I'm coding an SMTP Server here and wondering an issue which I don't know how to proceed.
You know that when you using Outlook, ThunderBird or any email client to send email, we need (the most of times) username and password to authenticate with the SMTP Server. In this case, SMTP Server requires an "AUTH LOGIN" before other commands such as MAIL, DATA...
I completed this stub in my project. But I'm wondering about a case, when another SMTP Client send directly to my SMTP Server. I mean our server is the final destination of the email. In this case, the authentication with AUTH LOGIN should not be required.
How can I organize my code for 2 cases above. How does the professional MTA such as Postfix, PowerMTA, Exim organize for these.
I hope you will help me
Most outgoing SMTP servers do one of the following:
1) Require SMTP Authentication
2) Alllow relaying without SMTP Authentication only from clients within a certain IP range
If you are doing neither of the above, then that means that your SMTP server is basically operating as an 'open relay', meaning that spammers can abuse your server to send outgoing spam mail.
Many ISP-hosted SMTP servers do #2 above, to allow their clients (and only their clients) to send mail through their SMTP server - as long as the client is on their network.
Related
If you use smtp.gmail.com, you have to specify your mail credentials. To send a mail to a gmail account you need that server right? How is it possible for outsiders to send a mail to a gmail address?
Found it myself:
smtp.gmail.com is a relay server, relay servers only receive mail to redirect it to a so-called mx server, a mx server is a smtp server that is configured to receive mail and directly deliver it (to a user inside) the gmail mx server (they do not require authentication) is: gmail-smtp-in.l.google.com
There are four alternative servers, you can prefix altx. to use one of those e.g. alt3.gmail-smtp-in.l.google.com
The mail program knows where to send the mail by an mx lookup database, so basically a list of #example.org and corresponding mx servers. See mxtoolbox.com for more info
Assume you have a Gmail account and want to send an E-mail to an account on yahoo mail server from Gmail account, here are the steps:
Client mail manager (say outlook) connects to gmail server and authenticates your account(using username/password that you have already)
after the authentication is done, your mail is sent to gmail server
so here is the question: how gmail proves itself to yahoo? has
gmail any username/password or some sort of things? is authentication needed for this?
In general there is no authentication from one SMTP server to another. The only authentication is from you to gmail.
This is one reason why spam is such a problem. The basic SMTP protocol just assumes there is no spam. You open a connection to a mail server and just send the headers like
from: mehrdad#gmail.com
to: gman#yahoo.com
Hello
And yahoo.com (the receiver) will happy except the email regardless of what computer it came from.
Because of those issues things have been added but they are optional.
One is DKIM. It works by signing your email with a digital signature. The signed email can be verified by the receiver (in your case by yahoo). Yahoo can check for gmail's public key in gmail's DNS records and check that the mail's signature cryptographically matches. It's up to the receiver (yahoo) to decide if it wants to check that or not. If the sender (Google or a spammer) does not add the signature then again, it's up to the receiver to decide what to do with the message. It could assume it's okay and pass it on. It could check if there is a public key available and if it is and the email has no signature then may not pass it on? Or mark it as "possibly spam"
There's also SPF. SPF is designed so that the receiver (yahoo) can verify that only the sender (Google) is allowed to send mail from gmail.com.
Then there is DMARC. DMARC lets Google (the sender) tell Yahoo (the receiver) what to do when when the stuff above fails. For example wither or not to forward messages who's signatures don't match the key. It's up to the receiver to decide to use this info.
Along with the linked wikipedia articles here's a pretty good overview of what happens and the problems involved.
I want to develop an email sending application like www.formget.com or similar.
Can anyone will help how to integrate OpenDKIM with my email sending application?
Any idea from anyone would be highly appreciated
I think the first question is how you send your mails? Via your own mailserver postfix, sendmail, ... or you use a smtp relay sendgrid, mailgun, emailsocket,...
The easiest way is using a smtp relay Service, this company create the dns records (SPF, DKIM, DMARC) and you must only set this records on your domain.
