########################
 
-# ENABLING SEARCH MESSAGES/CONVOS 
+# ENABLING SEARCH MESSAGES/CONVOS
-# Requires the installation of the free self-hosted Meilisearch or a paid Remote Plan (Remote not tested) 
+# Requires the installation of the free self-hosted Meilisearch or a paid Remote Plan (Remote not tested)
-# The easiest setup for this is through docker-compose, which takes care of it for you. 
+# The easiest setup for this is through docker-compose, which takes care of it for you.
 SEARCH=true
 
 # HIGHLY RECOMMENDED: Disable anonymized telemetry analytics for MeiliSearch for absolute privacy.
 MEILI_NO_ANALYTICS=true
 
-# REQUIRED FOR SEARCH: MeiliSearch Host, mainly for the API server to connect to the search server. 
+# REQUIRED FOR SEARCH: MeiliSearch Host, mainly for the API server to connect to the search server.
-# Replace '0.0.0.0' with 'meilisearch' if serving MeiliSearch with docker-compose. 
+# Replace '0.0.0.0' with 'meilisearch' if serving MeiliSearch with docker-compose.
 MEILI_HOST=http://0.0.0.0:7700
 
-# REQUIRED FOR SEARCH: MeiliSearch HTTP Address, mainly for docker-compose to expose the search server. 
+# REQUIRED FOR SEARCH: MeiliSearch HTTP Address, mainly for docker-compose to expose the search server.
-# Replace '0.0.0.0' with 'meilisearch' if serving MeiliSearch with docker-compose. 
+# Replace '0.0.0.0' with 'meilisearch' if serving MeiliSearch with docker-compose.
 MEILI_HTTP_ADDR=0.0.0.0:7700
 
-# REQUIRED FOR SEARCH: In production env., a secure key is needed. You can generate your own. 
+# REQUIRED FOR SEARCH: In production env., a secure key is needed. You can generate your own.
-# This master key must be at least 16 bytes, composed of valid UTF-8 characters. 
+# This master key must be at least 16 bytes, composed of valid UTF-8 characters.
-# MeiliSearch will throw an error and refuse to launch if no master key is provided, 
+# MeiliSearch will throw an error and refuse to launch if no master key is provided,
 # or if it is under 16 bytes. MeiliSearch will suggest a secure autogenerated master key.
 # Using docker, it seems recognized as production so use a secure key.
 # This is a ready made secure key for docker-compose, you can replace it with your own.
@@ -439,8 +442,8 @@ DISCORD_CALLBACK_URL=/oauth/discord/callback # this should be the same for every
 # Application Domains
 ###########################
 
-# Note: 
+# Note:
-# Server = Backend 
+# Server = Backend
 # Client = Public (the client is the url you visit)
 # For the Google login to work in dev mode, you will need to change DOMAIN_SERVER to localhost:3090 or place it in .env.development
 
@@ -451,9 +454,16 @@ DOMAIN_SERVER=http://localhost:3080
 # Email
 ###########################
 
-# Email is used for password reset. Note that all 4 values must be set for email to work.
+# Email is used for password reset. Note that all either service or host, username and password and the From address must be set for email to work.
-# Failing to set the 4 values will result in LibreChat using the unsecured password reset!
+# Do NOT set the extended connection parameters (HOST, PORT, ENCRYPTION, ENCRYPTION_HOSTNAME, ALLOW_SELFSIGNED) if using EMAIL_SERVICE.
-EMAIL_SERVICE=   # eg. gmail
+# Failing to set valid values here will result in LibreChat using the unsecured password reset!
-EMAIL_USERNAME=  # eg. your email address if using gmail
+EMAIL_SERVICE=                  # eg. gmail - see https://community.nodemailer.com/2-0-0-beta/setup-smtp/well-known-services/
-EMAIL_PASSWORD=  # eg. this is the "app password" if using gmail
+EMAIL_HOST=                     # eg. example.com - if EMAIL_SERVICE is not set, connect to this server.
-EMAIL_FROM=noreply@librechat.ai # email address for from field, it is required to set a value here even in the cases where it's not porperly working.
+EMAIL_PORT=25                   # eg. 25 - mail server port to connect to with EMAIL_HOST (usually 25, 465, 587)
+EMAIL_ENCRYPTION=               # eg. starttls - valid values: starttls (force STARTTLS), tls (obligatory TLS), anything else (use STARTTLS if available)
+EMAIL_ENCRYPTION_HOSTNAME=      # eg. example.com - check the name in the certificate against this instead of EMAIL_HOST
+EMAIL_ALLOW_SELFSIGNED=         # eg. true - valid values: true (allow self-signed), anything else (disallow self-signed)
+EMAIL_USERNAME=                 # eg. me@gmail.com - the username used for authentication. For consumer services, this MUST usually match EMAIL_FROM.
+EMAIL_PASSWORD=                 # eg. password - the password used for authentication
+EMAIL_FROM_NAME=                # eg. LibreChat - the human-readable address in the From is constructed as "EMAIL_FROM_NAME <EMAIL_FROM>". Defaults to APP_TITLE.
+EMAIL_FROM=noreply@librechat.ai # eg. noreply@librechat.ai - mail address for from field. It is REQUIRED to set a value here even in if it's not porperly working!

