This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: smtpd SMTPServer does not allow domain filtering
Type: enhancement Stage: resolved
Components: email, Library (Lib) Versions: Python 3.3
process
Status: closed Resolution: wont fix
Dependencies: Superseder:
Assigned To: Nosy List: barry, eric.smith, giampaolo.rodola, jesstess, lpolzer, mike.s, petri.lehtinen, r.david.murray, zvyn
Priority: normal Keywords: patch

Created on 2010-04-23 07:56 by mike.s, last changed 2022-04-11 14:57 by admin. This issue is now closed.

Files
File name Uploaded Description Edit
issue8503.patch zvyn, 2014-06-10 21:58 Adds smtp.SMTPServer.validate_recipient_address(self, address). review
issue8503v2.patch zvyn, 2014-08-09 00:39 update (the old patch didn't work anymore) review
Messages (7)
msg103993 - (view) Author: mike s (mike.s) Date: 2010-04-23 07:56
The SMTPServer supplied by the smtpd library allows clients to send mail to any domain. This makes the server attractive to spammers, thinking they have found an open relay.

The patch below adds an "accept_domain" method to SMTPServer (documented below) which can be overridden by the user to compare the incoming domain against a list, etc, and return True or False (True=accept address, False=reject).

My apologies if this is the wrong place to submit this; I have not submitted a patch like this before and am just hoping to help! :)

Mike

--- smtpd.py.bak	2010-04-23 00:22:39.000000000 -0700
+++ smtpd.py	2010-04-23 00:51:22.000000000 -0700
@@ -241,6 +241,10 @@
         if not address:
             self.push('501 Syntax: RCPT TO: <address>')
             return
+	address_domain = address.split('@')[1]
+	if self._SMTPChannel__server.accept_domain(address_domain) is False:
+	    self.push('554 Relay access denied')
+	    return
         self.__rcpttos.append(address)
         print >> DEBUGSTREAM, 'recips:', self.__rcpttos
         self.push('250 Ok')
@@ -289,6 +293,15 @@
         print >> DEBUGSTREAM, 'Incoming connection from %s' % repr(addr)
         channel = SMTPChannel(self, conn, addr)
 
+    def accept_domain(self,domain):
+    	"""domain is a string like domain.com that specifes the domain of
+	an email address supplied by client's RCPT TO command.
+	
+	Override this method to determine whether SMTPServer should
+	accept mail for a given domain. This is handy for preventing
+	spammers from thinking you are running an open relay."""
+    	return True
+
     # API for "doing something useful with the message"
     def process_message(self, peer, mailfrom, rcpttos, data):
         """Override this abstract method to handle messages from the client.
msg104003 - (view) Author: Eric V. Smith (eric.smith) * (Python committer) Date: 2010-04-23 11:08
This is the right place, thanks for the patch!

Since this is a feature request it can only be added to 3.2 (and 2.8, if such a thing ever exists).
msg104039 - (view) Author: Giampaolo Rodola' (giampaolo.rodola) * (Python committer) Date: 2010-04-23 19:00
Idea: wouldn't it be better to provide a more powerful "accept_mail" method instead of "accept_domain?
msg104040 - (view) Author: mike s (mike.s) Date: 2010-04-23 19:05
I don't think that is a suitable solution for this problem, because the expected SMTP behavior is to reject an unsuitable RCPT TO directly after it is proposed by the client.

However, I think it would be a great idea to have such a method being called after the end of the DATA segment (immediately before the message is queued - or not).

Mike

On 2010-04-23, at 12:00 PM, Giampaolo Rodola' wrote:

> 
> Giampaolo Rodola' <g.rodola@gmail.com> added the comment:
> 
> Idea: wouldn't it be better to provide a more powerful "accept_mail" method instead of "accept_domain?
> 
> ----------
> nosy: +giampaolo.rodola
> 
> _______________________________________
> Python tracker <report@bugs.python.org>
> <http://bugs.python.org/issue8503>
> _______________________________________
msg146014 - (view) Author: Petri Lehtinen (petri.lehtinen) * (Python committer) Date: 2011-10-20 09:53
This sounds like an important feature to me.

A few points:

- I'd rename the function name from accept_domain to e.g. validate_domain for clarity

- There could also be a function to validate the loca part of each recipient addresses. Or maybe the function should be changed to validate the whole recipient address, not only the domain part.
msg220200 - (view) Author: Milan Oberkirch (zvyn) * Date: 2014-06-10 21:58
I see no reason to restrict the filtering possibilities to the domain, so I added a method "validate_recipient_address" wich gets an address of the form "local-part@domain" and returns `True`.
SMTPChannel.smtp_RCPT checks any address with this method before appending it to the recipient list and returns "554 ..." as proposed by Mike if the validation failed.
msg309752 - (view) Author: Barry A. Warsaw (barry) * (Python committer) Date: 2018-01-10 00:55
I'm closing this as won't fix since smtpd.py is deprecated and will likely not get any future development.  Please see aiosmtpd as a much better third party replacement.
History
Date User Action Args
2022-04-11 14:57:00adminsetgithub: 52749
2018-01-10 00:55:19barrysetstatus: open -> closed
resolution: wont fix
messages: + msg309752

stage: test needed -> resolved
2014-08-09 00:39:39zvynsetfiles: + issue8503v2.patch
2014-06-10 21:58:24zvynsetfiles: + issue8503.patch

nosy: + r.david.murray, jesstess, barry, zvyn
messages: + msg220200

components: + email
keywords: + patch
2013-11-20 10:54:27lpolzersetnosy: + lpolzer
2011-10-20 09:53:36petri.lehtinensetmessages: + msg146014
2011-10-20 09:35:41petri.lehtinensetnosy: + petri.lehtinen

versions: + Python 3.3, - Python 3.2
2010-04-23 19:05:12mike.ssetmessages: + msg104040
2010-04-23 19:00:35giampaolo.rodolasetnosy: + giampaolo.rodola
messages: + msg104039
2010-04-23 11:08:06eric.smithsetpriority: normal

type: enhancement
versions: - Python 2.6, Python 2.5, Python 3.1, Python 2.7, Python 3.3
nosy: + eric.smith

messages: + msg104003
stage: test needed
2010-04-23 07:59:57mike.ssettitle: smtpd module does not allow domain filtering -> smtpd SMTPServer does not allow domain filtering
2010-04-23 07:59:29mike.ssettitle: smtpd module does not allow -> smtpd module does not allow domain filtering
2010-04-23 07:56:10mike.screate