fix(email): route sqcp SMTP through Azure ACS relay

Replaces direct Poste.io SMTP (mail.squaremcp.com:30587, port 25 blocked)
with Azure Communication Services relay (smtp.azurecomm.net:587).
All sqcp_* accounts share a single ACS credential; FROM addresses unchanged.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

hermes-k8s.yaml

@@ -22,7 +22,7 @@ spec:
         fsGroup: 1000
       containers:
         - name: hermes-mcp
-          image: localhost:32000/hermes-mcp@sha256:b3716e0d7a86ba3b34047b75cd8af91078aaf9a1dcd64760bd238f358fb79e3f
+          image: localhost:32000/hermes-mcp@sha256:793e7a6e0486b4c117b8ab62a3668ae0f9235b014b02181ce3cb65696a16d96c
           imagePullPolicy: Always
           securityContext:
             allowPrivilegeEscalation: false
@@ -103,6 +103,14 @@ spec:
               value: "contact@squaremcp.com"
             - name: SQCP_CONTACT_PASSWORD
               value: "onelove"
+            - name: SQCP_SMTP_HOST
+              value: "smtp.azurecomm.net"
+            - name: SQCP_SMTP_PORT
+              value: "587"
+            - name: SQCP_SMTP_USER
+              value: "fetcherpay-comm-prod.628d0126-984a-436a-8920-fcc877f5481a.57af0299-f395-4cf7-8fc5-3017211b2879"
+            - name: SQCP_SMTP_PASS
+              value: "5SH8Q~aPvVVvFeSoXAfPB0MhDqNny_AwmjeQLbXf"
             - name: SQCP_ADMIN_EMAIL
               value: "admin@squaremcp.com"
             - name: SQCP_ADMIN_PASSWORD

src/smtp.ts

@@ -5,8 +5,10 @@ import type { EmailCredentials } from './multitenancy/credential-store.js';
 const FETCHERPAY_SMTP_HOST = process.env['FETCHERPAY_SMTP_HOST'] ?? 'mail.fetcherpay.com';
 const FETCHERPAY_SMTP_PORT = parseInt(process.env['FETCHERPAY_SMTP_PORT'] ?? '30587');
 
-const SQCP_SMTP_HOST = process.env['SQCP_SMTP_HOST'] ?? 'mail.squaremcp.com';
-const SQCP_SMTP_PORT = parseInt(process.env['SQCP_SMTP_PORT'] ?? '30587');
+const SQCP_SMTP_HOST = process.env['SQCP_SMTP_HOST'] ?? 'smtp.azurecomm.net';
+const SQCP_SMTP_PORT = parseInt(process.env['SQCP_SMTP_PORT'] ?? '587');
+const SQCP_SMTP_USER = process.env['SQCP_SMTP_USER'] ?? '';
+const SQCP_SMTP_PASS = process.env['SQCP_SMTP_PASS'] ?? '';
 
 function fetcherpaySmtpTransport(user: string, pass: string) {
   return nodemailer.createTransport({
@@ -18,12 +20,12 @@ function fetcherpaySmtpTransport(user: string, pass: string) {
   });
 }
 
-function sqcpSmtpTransport(user: string, pass: string) {
+function sqcpSmtpTransport() {
   return nodemailer.createTransport({
     host: SQCP_SMTP_HOST,
     port: SQCP_SMTP_PORT,
     secure: false,
-    auth: { user, pass },
+    auth: { user: SQCP_SMTP_USER, pass: SQCP_SMTP_PASS },
     tls: { rejectUnauthorized: false },
   });
 }
@@ -41,19 +43,19 @@ function getEnvSmtpTransport(account: Account = 'yahoo') {
     case 'founder':
       return fetcherpaySmtpTransport(process.env['FOUNDER_EMAIL']!, process.env['FOUNDER_PASSWORD']!);
     case 'sqcp_garfield':
-      return sqcpSmtpTransport(process.env['SQCP_GARFIELD_EMAIL']!, process.env['SQCP_GARFIELD_PASSWORD']!);
+      return sqcpSmtpTransport();
     case 'sqcp_info':
-      return sqcpSmtpTransport(process.env['SQCP_INFO_EMAIL']!, process.env['SQCP_INFO_PASSWORD']!);
+      return sqcpSmtpTransport();
     case 'sqcp_sales':
-      return sqcpSmtpTransport(process.env['SQCP_SALES_EMAIL']!, process.env['SQCP_SALES_PASSWORD']!);
+      return sqcpSmtpTransport();
     case 'sqcp_support':
-      return sqcpSmtpTransport(process.env['SQCP_SUPPORT_EMAIL']!, process.env['SQCP_SUPPORT_PASSWORD']!);
+      return sqcpSmtpTransport();
     case 'sqcp_founder':
-      return sqcpSmtpTransport(process.env['SQCP_FOUNDER_EMAIL']!, process.env['SQCP_FOUNDER_PASSWORD']!);
+      return sqcpSmtpTransport();
     case 'sqcp_contact':
-      return sqcpSmtpTransport(process.env['SQCP_CONTACT_EMAIL']!, process.env['SQCP_CONTACT_PASSWORD']!);
+      return sqcpSmtpTransport();
     case 'sqcp_admin':
-      return sqcpSmtpTransport(process.env['SQCP_ADMIN_EMAIL']!, process.env['SQCP_ADMIN_PASSWORD']!);
+      return sqcpSmtpTransport();
     case 'gmail':
       return nodemailer.createTransport({
         host: 'smtp.gmail.com',