Merge branch 'R3DRUN3-new_branch'

.env.template

@@ -373,7 +373,7 @@
 # ROCKET_WORKERS=10
 # ROCKET_TLS={certs="/path/to/certs.pem",key="/path/to/key.pem"}
 
-## Mail specific settings, set SMTP_HOST and SMTP_FROM to enable the mail service.
+## Mail specific settings, set SMTP_FROM and either SMTP_HOST or USE_SENDMAIL to enable the mail service.
 ## To make sure the email links are pointing to the correct host, set the DOMAIN variable.
 ## Note: if SMTP_USERNAME is specified, SMTP_PASSWORD is mandatory
 # SMTP_HOST=smtp.domain.tld
@@ -385,6 +385,11 @@
 # SMTP_PASSWORD=password
 # SMTP_TIMEOUT=15
 
+# Whether to send mail via the `sendmail` command
+# USE_SENDMAIL=false
+# Which sendmail command to use. The one found in the $PATH is used if not specified.
+# SENDMAIL_COMMAND="/path/to/sendmail"
+
 ## Defaults for SSL is "Plain" and "Login" and nothing for Non-SSL connections.
 ## Possible values: ["Plain", "Login", "Xoauth2"].
 ## Multiple options need to be separated by a comma ','.

.pre-commit-config.yaml

@@ -1,16 +1,20 @@
 ---
 repos:
 -   repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.3.0
+    rev: v4.4.0
     hooks:
     - id: check-yaml
     - id: check-json
     - id: check-toml
+    - id: mixed-line-ending
+      args: ["--fix=no"]
     - id: end-of-file-fixer
       exclude: "(.*js$|.*css$)"
     - id: check-case-conflict
     - id: check-merge-conflict
     - id: detect-private-key
+    - id: check-symlinks
+    - id: forbid-submodules
 -   repo: local
     hooks:
     - id: fmt
@@ -36,5 +40,5 @@ repos:
       language: system
       args: ["--features", "sqlite,mysql,postgresql,enable_mimalloc", "--", "-D", "warnings"]
       types_or: [rust, file]
-      files: (Cargo.toml|Cargo.lock|rust-toolchain|.*\.rs$)
+      files: (Cargo.toml|Cargo.lock|rust-toolchain|clippy.toml|.*\.rs$)
       pass_filenames: false

Cargo.toml

@@ -62,22 +62,24 @@ rocket = { version = "0.5.0-rc.2", features = ["tls", "json"], default-features
 # WebSockets libraries
 tokio-tungstenite = "0.18.0"
 rmpv = "1.0.0" # MessagePack library
+
+# Concurrent HashMap used for WebSocket messaging and favicons
 dashmap = "5.4.0"
 
 # Async futures
-futures = "0.3.25"
-tokio = { version = "1.24.2", features = ["rt-multi-thread", "fs", "io-util", "parking_lot", "time", "signal"] }
+futures = "0.3.26"
+tokio = { version = "1.25.0", features = ["rt-multi-thread", "fs", "io-util", "parking_lot", "time", "signal"] }
 
 # A generic serialization/deserialization framework
 serde = { version = "1.0.152", features = ["derive"] }
-serde_json = "1.0.91"
+serde_json = "1.0.93"
 
 # A safe, extensible ORM and Query builder
 diesel = { version = "2.0.3", features = ["chrono", "r2d2"] }
 diesel_migrations = "2.0.0"
 diesel_logger = { version = "0.2.0", optional = true }
 
-# Bundled SQLite
+# Bundled/Static SQLite
 libsqlite3-sys = { version = "0.25.2", features = ["bundled"], optional = true }
 
 # Crypto-related libraries
@@ -85,7 +87,7 @@ rand = { version = "0.8.5", features = ["small_rng"] }
 ring = "0.16.20"
 
 # UUID generation
-uuid = { version = "1.2.2", features = ["v4"] }
+uuid = { version = "1.3.0", features = ["v4"] }
 
 # Date and time libraries
 chrono = { version = "0.4.23", features = ["clock", "serde"], default-features = false }
@@ -93,7 +95,7 @@ chrono-tz = "0.8.1"
 time = "0.3.17"
 
