开发者

Server recommendations (smtp) [closed]

开发者 https://www.devze.com 2023-04-11 05:03 出处:网络
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical andcannot be reasonably answered in its current form. For help clari
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center. Closed 11 years ago.

I'm currently working on a quite small project. I'm basing my work on smtpd.py but slowly moving toward something completely different.

This is a smtp server. It currently receive and can relay mails. It's pretty straight forwards but I reached a point where i'm asking myself some questions.

smtpd.py use asyncore and asychat. The problem is that it is a single process using an async api. Everything works and I can go further without much problems.

The problem is that if the server is binded on port 25 it must be under the root uid. So here is the big problem. The idea behind the smtp server is that I can implement lots of things using python. I want to be able to access local users, databases or any data store possible. From hashes or anything currently supported by python or I can even add support for it if needed.

The thing is that I feel that having all this control using the root user is very unsecure... what if someone can do something and well endup with a root python shell...

So at first I wanted to create threads and set them a different uid using os.setuid but it doesn't seems to work or can be dangerous too.

My second idea: Accept connection then fork and change uid. I should be able to write/read the socket from the forked process and all should be fine.

The third idea was to have a proxy server that relay all messages to a local server that will himself handle the messages. The only problem with that is that if someone that isn't supposed to use my smtp server the proxy cannot auth or do anything since it's just a proxy with no actual access to anything.

I believe the fork is the most interesting solution.

Or may be there is something I haven't tought of yet.

Anyway thanks

--Edit--

Apparently if the process is started with root and once the socket is created, it is possible to switch to a different user using os.setuid. I guess it's not really portable but that's not a big problem for now. After searching trough the codes of Pyramid/Pylons/Paste I finally came accross that thing! The SocketServer module. And I'm probably going to use either ForkingMixIn or ThredingMixIn. It is possible to define the amount of threads etc.

In any case, for people who are wondering why I'm not using postfix, exim or qmail.. It is quite simple, I'm not really making a smtp server. The smtp protocole is pretty simple if you only implement the minimum required which is receiving emails, accepting or refusing recipient or sender etc.. Escaping the first "." of each new line because the RFC says that data ends with "\r\n.\r\n".

As I see it, python is more like building blocks. The idea isn't to make a smtp server (well I will surely implement ESMTP) but to make a "framework" to build your own server. The problem I have and I don't believe that I'm alone. Someone designed a config file and a way to configure postfix. It's hardcoded and doesn't fit all case. Making a server that fit all case isn't going to work either. It would probably get huge and ugly. The idea is to make it easy to adds parts you want on your server. If you want to use a database use the one you want with an existing module. Do your query and send back your results.

If you really want to define rules that apply to all domains or to certain domains or even usernames it should be possible to do.

I, for example, see a use case. Really strang开发者_Go百科e one but still. How easy would it be to setup that kind of setup on postfix using only one server. You have three domain. a.com, b.com, c.com.

a.com send all received mail to a maildir and to b.com with the same username. b.com send all received mail to a maildir and to c.com with the same username. c.com send all received mail to a maildir and to a.com with the same username.

No domain accept email that they already sent.

In other words

           a.com -> b.com -> c.com -x-> a.com
           b.com -> c.com -> a.com -x-> b.com
           ... 

The idea here is that the mail will get replicated accross multiple domains but it cannot get back to its owner. That kind of use case should be pretty simple. but what if all domain saves their mail in different locations or we want to save the mail every 2 bounce.

 a -> b -> c(save)
 a -> b(save) -> c
 a(save) -> b -> c
 already saved to C so stop the mail would be sent 9 times 


The title of the post doesn't appear to match the questions asked. Nevertheless, I can empathise with some of the issues raised and also the comments. In particular, I agree with Jim Garrison that this would be a useful learning experience to gain insight into SMTP and mail server principles. However, if the purpose isn't to learn, then it may be more pragmatic and more economic to use existing, well-tested and possibly more secure options. Worth considering are Lamson because you're already using Python, and alternative mail servers, in particluar Exim which offers very flexible and powerful configuration options and filtering. The developer and support communities for these applications is significant and they are both well-documented. You can then dedicate your time to solving problems specific to your project and not those which have already been tackled.


The answer to the question is to use ServerSocket. I'm going to use either the threading or forking subclass. It is quite flexible and can replace asyncore without fear. It is already being used by pylons, pyramid etc. But in my case it will handle smtp messages instead of http.

0

精彩评论

暂无评论...
验证码 换一张
取 消