Fix some issues 11

services/notification/README.md

@@ -868,10 +868,11 @@ email_open_rate = Gauge(
 **Email (SMTP) Configuration:**
 - `SMTP_HOST` - SMTP server host
 - `SMTP_PORT` - SMTP server port (default: 587)
-- `SMTP_USERNAME` - SMTP username
-- `SMTP_PASSWORD` - SMTP password
+- `SMTP_USERNAME` - SMTP username (optional for trusted relay)
+- `SMTP_PASSWORD` - SMTP password (optional for trusted relay)
 - `SMTP_FROM_ADDRESS` - From email address
 - `SMTP_USE_TLS` - Enable TLS (default: true)
+- `SMTP_REQUIRE_AUTH` - Require SMTP authentication (default: false for trusted relay)
 
 **Twilio Configuration:**
 - `TWILIO_ACCOUNT_SID` - Twilio account SID
@@ -890,6 +891,86 @@ email_open_rate = Gauge(
 - `SMS_COST_PER_MESSAGE` - Cost per SMS (default: 0.08 EUR)
 - `EMAIL_COST_PER_MESSAGE` - Cost per email (default: 0.001 EUR)
 
+## Mailu Integration
+
+The notification service is designed to work seamlessly with Mailu email servers, especially for internal bakery communications.
+
+### Internal Email Delivery (Recommended)
+When sending emails to addresses within the same Mailu domain (e.g., `user@your-bakery.com`), Mailu handles these as internal messages:
+
+- **No SMTP authentication required** - Mailu trusts internal subnet connections
+- **Direct inbox delivery** - Messages stay within Mailu's internal mail store
+- **Faster delivery** - No external SMTP relay needed
+- **Better reliability** - No dependency on external email providers
+
+### Configuration for Mailu
+
+```bash
+# Mailu internal configuration (recommended for bakery communications)
+export SMTP_HOST=mailu.your-domain.com  # or mailu.internal if using internal DNS
+export SMTP_PORT=587                    # Standard submission port
+export SMTP_REQUIRE_AUTH=false         # No authentication needed for internal relay
+export DEFAULT_FROM_EMAIL=noreply@your-bakery.com
+
+# Optional: If using Mailu's webmail interface
+export SMTP_PORT=25                   # Alternative: use port 25 for internal relay
+```
+
+### Mailu Subnet Trust Configuration
+
+For Mailu to accept unauthenticated connections from the notification service:
+
+1. **Configure Mailu's relay networks** in `mailu.env`:
+   ```ini
+   # Add your Kubernetes service subnet to trusted networks
+   RELAYNETS=10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
+   ```
+
+2. **Ensure DNS resolution** works between services:
+   ```bash
+   # From notification service pod, test Mailu connectivity
+   nslookup mailu.your-domain.com
+   telnet mailu.your-domain.com 587
+   ```
+
+3. **Verify internal delivery** with Mailu logs:
+   ```bash
+   # Check Mailu container logs for internal message processing
+   kubectl logs -f mailu-pod-name | grep "internal delivery"
+   ```
+
+## Trusted Relay Configuration
+
+The notification service supports both authenticated SMTP and trusted relay modes:
+
+### Trusted Relay Mode (Default)
+For internal Mailu servers or other trusted SMTP relays that don't require authentication:
+
+```bash
+# No authentication - trusted relay mode (default)
+export SMTP_HOST=mailu.example.com
+export SMTP_PORT=587
+export SMTP_REQUIRE_AUTH=false  # Explicitly disable auth (default is false)
+# SMTP_USERNAME and SMTP_PASSWORD can be empty
+```
+
+### Authenticated SMTP Mode
+For external SMTP services like SendGrid, Amazon SES, or Gmail:
+
+```bash
+# With authentication - external SMTP services
+export SMTP_HOST=smtp.sendgrid.net
+export SMTP_PORT=587
+export SMTP_USERNAME=apikey
+export SMTP_PASSWORD=your_sendgrid_api_key
+export SMTP_REQUIRE_AUTH=true  # Explicitly enable auth
+```
+
+The service automatically detects the configuration:
+- If `SMTP_REQUIRE_AUTH=false` (default), authentication is skipped
+- If `SMTP_REQUIRE_AUTH=true` but credentials are missing, it will fail with clear error
+- If credentials are provided but `SMTP_REQUIRE_AUTH=false`, it will still skip authentication
+
 ## Development Setup
 
 ### Prerequisites
@@ -901,6 +982,8 @@ email_open_rate = Gauge(
 - Twilio account (for WhatsApp/SMS)
 
 ### Local Development
+
+#### With Mailu (Recommended for Bakery-IA)
 ```bash
 cd services/notification
 python -m venv venv
@@ -911,9 +994,43 @@ pip install -r requirements.txt
 export DATABASE_URL=postgresql://user:pass@localhost:5432/notification
 export REDIS_URL=redis://localhost:6379/0
 export RABBITMQ_URL=amqp://guest:guest@localhost:5672/
+
+# Mailu configuration (internal bakery communications)
+export SMTP_HOST=mailu.bakery-ia.local  # Internal Mailu service
+export SMTP_PORT=587                    # Submission port
+export SMTP_REQUIRE_AUTH=false         # No auth needed - Mailu subnet trust
+export DEFAULT_FROM_EMAIL=noreply@bakeryforecast.es
+
+# Optional: For testing external emails
+export ENABLE_EMAIL_NOTIFICATIONS=true
+
+export TWILIO_ACCOUNT_SID=your_twilio_sid
+export TWILIO_AUTH_TOKEN=your_twilio_token
+
+alembic upgrade head
+python main.py
+```
+
+#### With External SMTP (SendGrid, Gmail, etc.)
+```bash
+cd services/notification
+python -m venv venv
+source venv/bin/activate
+
+pip install -r requirements.txt
+
+export DATABASE_URL=postgresql://user:pass@localhost:5432/notification
+export REDIS_URL=redis://localhost:6379/0
+export RABBITMQ_URL=amqp://guest:guest@localhost:5672/
+
+# External SMTP configuration (SendGrid example)
 export SMTP_HOST=smtp.sendgrid.net
+export SMTP_PORT=587
 export SMTP_USERNAME=apikey
 export SMTP_PASSWORD=your_sendgrid_api_key
+export SMTP_REQUIRE_AUTH=true  # Explicit authentication required
+export DEFAULT_FROM_EMAIL=noreply@yourdomain.com
+
 export TWILIO_ACCOUNT_SID=your_twilio_sid
 export TWILIO_AUTH_TOKEN=your_twilio_token