 # Job scheduler
-job_scheduler_ng = "2.0.3"
+job_scheduler_ng = "2.0.4"
 
 # Data encoding library Hex/Base32/Base64
 data-encoding = "2.3.3"
@@ -110,32 +112,34 @@ yubico = { version = "0.11.0", features = ["online-tokio"], default-features = f
 # WebAuthn libraries
 webauthn-rs = "0.3.2"
 
-# Handling of URL's for WebAuthn
+# Handling of URL's for WebAuthn and favicons
 url = "2.3.1"
 
-# Email librariese-Base, Update crates and small change.
-lettre = { version = "0.10.1", features = ["smtp-transport", "builder", "serde", "tokio1-native-tls", "hostname", "tracing", "tokio1"], default-features = false }
+# Email libraries
+lettre = { version = "0.10.2", features = ["smtp-transport", "sendmail-transport", "builder", "serde", "tokio1-native-tls", "hostname", "tracing", "tokio1"], default-features = false }
 percent-encoding = "2.2.0" # URL encoding library used for URL's in the emails
 email_address = "0.2.4"
 
-# Template library
+# HTML Template library
 handlebars = { version = "4.3.6", features = ["dir_source"] }
 
-# HTTP client
+# HTTP client (Used for favicons, version check, DUO and HIBP API)
 reqwest = { version = "0.11.14", features = ["stream", "json", "gzip", "brotli", "socks", "cookies", "trust-dns"] }
 
-# For favicon extraction from main website
+# Favicon extraction libraries
 html5gum = "0.5.2"
 regex = { version = "1.7.1", features = ["std", "perf", "unicode-perl"], default-features = false }
 data-url = "0.2.0"
-bytes = "1.3.0"
+bytes = "1.4.0"
+
+# Cache function results (Used for version check and favicon fetching)
 cached = "0.42.0"
 
 # Used for custom short lived cookie jar during favicon extraction
 cookie = "0.16.2"
 cookie_store = "0.19.0"
 
-# Used by U2F, JWT and Postgres
+# Used by U2F, JWT and PostgreSQL
 openssl = "0.10.45"
 
 # CLI argument parsing
@@ -151,6 +155,7 @@ semver = "1.0.16"
 # Allow overriding the default memory allocator
 # Mainly used for the musl builds, since the default musl malloc is very slow
 mimalloc = { version = "0.1.34", features = ["secure"], default-features = false, optional = true }
+which = "4.4.0"
 
 # Strip debuginfo from the release builds
 # Also enable thin LTO for some optimizations

README.md

@@ -3,7 +3,7 @@
 📢 Note: This project was known as Bitwarden_RS and has been renamed to separate itself from the official Bitwarden server in the hopes of avoiding confusion and trademark/branding issues. Please see [#1642](https://github.com/dani-garcia/vaultwarden/discussions/1642) for more explanation.
 
 ---
-
+[![Build](https://github.com/dani-garcia/vaultwarden/actions/workflows/build.yml/badge.svg)](https://github.com/dani-garcia/vaultwarden/actions/workflows/build.yml)
 [![Docker Pulls](https://img.shields.io/docker/pulls/vaultwarden/server.svg)](https://hub.docker.com/r/vaultwarden/server)
 [![Dependency Status](https://deps.rs/repo/github/dani-garcia/vaultwarden/status.svg)](https://deps.rs/repo/github/dani-garcia/vaultwarden)
 [![GitHub Release](https://img.shields.io/github/release/dani-garcia/vaultwarden.svg)](https://github.com/dani-garcia/vaultwarden/releases/latest)

docker/Dockerfile.j2

@@ -3,22 +3,22 @@
 # This file was generated using a Jinja2 template.
 # Please make your changes in `Dockerfile.j2` and then `make` the individual Dockerfiles.
 