api/server/routes/config.js

@@ -22,7 +22,7 @@ router.get('/', async function (req, res) {
       registrationEnabled: isEnabled(process.env.ALLOW_REGISTRATION),
       socialLoginEnabled: isEnabled(process.env.ALLOW_SOCIAL_LOGIN),
       emailEnabled:
-        !process.env.EMAIL_SERVICE &&
+        (!!process.env.EMAIL_SERVICE || !!process.env.EMAIL_HOST) &&
         !!process.env.EMAIL_USERNAME &&
         !!process.env.EMAIL_PASSWORD &&
         !!process.env.EMAIL_FROM,

api/server/services/AuthService.js

@@ -131,7 +131,7 @@ const requestPasswordReset = async (email) => {
   const link = `${domains.client}/reset-password?token=${resetToken}&userId=${user._id}`;
 
   const emailEnabled =
-    !!process.env.EMAIL_SERVICE &&
+    (!!process.env.EMAIL_SERVICE || !!process.env.EMAIL_HOST) &&
     !!process.env.EMAIL_USERNAME &&
     !!process.env.EMAIL_PASSWORD &&
     !!process.env.EMAIL_FROM;

api/server/utils/sendEmail.js

@@ -5,20 +5,50 @@ const path = require('path');
 
 const sendEmail = async (email, subject, payload, template) => {
   try {
-    const transporter = nodemailer.createTransport({
+    const transporterOptions = {
-      service: process.env.EMAIL_SERVICE,
+      // Use STARTTLS by default instead of obligatory TLS
+      secure: process.env.EMAIL_ENCRYPTION === "tls",
+      // If explicit STARTTLS is set, require it when connecting
+      requireTls: process.env.EMAIL_ENCRYPTION === "starttls",
+      tls: {
+        // Whether to accept unsigned certificates
+        rejectUnauthorized: process.env.EMAIL_ALLOW_SELFSIGNED === "true"
+      },
       auth: {
         user: process.env.EMAIL_USERNAME,
         pass: process.env.EMAIL_PASSWORD,
       },
-    });
+    }
+
+    if (process.env.EMAIL_ENCRYPTION_HOSTNAME) {
+      // Check the certificate against this name explicitly
+      transporterOptions.tls.servername = process.env.EMAIL_ENCRYPTION_HOSTNAME;
+    }
+
+    // Mailer service definition has precedence
+    if (process.env.EMAIL_SERVICE) {
+      transporterOptions.service = process.env.EMAIL_SERVICE;
+    } else {
+      transporterOptions.host = process.env.EMAIL_HOST;
+      transporterOptions.port = process.env.EMAIL_PORT ?? 25;
+    }
+
+    const transporter = nodemailer.createTransport(transporterOptions);
 
     const source = fs.readFileSync(path.join(__dirname, 'emails', template), 'utf8');
     const compiledTemplate = handlebars.compile(source);
     const options = () => {
       return {
-        from: process.env.EMAIL_FROM,
+        // Header address should contain name-addr
-        to: email,
+        from: `"${process.env.EMAIL_FROM_NAME || process.env.APP_TITLE}"` +
+          `<${process.env.EMAIL_FROM}>`,
+        to: `"${payload.name}" <${email}>`,
+        envelope: {
+          // Envelope from should contain addr-spec
+          // Mistake in the Nodemailer documentation?
+          from: process.env.EMAIL_FROM,
+          to: email,
+        },
         subject: subject,
         html: compiledTemplate(payload),
       };

docs/install/user_auth_system.md

@@ -34,7 +34,7 @@ To set up the mod system, review [the setup guide](../features/mod_system.md).
 
