New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
smtpd SMTPServer does not allow domain filtering #52749
Comments
The SMTPServer supplied by the smtpd library allows clients to send mail to any domain. This makes the server attractive to spammers, thinking they have found an open relay. The patch below adds an "accept_domain" method to SMTPServer (documented below) which can be overridden by the user to compare the incoming domain against a list, etc, and return True or False (True=accept address, False=reject). My apologies if this is the wrong place to submit this; I have not submitted a patch like this before and am just hoping to help! :) Mike --- smtpd.py.bak 2010-04-23 00:22:39.000000000 -0700
+++ smtpd.py 2010-04-23 00:51:22.000000000 -0700
@@ -241,6 +241,10 @@
if not address:
self.push('501 Syntax: RCPT TO: <address>')
return
+ address_domain = address.split('@')[1]
+ if self._SMTPChannel__server.accept_domain(address_domain) is False:
+ self.push('554 Relay access denied')
+ return
self.__rcpttos.append(address)
print >> DEBUGSTREAM, 'recips:', self.__rcpttos
self.push('250 Ok')
@@ -289,6 +293,15 @@
print >> DEBUGSTREAM, 'Incoming connection from %s' % repr(addr)
channel = SMTPChannel(self, conn, addr)
+ def accept_domain(self,domain):
+ """domain is a string like domain.com that specifes the domain of
+ an email address supplied by client's RCPT TO command.
+
+ Override this method to determine whether SMTPServer should
+ accept mail for a given domain. This is handy for preventing
+ spammers from thinking you are running an open relay."""
+ return True
+
# API for "doing something useful with the message"
def process_message(self, peer, mailfrom, rcpttos, data):
"""Override this abstract method to handle messages from the client. |
This is the right place, thanks for the patch! Since this is a feature request it can only be added to 3.2 (and 2.8, if such a thing ever exists). |
Idea: wouldn't it be better to provide a more powerful "accept_mail" method instead of "accept_domain? |
I don't think that is a suitable solution for this problem, because the expected SMTP behavior is to reject an unsuitable RCPT TO directly after it is proposed by the client. However, I think it would be a great idea to have such a method being called after the end of the DATA segment (immediately before the message is queued - or not). Mike On 2010-04-23, at 12:00 PM, Giampaolo Rodola' wrote:
|
This sounds like an important feature to me. A few points:
|
I see no reason to restrict the filtering possibilities to the domain, so I added a method "validate_recipient_address" wich gets an address of the form "local-part@domain" and returns |
I'm closing this as won't fix since smtpd.py is deprecated and will likely not get any future development. Please see aiosmtpd as a much better third party replacement. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: