[Twisted-Python] SMTP: Authenticating on Outbound emails only

Anthony Lukach anthonylukach at gmail.com
Sun Feb 12 09:50:32 MST 2017 

Thanks Jean-Paul, that indeed did help!  To restate what you said, we're
now allowing both authenticated and unauthenticated (anonymous)
connections, each returning a different type of Avatar.  We then take a
look at what the connection is trying to do (handle outbound email vs.
handle inbound email) and either permit/deny the action based on what
avatar is being used.

I appreciate the help!

Anthony

On Thu, Feb 9, 2017 at 11:39 AM Jean-Paul Calderone <
exarkun at twistedmatrix.com> wrote:

> On Thu, Feb 9, 2017 at 12:29 PM, Anthony Lukach <anthonylukach at gmail.com>
> wrote:
>
> I am working on putting together an SMTP server implemented within
> Twisted.  This will act as a conduit to my API, where there are two basic
> flows:
>
> 1) A device that supports sending email can "send" an email through the
> SMTP server. This is, in effect, the SMTP server handling the message as an
> outbound request.  The device would authenticate with the server and then
> provide it the message to be sent (which in reality will be uploaded to my
> API).
>
> 2) A device can send an email to my SMTP server via their own SMTP server.
> My server would receive the incoming message, parse its contents, and then
> upload the data to my API. Naturally, these incoming messages would not be
> required to authenticate with the server.
>
> I'm having trouble constructing the server in a way that outbound messages
> require authentication but incoming messages do not.
>
>
> twisted.mail and cred support anonymous access.  I think that what you
> want is to implement an avatar that can only accept messages for local
> delivery and use that for anonymous users.  If an anonymous user tries to
> send mail to a non-local user, they get back an error.  Either they made a
> mistake and they should try again after authenticating or they're trying to
> abuse the service and that's what you want.  That's case (2).  Then
> implement the relay logic in another avatar and use that for authenticated
> users.  That's case (1).
>
> This relies on the fact that the realm you supply is responsible for
> creating avatars and the realm gets told the avatarId for which it should
> create an avatar - and the anonymous user can be differentiated from other
> users by the avatarId.
>
> Does that help?
>
>
> Can anyone direct me to an example of an SMTP server that is both
> accepting inbound and outbound emails and authenticates only on outbound
> emails?
>
>
> As it happens, yes...
>
> This avatar supports local-only delivery:
> https://github.com/twisted/quotient/blob/master/xquotient/mail.py#L51
> This one supports relaying:
> https://github.com/twisted/quotient/blob/master/xquotient/mail.py#L528
> Here's the factory and portal setup code:
> https://github.com/twisted/quotient/blob/master/xquotient/mail.py#L302
>
> The realm is a bit spread out and involves some Axiom-specific concepts
> that you probably don't need to know... But let me know if the above three
> links don't make things clear.
>
>  Jean-Paul
> _______________________________________________
> Twisted-Python mailing list
> Twisted-Python at twistedmatrix.com
> http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/twisted-python/attachments/20170212/db9b92c2/attachment-0002.html>

More information about the Twisted-Python mailing list