[Twisted-Python] SMTP: Authenticating on Outbound emails only

Jean-Paul Calderone exarkun at twistedmatrix.com
Thu Feb 9 11:36:10 MST 2017


On Thu, Feb 9, 2017 at 12:29 PM, Anthony Lukach <anthonylukach at gmail.com>
wrote:

> I am working on putting together an SMTP server implemented within
> Twisted.  This will act as a conduit to my API, where there are two basic
> flows:
>
> 1) A device that supports sending email can "send" an email through the
> SMTP server. This is, in effect, the SMTP server handling the message as an
> outbound request.  The device would authenticate with the server and then
> provide it the message to be sent (which in reality will be uploaded to my
> API).
>
> 2) A device can send an email to my SMTP server via their own SMTP server.
> My server would receive the incoming message, parse its contents, and then
> upload the data to my API. Naturally, these incoming messages would not be
> required to authenticate with the server.
>
> I'm having trouble constructing the server in a way that outbound messages
> require authentication but incoming messages do not.
>

twisted.mail and cred support anonymous access.  I think that what you want
is to implement an avatar that can only accept messages for local delivery
and use that for anonymous users.  If an anonymous user tries to send mail
to a non-local user, they get back an error.  Either they made a mistake
and they should try again after authenticating or they're trying to abuse
the service and that's what you want.  That's case (2).  Then implement the
relay logic in another avatar and use that for authenticated users.  That's
case (1).

This relies on the fact that the realm you supply is responsible for
creating avatars and the realm gets told the avatarId for which it should
create an avatar - and the anonymous user can be differentiated from other
users by the avatarId.

Does that help?


> Can anyone direct me to an example of an SMTP server that is both
> accepting inbound and outbound emails and authenticates only on outbound
> emails?
>
>
As it happens, yes...

This avatar supports local-only delivery:
https://github.com/twisted/quotient/blob/master/xquotient/mail.py#L51
This one supports relaying:
https://github.com/twisted/quotient/blob/master/xquotient/mail.py#L528
Here's the factory and portal setup code:
https://github.com/twisted/quotient/blob/master/xquotient/mail.py#L302

The realm is a bit spread out and involves some Axiom-specific concepts
that you probably don't need to know... But let me know if the above three
links don't make things clear.

 Jean-Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20170209/1449c70c/attachment-0002.html>


More information about the Twisted-Python mailing list