-{% set build_stage_base_image = "rust:1.66-bullseye" %}
+{% set build_stage_base_image = "rust:1.67-bullseye" %}
 {% if "alpine" in target_file %}
 {%   if "amd64" in target_file %}
-{%     set build_stage_base_image = "blackdex/rust-musl:x86_64-musl-stable-1.66.1" %}
+{%     set build_stage_base_image = "blackdex/rust-musl:x86_64-musl-stable-1.67.0" %}
 {%     set runtime_stage_base_image = "alpine:3.17" %}
 {%     set package_arch_target = "x86_64-unknown-linux-musl" %}
 {%   elif "armv7" in target_file %}
-{%     set build_stage_base_image = "blackdex/rust-musl:armv7-musleabihf-stable-1.66.1" %}
+{%     set build_stage_base_image = "blackdex/rust-musl:armv7-musleabihf-stable-1.67.0" %}
 {%     set runtime_stage_base_image = "balenalib/armv7hf-alpine:3.17" %}
 {%     set package_arch_target = "armv7-unknown-linux-musleabihf" %}
 {%   elif "armv6" in target_file %}
-{%     set build_stage_base_image = "blackdex/rust-musl:arm-musleabi-stable-1.66.1" %}
+{%     set build_stage_base_image = "blackdex/rust-musl:arm-musleabi-stable-1.67.0" %}
 {%     set runtime_stage_base_image = "balenalib/rpi-alpine:3.17" %}
 {%     set package_arch_target = "arm-unknown-linux-musleabi" %}
 {%   elif "arm64" in target_file %}
-{%     set build_stage_base_image = "blackdex/rust-musl:aarch64-musl-stable-1.66.1" %}
+{%     set build_stage_base_image = "blackdex/rust-musl:aarch64-musl-stable-1.67.0" %}
 {%     set runtime_stage_base_image = "balenalib/aarch64-alpine:3.17" %}
 {%     set package_arch_target = "aarch64-unknown-linux-musl" %}
 {%   endif %}

docker/amd64/Dockerfile

@@ -27,7 +27,7 @@
 FROM vaultwarden/web-vault@sha256:d5f71fb05c4b87935bf51d84140db0f8716cabfe2974fbee6c0c5ee8cf7dab5a as vault
 
 ########################## BUILD IMAGE  ##########################
-FROM rust:1.66-bullseye as build
+FROM rust:1.67-bullseye as build
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \

docker/amd64/Dockerfile.alpine

@@ -27,7 +27,7 @@
 FROM vaultwarden/web-vault@sha256:d5f71fb05c4b87935bf51d84140db0f8716cabfe2974fbee6c0c5ee8cf7dab5a as vault
 
 ########################## BUILD IMAGE  ##########################
-FROM blackdex/rust-musl:x86_64-musl-stable-1.66.1 as build
+FROM blackdex/rust-musl:x86_64-musl-stable-1.67.0 as build
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \

docker/amd64/Dockerfile.buildkit

@@ -27,7 +27,7 @@
 FROM vaultwarden/web-vault@sha256:d5f71fb05c4b87935bf51d84140db0f8716cabfe2974fbee6c0c5ee8cf7dab5a as vault
 
 ########################## BUILD IMAGE  ##########################
-FROM rust:1.66-bullseye as build
+FROM rust:1.67-bullseye as build
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \

docker/amd64/Dockerfile.buildkit.alpine

@@ -27,7 +27,7 @@
 FROM vaultwarden/web-vault@sha256:d5f71fb05c4b87935bf51d84140db0f8716cabfe2974fbee6c0c5ee8cf7dab5a as vault
 
 ########################## BUILD IMAGE  ##########################
-FROM blackdex/rust-musl:x86_64-musl-stable-1.66.1 as build
+FROM blackdex/rust-musl:x86_64-musl-stable-1.67.0 as build
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \

docker/arm64/Dockerfile

@@ -27,7 +27,7 @@
 FROM vaultwarden/web-vault@sha256:d5f71fb05c4b87935bf51d84140db0f8716cabfe2974fbee6c0c5ee8cf7dab5a as vault
 
