diff --git a/model/email_server.go b/model/email_server.go
index e9636d1b..6c15545d 100644
--- a/model/email_server.go
+++ b/model/email_server.go
@@ -6,6 +6,7 @@ package model
 
 import (
 	"fmt"
+	"infini.sh/framework/core/elastic"
 	"infini.sh/framework/core/orm"
 )
 
@@ -15,11 +16,9 @@ type EmailServer struct {
 	Host string `json:"host" elastic_mapping:"host:{type:keyword}"`
 	Port int    `json:"port" elastic_mapping:"port:{type:keyword}"`
 	TLS  bool   `json:"tls" elastic_mapping:"tls:{type:keyword}"`
-	Auth struct {
-		Username string `json:"username" elastic_mapping:"username:{type:keyword}"`
-		Password string `json:"password" elastic_mapping:"password:{type:keyword}"`
-	} `json:"auth" elastic_mapping:"auth:{type:object}"`
+	Auth *elastic.BasicAuth `json:"auth" elastic_mapping:"auth:{type:object}"`
 	Enabled bool `json:"enabled" elastic_mapping:"enabled:{type:boolean}"`
+	CredentialID string `json:"credential_id" elastic_mapping:"credential_id:{type:keyword}"`
 }
 
 func (serv *EmailServer) Validate(requireName bool) error {
diff --git a/plugin/api/email/common/pipeline.go b/plugin/api/email/common/pipeline.go
index 20d98b42..a756b9eb 100644
--- a/plugin/api/email/common/pipeline.go
+++ b/plugin/api/email/common/pipeline.go
@@ -36,6 +36,11 @@ func RefreshEmailServer() error {
 		if err != nil {
 			return err
 		}
+		auth, err := GetBasicAuth(&emailServer)
+		if err != nil {
+			return err
+		}
+		emailServer.Auth = &auth
 		servers = append(servers, emailServer)
 	}
 	pipeCfgStr := GeneratePipelineConfig(servers)
diff --git a/plugin/api/email/server.go b/plugin/api/email/server.go
index b6a961bc..d9afe53f 100644
--- a/plugin/api/email/server.go
+++ b/plugin/api/email/server.go
@@ -293,17 +293,13 @@ func (h *EmailAPI) testEmailServer(w http.ResponseWriter, req *http.Request, ps
 		h.WriteError(w, err.Error(), http.StatusInternalServerError)
 		return
 	}
-	if reqBody.Auth.Password == "" && reqBody.ID != "" {
-		obj := model.EmailServer{}
-		obj.ID = reqBody.ID
-		_, err := orm.Get(&obj)
+	if reqBody.Auth.Password == "" && reqBody.CredentialID != "" {
+		auth, err := common.GetBasicAuth(&reqBody.EmailServer)
 		if  err != nil {
 			h.WriteError(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
-		if reqBody.Auth.Username == obj.Auth.Username {
-			reqBody.Auth.Password = obj.Auth.Password
-		}
+		reqBody.Auth = &auth
 	}
 	message := gomail.NewMessage()
 	message.SetHeader("From", reqBody.Auth.Username)