fix: use WithTLSPolicy instead of WithTLSPortPolicy to preserve user-configured SMTP port

WithTLSPortPolicy calls SetTLSPortPolicy, which checks `c.port == DefaultPort`
(25) to decide whether the port was explicitly set or left as default. When a
user configures port 25 — common for internal relay hosts that accept plaintext
SMTP — the guard condition evaluates true and the library silently overrides the
port to 587 (DefaultPortTLS) with a fallback to 25.

This causes a two-stage failure in environments where port 587 is unreachable:

  1. The primary dial to host:587 blocks for the full 15-second connection
     timeout (go-mail DefaultTimeout) waiting on a firewalled port.
  2. The fallback dial to host:25 fires with an already-expired context,
     producing a misleading "lookup <host>: i/o timeout" DNS error rather
     than the actual root cause (port 587 unreachable).

The previous mail library (gopkg.in/mail.v2) used the port value directly
without any policy-based override, so this regression surfaced only after
migrating to github.com/wneessen/go-mail.

WithTLSPolicy applies the same STARTTLS negotiation semantics (NoTLS or
TLSOpportunistic) without mutating the port, which is the correct choice
when the caller has already provided an explicit port via WithPort.

DOCS.md

@@ -73,6 +73,55 @@ drone secret add \
 
 See [Secret Guide](https://docs.drone.io/secret/) for additional information on secrets.
 
+### Harness CI Plugin Step
+
+When using this plugin in Harness CI pipelines, you can configure it as a Plugin step. The plugin automatically uses DRONE_* environment variables provided by the Harness CI environment for build context (repository, commit, build status, etc.).
+
+```yaml
+pipeline:
+  orgIdentifier: default
+  tags: {}
+  stages:
+    - stage:
+        name: Run Plugin
+        identifier: Email_Notification
+        description: ""
+        type: CI
+        spec:
+          cloneCodebase: false
+          platform:
+            os: Windows
+            arch: Amd64
+          runtime:
+            type: Cloud
+            spec: {}
+          execution:
+            steps:
+              - step:
+                  type: Plugin
+                  name: Email Plugin
+                  identifier: Email_Plugin
+                  spec:
+                    connectorRef: emailtestdocker
+                    image: plugins/email:3.1.0-debug
+                    settings:
+                      from.address: from@example.com
+                      from.name: Magic Elves
+                      host: sandbox.smtp.mailtrap.io
+                      username: <+secrets.getValue("smtp_username")>
+                      password: <+secrets.getValue("smtp_password")>
+                      recipients: user@example.com
+                      port: "2525"
+          caching:
+            enabled: false
+            paths: []
+          buildIntelligence:
+            enabled: false
+  projectIdentifier: example_project
+  identifier: email_notification_pipeline
+  name: Email Notification Pipeline
+```
+
 ### Custom Templates
 
 In some cases you may want to customize the look and feel of the email message

defaults.go

@@ -191,7 +191,7 @@ const DefaultTemplate = `
           <div class="content">
             <table class="main" width="100%" cellpadding="0" cellspacing="0">
               <tr>
-                {{#success build.status}}
+                {{#equal build.status "success"}}
                   <td class="alert alert-good">
                     <a href="{{ build.link }}">
                       Successful build #{{ build.number }}
@@ -203,7 +203,7 @@ const DefaultTemplate = `
                       Failed build #{{ build.number }}
                     </a>
                   </td>
-                {{/success}}
+                {{/equal}}
               </tr>
               <tr>
                 <td class="content-wrap">

plugin.go

@@ -185,10 +185,13 @@ func (p Plugin) Exec() error {
 	}
 
 	// Handle STARTTLS policy
+	// Note: Use WithTLSPolicy (not WithTLSPortPolicy) to avoid overriding
+	// the user-configured port. WithTLSPortPolicy treats port 25 as "default/unset"
+	// and silently changes it to 587 for TLSOpportunistic/TLSMandatory.
 	if p.Config.NoStartTLS {
-		options = append(options, mail.WithTLSPortPolicy(mail.NoTLS))
+		options = append(options, mail.WithTLSPolicy(mail.NoTLS))
 	} else {
-		options = append(options, mail.WithTLSPortPolicy(mail.TLSOpportunistic))
+		options = append(options, mail.WithTLSPolicy(mail.TLSOpportunistic))
 	}
 
 	client, err := mail.NewClient(p.Config.Host, options...)