So I'm trying to utilize the smtp, mime, and tls packages for Tcl to be able to allow my program to send e-mails via external mail servers such as the gmail server (smtp.gmail.com) and yahoo server (smtp.mail.yahoo.com). I have an issue arising:
Sending email via the gmail server gives me the following error:
handshake failed: resource temporarily unavailable
while executing
"::tls::handshake $state(sd)"
I am using the smtp information found here: http://email.about.com/od/accessinggmail/f/Gmail_SMTP_Settings.htm
and my code looks like this:
tls::init -tls1 1;
set token [mime::initialize -canonical text/plain -string $body];
mime::setheader $token Subject "Test Email";
smtp::sendmessage $token -recipients "<my email address here>" -servers "smtp.gmail.com" -ports 587 -username "<my other email address here>" -password "<my password here>" -usetls true -debug 1;
mime::finalize $token;
Google automatically sent my gmail account an email saying:
We recently blocked a sign-in attempt to your Google Account <my email here>
And it gave me the option to change the security settings for "less secure apps" to allow my program to utilize the mail server. So I did, then my code worked just fine. What I don't understand is why gmail is blocking my attempts to send an e-mail; why it considers my attempt "less secure" thereby forcing me to lower the security settings on the e-mail account prior to sending emails from it. Perhaps my understanding is off, but I believe I'm using tls? And isn't tls more secure than ssl? Why does gmail have tls port if I can't connect to it anyway?
EDIT: Also I tried changing tls::init -tls1 1; to tls::init -ssl3 1; and using port 465 instead of 587, still to no avail.
When I try accessing the yahoo mail server (information retrieved from: http://www.serversmtp.com/en/smtp-yahoo), I get the following error:
premature end-of-file from server
while executing
"smtp::sendmessage $token -recipients "<my email here>" -servers "smtp.mail.yahoo.com" -ports 465 -username "my other email here" -password "<my password>" -usetls true -debug 1;..."
UPDATE
I learned that for yahoo, the account you want to use has to be a Yahoo Mail Plus account to let you do smtp mail sending.
Have you considered the possibility that this might not be a technical limitation so much as a policy one? Mail is very heavily locked down these days due to decades of abuse by spammers. There's probably some additional mail header that you'd have to set in order to send a cryptographic token based on some API key, which would allow direct access without that option being enabled. Just a little research leads me to this page, which says:
IMAP and SMTP use the standard Simple Authentication and Security Layer (SASL), via the native IMAP AUTHENTICATE and SMTP AUTH commands, to authenticate users. The SASL XOAUTH2 mechanism enables clients to provide OAuth 2.0 credentials for authentication. The SASL XOAUTH2 protocol documentation describes the SASL XOAUTH2 mechanism in great detail, and libraries and samples which have implemented the protocol are available.
Incoming connections to the IMAP server at imap.gmail.com:993 require SSL. The outgoing SMTP server, smtp.gmail.com, requires TLS. Use port 465, or port 587 if your client begins with plain text before issuing the STARTTLS command.
Now, though there is a SASL implementation in tcllib, and the smtp package uses it by default, there isn't an implementation of the XOAUTH2 mechanism in tcllib (which you can see by inspection of the code — look for ::SASL::register), making things fall back on older mechanisms that Google are less happy with. Fixing that would be outside the scope of this answer (but in general that's where “get coding” is suggested, or at least “file a feature request”).
I've not yet been able to nail down exactly what's required in the Yahoo Mail documentation; it seems harder for me to search…
Im trying to send an html email with attachment to list of users. Our client also requires the track of undelivered email ids, so we thought of using sp_send_dbmail feature available in SQL server, which has logs for email sent using it. Our client also mandate to DKIM sign the emails. Im not able to find how to DKIM sign the emails sent through sp_send_dbmail.
Please help!..
Normally DKIM signing is a SMTP server business, not SQL. You want to talk to postmaster. There are several steps involved in enabling DKIM signing outgoing email:
Generation of RSA crypto key pair
Publication of public key in DNS (so receiving server is able to verify the signature)
Setting up signing service
Modifying your SMTP server configuration to use this signing service for all or specific outgoing emails
There are third party controls that enable signing from within SQL, but not using sp_send_dbmail. See here for example: http://www.example-code.com/sql/dkim_sendDkimSigned.asp
However they don't eliminate the 1 and 2 above.