 ########################## BUILD IMAGE  ##########################
-FROM rust:1.66-bullseye as build
+FROM rust:1.67-bullseye as build
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \

docker/arm64/Dockerfile.alpine

@@ -27,7 +27,7 @@
 FROM vaultwarden/web-vault@sha256:d5f71fb05c4b87935bf51d84140db0f8716cabfe2974fbee6c0c5ee8cf7dab5a as vault
 
 ########################## BUILD IMAGE  ##########################
-FROM blackdex/rust-musl:aarch64-musl-stable-1.66.1 as build
+FROM blackdex/rust-musl:aarch64-musl-stable-1.67.0 as build
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \

docker/arm64/Dockerfile.buildkit

@@ -27,7 +27,7 @@
 FROM vaultwarden/web-vault@sha256:d5f71fb05c4b87935bf51d84140db0f8716cabfe2974fbee6c0c5ee8cf7dab5a as vault
 
 ########################## BUILD IMAGE  ##########################
-FROM rust:1.66-bullseye as build
+FROM rust:1.67-bullseye as build
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \

docker/arm64/Dockerfile.buildkit.alpine

@@ -27,7 +27,7 @@
 FROM vaultwarden/web-vault@sha256:d5f71fb05c4b87935bf51d84140db0f8716cabfe2974fbee6c0c5ee8cf7dab5a as vault
 
 ########################## BUILD IMAGE  ##########################
-FROM blackdex/rust-musl:aarch64-musl-stable-1.66.1 as build
+FROM blackdex/rust-musl:aarch64-musl-stable-1.67.0 as build
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \

docker/armv6/Dockerfile

@@ -27,7 +27,7 @@
 FROM vaultwarden/web-vault@sha256:d5f71fb05c4b87935bf51d84140db0f8716cabfe2974fbee6c0c5ee8cf7dab5a as vault
 
 ########################## BUILD IMAGE  ##########################
-FROM rust:1.66-bullseye as build
+FROM rust:1.67-bullseye as build
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \

docker/armv6/Dockerfile.alpine

@@ -27,7 +27,7 @@
 FROM vaultwarden/web-vault@sha256:d5f71fb05c4b87935bf51d84140db0f8716cabfe2974fbee6c0c5ee8cf7dab5a as vault
 
 ########################## BUILD IMAGE  ##########################
-FROM blackdex/rust-musl:arm-musleabi-stable-1.66.1 as build
+FROM blackdex/rust-musl:arm-musleabi-stable-1.67.0 as build
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \

docker/armv6/Dockerfile.buildkit

@@ -27,7 +27,7 @@
 FROM vaultwarden/web-vault@sha256:d5f71fb05c4b87935bf51d84140db0f8716cabfe2974fbee6c0c5ee8cf7dab5a as vault
 
 ########################## BUILD IMAGE  ##########################
-FROM rust:1.66-bullseye as build
+FROM rust:1.67-bullseye as build
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \

docker/armv6/Dockerfile.buildkit.alpine

@@ -27,7 +27,7 @@
 FROM vaultwarden/web-vault@sha256:d5f71fb05c4b87935bf51d84140db0f8716cabfe2974fbee6c0c5ee8cf7dab5a as vault
 
 ########################## BUILD IMAGE  ##########################
-FROM blackdex/rust-musl:arm-musleabi-stable-1.66.1 as build
+FROM blackdex/rust-musl:arm-musleabi-stable-1.67.0 as build
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \

docker/armv7/Dockerfile

@@ -27,7 +27,7 @@
 FROM vaultwarden/web-vault@sha256:d5f71fb05c4b87935bf51d84140db0f8716cabfe2974fbee6c0c5ee8cf7dab5a as vault
 
 ########################## BUILD IMAGE  ##########################
-FROM rust:1.66-bullseye as build
+FROM rust:1.67-bullseye as build
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \

docker/armv7/Dockerfile.alpine

@@ -27,7 +27,7 @@
 FROM vaultwarden/web-vault@sha256:d5f71fb05c4b87935bf51d84140db0f8716cabfe2974fbee6c0c5ee8cf7dab5a as vault
 