 *Please Note: If you are wanting this to work in development mode, you will need to create a file called `.env.development` in the root directory and set `DOMAIN_CLIENT` to `http://localhost:3090` or whatever port  is provided by vite when runnning `npm run frontend-dev`*
 
-Important: When you run the app for the first time, you need to create a new account by clicking on "Sign up" on the login page. The first account you make will be the admin account. The admin account doesn't have any special features right now, but it might be useful if you want to make an admin dashboard to manage other users later. 
+Important: When you run the app for the first time, you need to create a new account by clicking on "Sign up" on the login page. The first account you make will be the admin account. The admin account doesn't have any special features right now, but it might be useful if you want to make an admin dashboard to manage other users later.
 
 ⚠️ **__For the first time, you should use a local account (email and password) to sign up and log in.__**
 
@@ -62,12 +62,12 @@ To enable Google login, you must create an application in the [Google Cloud Cons
 
 ---
 
-## Facebook Authentication 
+## Facebook Authentication
 ### (It only works with a domain, not with localhost)
 
 1. Go to [Facebook Developer Portal](https://developers.facebook.com/)
 2. Create a new Application and give it a name
-4. In the Dashboard tab select product and select "Facebook login", then tap on "Configure" and "Settings". Male sure "OAuth client access", "Web OAuth access", "Apply HTTPS" and "Use limited mode for redirect URIs" are **enabled** 
+4. In the Dashboard tab select product and select "Facebook login", then tap on "Configure" and "Settings". Male sure "OAuth client access", "Web OAuth access", "Apply HTTPS" and "Use limited mode for redirect URIs" are **enabled**
 5. In the Valid OAuth Redirect URIs add "your-domain/oauth/facebook/callback" (example: http://example.com/oauth/facebook/callback)
 6. Save changes and in the "settings" tab, reset the Client Secret
 7. Put the Client ID and Client Secret in the .env file:
@@ -169,25 +169,43 @@ DISCORD_CALLBACK_URL=/oauth/discord/callback # this should be the same for every
 8. Save the .env file
 
 ---
-## **Email and Password Reset** 
+## **Email and Password Reset**
 
 ### General setup
 
-in the .env file modify this 4 variables:
+in the .env file modify these variables:
 
 ```
-EMAIL_SERVICE=   # eg. gmail
+EMAIL_SERVICE=                  # eg. gmail - see https://community.nodemailer.com/2-0-0-beta/setup-smtp/well-known-services/
-EMAIL_USERNAME=  # eg. your email address if using gmail
+EMAIL_HOST=                     # eg. example.com - if EMAIL_SERVICE is not set, connect to this server.
-EMAIL_PASSWORD=  # eg. this is the "app password" if using gmail
+EMAIL_PORT=25                   # eg. 25 - mail server port to connect to with EMAIL_HOST (usually 25, 465, 587)
-EMAIL_FROM=      # eg. email address for from field like noreply@librechat.ai
+EMAIL_ENCRYPTION=               # eg. starttls - valid values: starttls (force STARTTLS), tls (obligatory TLS), anything else (use STARTTLS if available)
+EMAIL_ENCRYPTION_HOSTNAME=      # eg. example.com - check the name in the certificate against this instead of EMAIL_HOST
+EMAIL_ALLOW_SELFSIGNED=         # eg. true - valid values: true (allow self-signed), anything else (disallow self-signed)
+EMAIL_USERNAME=                 # eg. me@gmail.com - the username used for authentication. For consumer services, this MUST usually match EMAIL_FROM.
+EMAIL_PASSWORD=                 # eg. password - the password used for authentication
+EMAIL_FROM_NAME=                # eg. LibreChat - the human-readable address in the From is constructed as "EMAIL_FROM_NAME <EMAIL_FROM>". Defaults to APP_TITLE.
 ```
 
-EMAIL_SERVICE is the name of the email service you are using (Gmail, Outlook, Yahoo Mail, ProtonMail, iCloud Mail, etc.).
+If you want to use one of the predefined services, configure only these variables:
-EMAIL_USERNAME is the username of the email service (usually, it will be the email address, but in some cases, it can be an actual username used to access the account).
-EMAIL_PASSWORD is the password used to access the email service. This is not the password to access the email account directly, but a password specifically generated for this service.
-EMAIL_FROM is the email address that will appear in the "from" field when a user receives an email.
 
