search

aio-libs / aiosmtpd

A reimplementation of the Python stdlib smtpd.py based on asyncio.
https://aiosmtpd.aio-libs.org
Apache License 2.0
313 stars 95 forks source link

Can you guys add SPF(Sender Policy Framework) auth function/argument to this framework? #371

Closed yingshaoxo closed 1 year ago

yingshaoxo commented 1 year ago

Here is an example:

https://github.com/sdgathman/pyspf#:~:text=The%20RFC%204408/7208%20compliant%20API

Without the auth, we can't really be sure who send an email, which could be dangerous.

And how can I get the source IP info of an email from aiosmtpd?

yingshaoxo commented 1 year ago

All I need is to make sure if an email was sent from an IP that was owned by a domain the email claimed to be.

In another words, if it is a forged email, we directly drop it without processing.

I even think that you guys could make it an argument like: drop_fake_source_email=True

magnus-een commented 1 year ago

Hi @yingshaoxo ,

You can get the connecting IP address from the Session's peer value. Once you have this, you can use any existing python SPF library (pyspf for example) to validate the SPF result.

Best, Magnus

yingshaoxo commented 1 year ago

OK, thank you

On Wed, Mar 22, 2023, 3:42 PM Magnus Eén @.***> wrote:

Hi @yingshaoxo https://github.com/yingshaoxo ,

You can get the connecting IP address from the Sessions peer https://aiosmtpd.readthedocs.io/en/latest/concepts.html#Session.peer value. Once you have this, you can use any existing python SPF library (pyspf https://pypi.org/project/pyspf/for example) to validate the SPF result.

Best, Magnus

— Reply to this email directly, view it on GitHub https://github.com/aio-libs/aiosmtpd/issues/371#issuecomment-1479046872, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEDE7LOE7FTBU6E6ZVJ3GLLW5KUOHANCNFSM6AAAAAAWDD367E . You are receiving this because you were mentioned.Message ID: @.***>