 ########################## BUILD IMAGE  ##########################
-FROM blackdex/rust-musl:armv7-musleabihf-stable-1.66.1 as build
+FROM blackdex/rust-musl:armv7-musleabihf-stable-1.67.0 as build
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \

docker/armv7/Dockerfile.buildkit

@@ -27,7 +27,7 @@
 FROM vaultwarden/web-vault@sha256:d5f71fb05c4b87935bf51d84140db0f8716cabfe2974fbee6c0c5ee8cf7dab5a as vault
 
 ########################## BUILD IMAGE  ##########################
-FROM rust:1.66-bullseye as build
+FROM rust:1.67-bullseye as build
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \

docker/armv7/Dockerfile.buildkit.alpine

@@ -27,7 +27,7 @@
 FROM vaultwarden/web-vault@sha256:d5f71fb05c4b87935bf51d84140db0f8716cabfe2974fbee6c0c5ee8cf7dab5a as vault
 
 ########################## BUILD IMAGE  ##########################
-FROM blackdex/rust-musl:armv7-musleabihf-stable-1.66.1 as build
+FROM blackdex/rust-musl:armv7-musleabihf-stable-1.67.0 as build
 
 # Build time options to avoid dpkg warnings and help with reproducible builds.
 ENV DEBIAN_FRONTEND=noninteractive \

rust-toolchain

@@ -1 +1 @@
-1.66.1
+1.67.0

src/config.rs

@@ -1,3 +1,4 @@
+use std::env::consts::EXE_SUFFIX;
 use std::process::exit;
 use std::sync::RwLock;
 
@@ -614,6 +615,10 @@ make_config! {
     smtp: _enable_smtp {
         /// Enabled
         _enable_smtp:                  bool,   true,   def,     true;
+        /// Use Sendmail |> Whether to send mail via the `sendmail` command
+        use_sendmail:                  bool,   true,   def,     false;
+        /// Sendmail Command |> Which sendmail command to use. The one found in the $PATH is used if not specified.
+        sendmail_command:              String, true,   option;
         /// Host
         smtp_host:                     String, true,   option;
         /// DEPRECATED smtp_ssl |> DEPRECATED - Please use SMTP_SECURITY
@@ -653,7 +658,7 @@ make_config! {
     /// Email 2FA Settings
     email_2fa: _enable_email_2fa {
         /// Enabled |> Disabling will prevent users from setting up new email 2FA and using existing email 2FA configured
-        _enable_email_2fa:      bool,   true,   auto,    |c| c._enable_smtp && c.smtp_host.is_some();
+        _enable_email_2fa:      bool,   true,   auto,    |c| c._enable_smtp && (c.smtp_host.is_some() || c.use_sendmail);
         /// Email token size |> Number of digits in an email 2FA token (min: 6, max: 255). Note that the Bitwarden clients are hardcoded to mention 6 digit codes regardless of this setting.
         email_token_size:       u8,     true,   def,      6;
         /// Token expiration time |> Maximum time in seconds a token is valid. The time the user has to open email client and copy token.
@@ -744,27 +749,62 @@ fn validate_config(cfg: &ConfigItems) -> Result<(), Error> {
             ),
         }
 
