smtpd SMTPServer does not allow domain filtering

[mikes]

BPO	8503
Nosy	@warsaw, @ericvsmith, @giampaolo, @bitdancer, @akheron, @zvyn
Files	issue8503.patch: Adds smtp.SMTPServer.validate_recipient_address(self, address). issue8503v2.patch: update (the old patch didn't work anymore)

^{Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.}

Show more details

GitHub fields:

assignee = None
closed_at = <Date 2018-01-10.00:55:19.635>
created_at = <Date 2010-04-23.07:56:10.704>
labels = ['type-feature', 'library', 'expert-email']
title = 'smtpd SMTPServer does not allow domain filtering'
updated_at = <Date 2018-01-10.00:55:19.633>
user = 'https://bugs.python.org/mikes'

bugs.python.org fields:

activity = <Date 2018-01-10.00:55:19.633>
actor = 'barry'
assignee = 'none'
closed = True
closed_date = <Date 2018-01-10.00:55:19.635>
closer = 'barry'
components = ['Library (Lib)', 'email']
creation = <Date 2010-04-23.07:56:10.704>
creator = 'mike.s'
dependencies = []
files = ['35560', '36325']
hgrepos = []
issue_num = 8503
keywords = ['patch']
message_count = 7.0
messages = ['103993', '104003', '104039', '104040', '146014', '220200', '309752']
nosy_count = 9.0
nosy_names = ['barry', 'eric.smith', 'giampaolo.rodola', 'r.david.murray', 'jesstess', 'mike.s', 'petri.lehtinen', 'lpolzer', 'zvyn']
pr_nums = []
priority = 'normal'
resolution = 'wont fix'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'enhancement'
url = 'https://bugs.python.org/issue8503'
versions = ['Python 3.3']

[mikes]

The SMTPServer supplied by the smtpd library allows clients to send mail to any domain. This makes the server attractive to spammers, thinking they have found an open relay.

The patch below adds an "accept_domain" method to SMTPServer (documented below) which can be overridden by the user to compare the incoming domain against a list, etc, and return True or False (True=accept address, False=reject).

My apologies if this is the wrong place to submit this; I have not submitted a patch like this before and am just hoping to help! :)

Mike

--- smtpd.py.bak	2010-04-23 00:22:39.000000000 -0700
+++ smtpd.py	2010-04-23 00:51:22.000000000 -0700
@@ -241,6 +241,10 @@
         if not address:
             self.push('501 Syntax: RCPT TO: <address>')
             return
+	address_domain = address.split('@')[1]
+	if self._SMTPChannel__server.accept_domain(address_domain) is False:
+	    self.push('554 Relay access denied')
+	    return
         self.__rcpttos.append(address)
         print >> DEBUGSTREAM, 'recips:', self.__rcpttos
         self.push('250 Ok')
@@ -289,6 +293,15 @@
         print >> DEBUGSTREAM, 'Incoming connection from %s' % repr(addr)
         channel = SMTPChannel(self, conn, addr)
 
+    def accept_domain(self,domain):
+    	"""domain is a string like domain.com that specifes the domain of
+	an email address supplied by client's RCPT TO command.
+	
+	Override this method to determine whether SMTPServer should
+	accept mail for a given domain. This is handy for preventing
+	spammers from thinking you are running an open relay."""
+    	return True
+
     # API for "doing something useful with the message"
     def process_message(self, peer, mailfrom, rcpttos, data):
         """Override this abstract method to handle messages from the client.

[ericvsmith]

This is the right place, thanks for the patch!

Since this is a feature request it can only be added to 3.2 (and 2.8, if such a thing ever exists).

[giampaolo]

Idea: wouldn't it be better to provide a more powerful "accept_mail" method instead of "accept_domain?

[mikes]

I don't think that is a suitable solution for this problem, because the expected SMTP behavior is to reject an unsuitable RCPT TO directly after it is proposed by the client.

However, I think it would be a great idea to have such a method being called after the end of the DATA segment (immediately before the message is queued - or not).

Mike

On 2010-04-23, at 12:00 PM, Giampaolo Rodola' wrote:

Giampaolo Rodola' <g.rodola@gmail.com> added the comment:

Idea: wouldn't it be better to provide a more powerful "accept_mail" method instead of "accept_domain?

----------
nosy: +giampaolo.rodola

---

Python tracker <report@bugs.python.org>
<http://bugs.python.org/issue8503\>

---

[akheron]

This sounds like an important feature to me.

A few points:

• I'd rename the function name from accept_domain to e.g. validate_domain for clarity

• There could also be a function to validate the loca part of each recipient addresses. Or maybe the function should be changed to validate the whole recipient address, not only the domain part.

[zvyn]

I see no reason to restrict the filtering possibilities to the domain, so I added a method "validate_recipient_address" wich gets an address of the form "local-part@domain" and returns True.
SMTPChannel.smtp_RCPT checks any address with this method before appending it to the recipient list and returns "554 ..." as proposed by Mike if the validation failed.

[warsaw]

I'm closing this as won't fix since smtpd.py is deprecated and will likely not get any future development. Please see aiosmtpd as a much better third party replacement.