chore: merkwerk auto-update

- Add STARTTLS handshake after EHLO for port 587
- Upgrade socket to SSL after STARTTLS command
- Perform second EHLO over encrypted connection
- Resolves authentication issues with Hetzner and other SMTP providers
- Fixes 'Must issue a STARTTLS command first' error

Closes #113

.version_history

@@ -27,3 +27,5 @@ a670de0f,24bd94d,feature/systemd-hardening,2025-09-07T16:40:47Z,michael,git,lua-
 4ee95dbc,08b49d3,security/sanitize-test-scripts,2025-09-07T19:25:38Z,michael,git,lua-api
 59c85431,8b78066,main,2025-09-10T10:20:50Z,michael,git,lua-api
 a71dd794,f5d9f35,main,2025-09-10T12:27:54Z,michael,git,lua-api
+de5318f2,304b010,main,2025-09-10T14:45:12Z,michael,git,lua-api
+980d67cd,7a921dc,main,2025-09-10T14:46:13Z,michael,git,lua-api

VERSION

@@ -1 +1 @@
-0.1.2
+0.1.3

src/smtp.lua

@@ -237,6 +237,33 @@ function SMTP:send_email(to_address, subject, message, from_name)
         return cleanup_and_fail("EHLO failed: " .. response)
     end
 
+    -- STARTTLS hinzufügen für Port 587
+    if self.port == 587 and self.use_ssl then
+        -- STARTTLS command
+        local success, response = self:send_command(sock, "STARTTLS", 220)
+        if not success then
+            return cleanup_and_fail("STARTTLS failed: " .. response)
+        end
+
+        -- Upgrade connection to SSL
+        local ssl_sock, err = self.ssl_compat:wrap_socket(sock, {
+            mode = "client",
+            protocol = "tlsv1_2"
+        })
+
+        if not ssl_sock then
+            return cleanup_and_fail("SSL upgrade failed: " .. err)
+        end
+
+        sock = ssl_sock
+
+        -- EHLO again over encrypted connection
+        local success, response = self:send_command(sock, "EHLO furt-lua", 250)
+        if not success then
+            return cleanup_and_fail("EHLO after STARTTLS failed: " .. response)
+        end
+    end
+
     -- AUTH LOGIN
     local success, response = self:send_command(sock, "AUTH LOGIN", 334)
     if not success then