-### Setup with Gmail 
+EMAIL\_SERVICE is the name of the email service you are using (Gmail, Outlook, Yahoo Mail, ProtonMail, iCloud Mail, etc.) as defined in the NodeMailer well-known services linked above.
+EMAIL\_USERNAME is the username of the email service (usually, it will be the email address, but in some cases, it can be an actual username used to access the account).
+EMAIL\_PASSWORD is the password used to access the email service. This is not the password to access the email account directly, but a password specifically generated for this service.
+EMAIL\_FROM is the email address that will appear in the "from" field when a user receives an email.
+EMAIL\_FROM\_NAME is the name that will appear in the "from" field when a user receives an email. If left unset, it defaults to the app title.
+
+If you want to use a generic SMTP service or need advanced configuration for one of the predefined providers, configure these variables:
+
+EMAIL\_HOST is the hostname to connect to, or an IP address.
+EMAIL\_PORT is the port to connect to. Be aware that different ports usually come with different requirements - 25 is for mailserver-to-mailserver, 465 requires encryption at the start of the connection, and 587 allows submission of mail as a user.
+EMAIL\_ENCRYPTION defines if encryption is required at the start (`tls`) or started after the connection is set up (`starttls`). If either of these values are set, they are enforced. If they are not set, an encrypted connection is started if available.
+EMAIL\_ENCRYPTION\_HOSTNAME allows specification of a hostname against which the certificate is validated. Use this if the mail server does have a valid certificate, but you are connecting with an IP or a different name for some reason.
+EMAIL\_ALLOW\_SELFSIGNED defines whether self-signed certificates can be accepted from the server. As the mails being sent contain sensitive information, ONLY use this for testing.
+
+NOTE: ⚠️ **Failing to perform either of the below setups will result in LibreChat using the unsecured password reset! This allows anyone to reset any password on your server immediately, without mail being sent at all!** The variable EMAIL\_FROM does not support all email providers **but is still required**. To stay updated, check the bug fixes [here](https://github.com/danny-avila/LibreChat/tags).
+
+### Setup with Gmail
 
 1. Create a Google Account and enable 2-step verification.
 2. In the [Google Account settings](https://myaccount.google.com/), click on the "Security" tab and open "2-step verification."
@@ -200,11 +218,23 @@ EMAIL_SERVICE=gmail
 EMAIL_USERNAME=your-email
 EMAIL_PASSWORD=your-app-password
 EMAIL_FROM=email address for the from field, e.g., noreply@librechat.ai
+EMAIL_FROM_NAME="My LibreChat Server"
 ```
 
-NOTE: ⚠️ **Failing to set the 4 values will result in LibreChat using the unsecured password reset!** The variable EMAIL_FROM does not support all email providers **but is still required**. To stay updated, check the bug fixes [here](https://github.com/danny-avila/LibreChat/tags).
+### Setup with custom mail server
 
+1. Gather your SMTP login data from your provider. The steps are different for each, but they will usually list values for all variables.
+2. In the .env file, modify the variables as follows, assuming some sensible example values:
 
+```
+EMAIL_HOST=mail.example.com
+EMAIL_PORT=587
+EMAIL_ENCRYPTION=starttls
+EMAIL_USERNAME=your-email
+EMAIL_PASSWORD=your-app-password
+EMAIL_FROM=email address for the from field, e.g., noreply@librechat.ai
+EMAIL_FROM_NAME="My LibreChat Server"
+```
 
 ## **Disable User Registration**
 
@@ -220,7 +250,7 @@ If you previously implemented your own user system using the original scaffoldin
 
 ### For user updating from an older version of the app:
 
-When the first account is registered, the application will automatically migrate any conversations and presets that you created before the user system was implemented to that account. 
+When the first account is registered, the application will automatically migrate any conversations and presets that you created before the user system was implemented to that account.
 if you use login for the first time with a social login account (eg. Google, facebook, etc.), the conversations and presets that you created before the user system was implemented will NOT be migrated to that account.
 
 ## **Manual User Registration**