Closed yingshaoxo closed 1 year ago
All I need is to make sure if an email was sent from an IP that was owned by a domain the email claimed to be.
In another words, if it is a forged email, we directly drop it without processing.
I even think that you guys could make it an argument like: drop_fake_source_email=True
OK, thank you
On Wed, Mar 22, 2023, 3:42 PM Magnus Eén @.***> wrote:
Hi @yingshaoxo https://github.com/yingshaoxo ,
You can get the connecting IP address from the Sessions peer https://aiosmtpd.readthedocs.io/en/latest/concepts.html#Session.peer value. Once you have this, you can use any existing python SPF library (pyspf https://pypi.org/project/pyspf/for example) to validate the SPF result.
Best, Magnus
— Reply to this email directly, view it on GitHub https://github.com/aio-libs/aiosmtpd/issues/371#issuecomment-1479046872, or unsubscribe https://github.com/notifications/unsubscribe-auth/AEDE7LOE7FTBU6E6ZVJ3GLLW5KUOHANCNFSM6AAAAAAWDD367E . You are receiving this because you were mentioned.Message ID: @.***>
Here is an example:
https://github.com/sdgathman/pyspf#:~:text=The%20RFC%204408/7208%20compliant%20API
Without the auth, we can't really be sure who send an email, which could be dangerous.
And how can I get the source IP info of an email from
aiosmtpd
?