The SMTPServer supplied by the smtpd library allows clients to send mail to any domain. This makes the server attractive to spammers, thinking they have found an open relay.

The patch below adds an "accept_domain" method to SMTPServer (documented below) which can be overridden by the user to compare the incoming domain against a list, etc, and return True or False (True=accept address, False=reject).

My apologies if this is the wrong place to submit this; I have not submitted a patch like this before and am just hoping to help! :)

Mike

--- smtpd.py.bak	2010-04-23 00:22:39.000000000 -0700
+++ smtpd.py	2010-04-23 00:51:22.000000000 -0700
@@ -241,6 +241,10 @@
         if not address:
             self.push('501 Syntax: RCPT TO: <address>')
             return
+	address_domain = address.split('@')[1]
+	if self._SMTPChannel__server.accept_domain(address_domain) is False:
+	    self.push('554 Relay access denied')
+	    return
         self.__rcpttos.append(address)
         print >> DEBUGSTREAM, 'recips:', self.__rcpttos
         self.push('250 Ok')
@@ -289,6 +293,15 @@
         print >> DEBUGSTREAM, 'Incoming connection from %s' % repr(addr)
         channel = SMTPChannel(self, conn, addr)
 
+    def accept_domain(self,domain):
+    	"""domain is a string like domain.com that specifes the domain of
+	an email address supplied by client's RCPT TO command.
+	
+	Override this method to determine whether SMTPServer should
+	accept mail for a given domain. This is handy for preventing
+	spammers from thinking you are running an open relay."""
+    	return True
+
     # API for "doing something useful with the message"
     def process_message(self, peer, mailfrom, rcpttos, data):
         """Override this abstract method to handle messages from the client.

This is the right place, thanks for the patch!

Since this is a feature request it can only be added to 3.2 (and 2.8, if such a thing ever exists).

Idea: wouldn't it be better to provide a more powerful "accept_mail" method instead of "accept_domain?

I don't think that is a suitable solution for this problem, because the expected SMTP behavior is to reject an unsuitable RCPT TO directly after it is proposed by the client.

However, I think it would be a great idea to have such a method being called after the end of the DATA segment (immediately before the message is queued - or not).

Mike

On 2010-04-23, at 12:00 PM, Giampaolo Rodola' wrote:

> 
> Giampaolo Rodola' <g.rodola@gmail.com> added the comment:
> 
> Idea: wouldn't it be better to provide a more powerful "accept_mail" method instead of "accept_domain?
> 
> ----------
> nosy: +giampaolo.rodola
> 
> _______________________________________
> Python tracker <report@bugs.python.org>
> <http://bugs.python.org/issue8503>
> _______________________________________

This sounds like an important feature to me.

A few points:

- I'd rename the function name from accept_domain to e.g. validate_domain for clarity

- There could also be a function to validate the loca part of each recipient addresses. Or maybe the function should be changed to validate the whole recipient address, not only the domain part.