-        if cfg.smtp_host.is_some() == cfg.smtp_from.is_empty() {
-            err!("Both `SMTP_HOST` and `SMTP_FROM` need to be set for email support")
+        if cfg.use_sendmail {
+            let command = cfg.sendmail_command.clone().unwrap_or_else(|| format!("sendmail{EXE_SUFFIX}"));
+
+            let mut path = std::path::PathBuf::from(&command);
+
+            if !path.is_absolute() {
+                match which::which(&command) {
+                    Ok(result) => path = result,
+                    Err(_) => err!(format!("sendmail command {command:?} not found in $PATH")),
+                }
+            }
+
+            match path.metadata() {
+                Err(err) if err.kind() == std::io::ErrorKind::NotFound => {
+                    err!(format!("sendmail command not found at `{path:?}`"))
+                }
+                Err(err) => {
+                    err!(format!("failed to access sendmail command at `{path:?}`: {err}"))
+                }
+                Ok(metadata) => {
+                    if metadata.is_dir() {
+                        err!(format!("sendmail command at `{path:?}` isn't a directory"));
+                    }
+
+                    #[cfg(unix)]
+                    {
+                        use std::os::unix::fs::PermissionsExt;
+                        if !metadata.permissions().mode() & 0o111 != 0 {
+                            err!(format!("sendmail command at `{path:?}` isn't executable"));
+                        }
+                    }
+                }
+            }
+        } else {
+            if cfg.smtp_host.is_some() == cfg.smtp_from.is_empty() {
+                err!("Both `SMTP_HOST` and `SMTP_FROM` need to be set for email support without `USE_SENDMAIL`")
+            }
+
+            if cfg.smtp_username.is_some() != cfg.smtp_password.is_some() {
+                err!("Both `SMTP_USERNAME` and `SMTP_PASSWORD` need to be set to enable email authentication without `USE_SENDMAIL`")
+            }
         }
 
-        if cfg.smtp_host.is_some() && !cfg.smtp_from.contains('@') {
+        if (cfg.smtp_host.is_some() || cfg.use_sendmail) && !cfg.smtp_from.contains('@') {
             err!("SMTP_FROM does not contain a mandatory @ sign")
         }
 
-        if cfg.smtp_username.is_some() != cfg.smtp_password.is_some() {
-            err!("Both `SMTP_USERNAME` and `SMTP_PASSWORD` need to be set to enable email authentication")
-        }
-
-        if cfg._enable_email_2fa && (!cfg._enable_smtp || cfg.smtp_host.is_none()) {
-            err!("To enable email 2FA, SMTP must be configured")
-        }
-
         if cfg._enable_email_2fa && cfg.email_token_size < 6 {
             err!("`EMAIL_TOKEN_SIZE` has a minimum size of 6")
         }
     }
 
+    if cfg._enable_email_2fa && !(cfg.smtp_host.is_some() || cfg.use_sendmail) {
+        err!("To enable email 2FA, a mail transport must be configured")
+    }
+
     // Check if the icon blacklist regex is valid
     if let Some(ref r) = cfg.icon_blacklist_regex {
         let validate_regex = regex::Regex::new(r);
@@ -1045,7 +1085,7 @@ impl Config {
     }
     pub fn mail_enabled(&self) -> bool {
         let inner = &self.inner.read().unwrap().config;
-        inner._enable_smtp && inner.smtp_host.is_some()
+        inner._enable_smtp && (inner.smtp_host.is_some() || inner.use_sendmail)
     }
 
     pub fn get_duo_akey(&self) -> String {

src/mail.rs

@@ -8,7 +8,7 @@ use lettre::{
     transport::smtp::authentication::{Credentials, Mechanism as SmtpAuthMechanism},
     transport::smtp::client::{Tls, TlsParameters},
     transport::smtp::extension::ClientId,
-    Address, AsyncSmtpTransport, AsyncTransport, Tokio1Executor,
+    Address, AsyncSendmailTransport, AsyncSmtpTransport, AsyncTransport, Tokio1Executor,
 };
 
 use crate::{
@@ -21,7 +21,15 @@ use crate::{
     CONFIG,
 };
 
-fn mailer() -> AsyncSmtpTransport<Tokio1Executor> {
+fn sendmail_transport() -> AsyncSendmailTransport<Tokio1Executor> {
+    if let Some(command) = CONFIG.sendmail_command() {
+        AsyncSendmailTransport::new_with_command(command)
+    } else {
+        AsyncSendmailTransport::new()
+    }
+}
+
+fn smtp_transport() -> AsyncSmtpTransport<Tokio1Executor> {
     use std::time::Duration;
     let host = CONFIG.smtp_host().unwrap();
 
