Thanks Jean-Paul, that indeed did help! To restate what you said, we're now allowing both authenticated and unauthenticated (anonymous) connections, each returning a different type of Avatar. We then take a look at what the connection is trying to do (handle outbound email vs. handle inbound email) and either permit/deny the action based on what avatar is being used.
I appreciate the help! Anthony On Thu, Feb 9, 2017 at 11:39 AM Jean-Paul Calderone < exar...@twistedmatrix.com> wrote: > On Thu, Feb 9, 2017 at 12:29 PM, Anthony Lukach <anthonyluk...@gmail.com> > wrote: > > I am working on putting together an SMTP server implemented within > Twisted. This will act as a conduit to my API, where there are two basic > flows: > > 1) A device that supports sending email can "send" an email through the > SMTP server. This is, in effect, the SMTP server handling the message as an > outbound request. The device would authenticate with the server and then > provide it the message to be sent (which in reality will be uploaded to my > API). > > 2) A device can send an email to my SMTP server via their own SMTP server. > My server would receive the incoming message, parse its contents, and then > upload the data to my API. Naturally, these incoming messages would not be > required to authenticate with the server. > > I'm having trouble constructing the server in a way that outbound messages > require authentication but incoming messages do not. > > > twisted.mail and cred support anonymous access. I think that what you > want is to implement an avatar that can only accept messages for local > delivery and use that for anonymous users. If an anonymous user tries to > send mail to a non-local user, they get back an error. Either they made a > mistake and they should try again after authenticating or they're trying to > abuse the service and that's what you want. That's case (2). Then > implement the relay logic in another avatar and use that for authenticated > users. That's case (1). > > This relies on the fact that the realm you supply is responsible for > creating avatars and the realm gets told the avatarId for which it should > create an avatar - and the anonymous user can be differentiated from other > users by the avatarId. > > Does that help? > > > Can anyone direct me to an example of an SMTP server that is both > accepting inbound and outbound emails and authenticates only on outbound > emails? > > > As it happens, yes... > > This avatar supports local-only delivery: > https://github.com/twisted/quotient/blob/master/xquotient/mail.py#L51 > This one supports relaying: > https://github.com/twisted/quotient/blob/master/xquotient/mail.py#L528 > Here's the factory and portal setup code: > https://github.com/twisted/quotient/blob/master/xquotient/mail.py#L302 > > The realm is a bit spread out and involves some Axiom-specific concepts > that you probably don't need to know... But let me know if the above three > links don't make things clear. > > Jean-Paul > _______________________________________________ > Twisted-Python mailing list > Twisted-Python@twistedmatrix.com > http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python >
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
