Watchflare docs
On this page

Email Notification Setup (SMTP)

Configure SMTP in Watchflare Settings to send alert emails. Covers encryption modes, auth types, AES-256-GCM password storage, and test email sending.

Watchflare sends alert notifications by email. SMTP is configured from the Settings page in the dashboard - no environment variables are needed beyond NOTIFICATION_ENCRYPTION_KEY, which must be set before the Hub starts.

For other notification channels (Discord, Slack, Telegram, Matrix, Ntfy, Gotify, generic HTTP, and more via Shoutrrr), see Notification channels.


Prerequisites

You need an SMTP server or relay. Common options:

  • Your hosting provider's SMTP relay
  • A transactional email service (Postmark, Mailgun, Resend, SendGrid)
  • A self-hosted mail server
  • Gmail SMTP with an App Password (required if 2-Step Verification is enabled)

Make sure NOTIFICATION_ENCRYPTION_KEY is set in your .env before proceeding — the password you enter in Settings is encrypted with this key before being stored:

.env bash
NOTIFICATION_ENCRYPTION_KEY=$(openssl rand -base64 32)

Configuration

Go to Settings → Notifications and fill in the following fields:

| Field | Description | |-------|-------------| | Host | SMTP server hostname (e.g. smtp.example.com) | | Port | SMTP port — see encryption table below | | Username | SMTP username for authentication | | Password | SMTP password. Stored encrypted with AES-256-GCM. | | From address | Sender email (e.g. watchflare@example.com) | | From name | Sender display name (e.g. Watchflare) | | Encryption | starttls, tls, or none | | Auth type | plain or login — depends on your SMTP provider | | HELO name | Hostname sent in the SMTP HELO/EHLO command. Leave empty to use the system default. |

Encryption modes

| Mode | Typical port | Description | |------|-------------|-------------| | starttls | 587 | Connects plain, upgrades to TLS via STARTTLS. Recommended default. | | tls | 465 | Connects directly over SSL/TLS. | | none | 25 | No encryption. Only for trusted internal networks. |

Auth types

| Type | When to use | |------|-------------| | plain | Standard — username and password sent as-is over the encrypted connection. Works with most providers. | | login | Legacy AUTH LOGIN mechanism. Required by some older or corporate mail servers. |


Testing

Use the Send test email button in Settings before enabling alerts. A test message will be sent to your account's email address to confirm the connection and credentials work.

Tip

If the test fails, check that the port matches the encryption mode and that your SMTP server allows connections from your Hub's IP address. Some providers require IP allowlisting.


Password storage

SMTP passwords are encrypted at rest using AES-256-GCM. The key is NOTIFICATION_ENCRYPTION_KEY in your .env. The password is never returned via the API — the dashboard only indicates whether a password is currently stored.

Warning

If you change NOTIFICATION_ENCRYPTION_KEY and restart the Hub, the stored password can no longer be decrypted. You will need to re-enter it in Settings.


Next step

Once SMTP is configured, enable alerts on your hosts. See Alerts.