The faxsms email notification system requires both SMTP_USER and SMTP_PASS to be set, even when using SMTP servers that don't require authentication (e.g., mailpit, local mail servers, relay servers with IP-based authentication).

Current Behavior

The EmailClient constructor checks if both SMTP_USER and SMTP_PASS are non-empty to determine if SMTP is enabled:

$this->smtpEnabled = !empty($GLOBALS['SMTP_PASS'] ?? null) && !empty($GLOBALS["SMTP_USER"] ?? null);

When either is empty:

• smtpEnabled is set to false
• All email sending attempts return "SMTP not setup."
• No emails are sent, even if SMTP_HOST and SMTP_PORT are correctly configured

This prevents using SMTP servers that:

• Don't require authentication (mailpit, local development tools)
• Use IP-based authentication/relay
• Are configured for open relay on localhost

Expected Behavior

SMTP should be considered enabled if SMTP_HOST is configured. Username and password should be optional, as many SMTP servers don't require authentication:

• Development/testing mail servers (mailpit, MailHog, smtp4dev)
• Local mail servers (postfix, sendmail configured as relay)
• Corporate relay servers with IP-based authentication
• Same-cluster/containerized mail services

Code Location

File: interface/modules/custom_modules/oe-module-faxsms/src/Controller/EmailClient.php

Current Code (line ~42):

$this->smtpEnabled = !empty($GLOBALS['SMTP_PASS'] ?? null) && !empty($GLOBALS["SMTP_USER"] ?? null);

Proposed Fix

Check for SMTP_HOST instead of credentials:

// SMTP is enabled if we have a host configured (user/pass are optional for servers like mailpit)
$this->smtpEnabled = !empty($GLOBALS['SMTP_HOST'] ?? null);

Also update the error logging in emailReminder() method (lines ~145-151):

if (!$this->smtpEnabled) {
    $this->logger->error("SMTP not configured", [
        'SMTP_HOST' => $GLOBALS['SMTP_HOST'] ?? 'NOT_SET',
        'SMTP_PORT' => $GLOBALS['SMTP_PORT'] ?? 'NOT_SET',
        'SMTP_USER' => !empty($GLOBALS['SMTP_USER']),
        'SMTP_PASS' => !empty($GLOBALS['SMTP_PASS'])
    ]);
    return text(js_escape('SMTP not setup.'));
}

Steps to Reproduce

1. Set up mailpit or similar SMTP server without authentication
2. Configure OpenEMR:
   • Administration → Config → Notifications
   • Set Email Transport Method to "SMTP"
   • Set SMTP Server Hostname to "mailpit" (or other server)
   • Set SMTP Server Port Number to "1025" (or appropriate port)
   • Leave SMTP User Username blank
   • Leave SMTP User Password blank
3. Create a patient with hipaa_allowemail='YES' and valid email
4. Create an appointment for that patient
5. Run: php interface/modules/custom_modules/oe-module-faxsms/library/rc_sms_notification.php user=admin type=email site=default
6. Observe:
   • Logs show "SMTP not configured"
   • Returns "SMTP not setup."
   • No email is sent
   • Even though SMTP host/port are correctly configured

Related Issues

This is a sub-issue of #9033 (Add comprehensive logging to faxsms email notification system)

Security Considerations

We understand that allowing SMTP without authentication has security implications:

• Unauthenticated SMTP can be abused for sending spam if exposed
• Production systems should always use authenticated SMTP
• SMTP servers without auth should be properly firewalled

However, this change is crucial for:

• Development and debugging: Tools like mailpit, MailHog, and smtp4dev are essential for testing email functionality without setting up real mail servers
• Legitimate use cases: Many organizations use internal mail relays with IP-based authentication, especially in containerized/orchestrated environments
• Configuration flexibility: The application should not artificially restrict valid SMTP configurations

The fix doesn't remove security - it removes an artificial limitation. Administrators are still responsible for:

• Properly configuring firewall rules
• Using authenticated SMTP in production
• Following their organization's email security policies

Impact

• Cannot use development/testing mail servers like mailpit
• Cannot use local mail relays
• Cannot use corporate SMTP relays with IP-based authentication
• Makes testing and development more difficult
• Forces administrators to set dummy credentials even when not needed
• Blocks the ability to debug email issues (primary blocker for issue Add comprehensive logging to faxsms email notification system #9033)

Testing

After the fix, verify that:

1. SMTP works with mailpit (no username/password)
2. SMTP still works with authenticated servers (username/password set)
3. SMTP properly fails when SMTP_HOST is not set
4. Error messages clearly indicate what's missing in configuration