@@ -509,6 +517,58 @@ pub async fn send_admin_reset_password(address: &str, user_name: &str, org_name:
     send_email(address, &subject, body_html, body_text).await
 }
 
+async fn send_with_selected_transport(email: Message) -> EmptyResult {
+    if CONFIG.use_sendmail() {
+        match sendmail_transport().send(email).await {
+            Ok(_) => Ok(()),
+            // Match some common errors and make them more user friendly
+            Err(e) => {
+                if e.is_client() {
+                    debug!("Sendmail client error: {:#?}", e);
+                    err!(format!("Sendmail client error: {e}"));
+                } else if e.is_response() {
+                    debug!("Sendmail response error: {:#?}", e);
+                    err!(format!("Sendmail response error: {e}"));
+                } else {
+                    debug!("Sendmail error: {:#?}", e);
+                    err!(format!("Sendmail error: {e}"));
+                }
+            }
+        }
+    } else {
+        match smtp_transport().send(email).await {
+            Ok(_) => Ok(()),
+            // Match some common errors and make them more user friendly
+            Err(e) => {
+                if e.is_client() {
+                    debug!("SMTP client error: {:#?}", e);
+                    err!(format!("SMTP client error: {e}"));
+                } else if e.is_transient() {
+                    debug!("SMTP 4xx error: {:#?}", e);
+                    err!(format!("SMTP 4xx error: {e}"));
+                } else if e.is_permanent() {
+                    debug!("SMTP 5xx error: {:#?}", e);
+                    let mut msg = e.to_string();
+                    // Add a special check for 535 to add a more descriptive message
+                    if msg.contains("(535)") {
+                        msg = format!("{msg} - Authentication credentials invalid");
+                    }
+                    err!(format!("SMTP 5xx error: {msg}"));
+                } else if e.is_timeout() {
+                    debug!("SMTP timeout error: {:#?}", e);
+                    err!(format!("SMTP timeout error: {e}"));
+                } else if e.is_tls() {
+                    debug!("SMTP encryption error: {:#?}", e);
+                    err!(format!("SMTP encryption error: {e}"));
+                } else {
+                    debug!("SMTP error: {:#?}", e);
+                    err!(format!("SMTP error: {e}"));
+                }
+            }
+        }
+    }
+}
+
 async fn send_email(address: &str, subject: &str, body_html: String, body_text: String) -> EmptyResult {
     let smtp_from = &CONFIG.smtp_from();
 
@@ -538,34 +598,5 @@ async fn send_email(address: &str, subject: &str, body_html: String, body_text:
         .subject(subject)
         .multipart(body)?;
 
-    match mailer().send(email).await {
-        Ok(_) => Ok(()),
-        // Match some common errors and make them more user friendly
-        Err(e) => {
-            if e.is_client() {
-                debug!("SMTP Client error: {:#?}", e);
-                err!(format!("SMTP Client error: {e}"));
-            } else if e.is_transient() {
-                debug!("SMTP 4xx error: {:#?}", e);
-                err!(format!("SMTP 4xx error: {e}"));
-            } else if e.is_permanent() {
-                debug!("SMTP 5xx error: {:#?}", e);
-                let mut msg = e.to_string();
-                // Add a special check for 535 to add a more descriptive message
-                if msg.contains("(535)") {
-                    msg = format!("{msg} - Authentication credentials invalid");
-                }
-                err!(format!("SMTP 5xx error: {msg}"));
-            } else if e.is_timeout() {
-                debug!("SMTP timeout error: {:#?}", e);
-                err!(format!("SMTP timeout error: {e}"));
-            } else if e.is_tls() {
-                debug!("SMTP Encryption error: {:#?}", e);
-                err!(format!("SMTP Encryption error: {e}"));
-            } else {
-                debug!("SMTP {:#?}", e);
-                err!(format!("SMTP {e}"));
-            }
-        }
-    }
+    send_with_selected_transport(email).await
 }