smtplib problem

Sheila King sheila at spamcop.net
Tue Feb 13 06:14:22 CET 2001


On Mon, 12 Feb 2001 19:34:35 GMT, matt at mondoinfo.com (Matthew Dixon Cowles)
wrote in comp.lang.python in article
<slrn98gemb.sn.matt at happy-hour.mondoinfo.com>:

:On Mon, 12 Feb 2001 06:48:20 GMT, Sheila King <sheila at spamcop.net>
:wrote:
:
:>Nice. And how does one do SMTP authorization? (There must be a way. I
:>see that the NNTP module includes authorization commands, but the
:>smtplib doesn't!)
:
:Sheila,
:Unfortunately SMTP authentication is a Big Mess. NNTP authentication
:is generally just a matter of sending a username and a password. It's
:described in a couple of hundred lines in RFC 2980. The information
:necessary to implement SMTP authentication is scattered through a
:stack of seemingly unrelated and difficult to follow RFCs (2104, 2195
:2222, 2554, and 2595, I think). Figuring out the right thing to do is
:no trivial task. So you wind up with a chicken-and-egg problem: Few
:SMTP servers implement authentication because few clients want to use
:it. Since few servers implement it, there's little reason for the
:authors of mail clients to implement it.
:
:I don't use it on my MTAs or MUAs. I just tell people to have ssh
:forward port 25.

Thanks, Matt. Hmm. Well, quite a few SMTP's do authorization of some sort. I
guess some do POP before SMTP, which is probably not handled by the MTA at
all?

Most Windows MUA's seem to offer SMTP authorization. I think, with the
increasing spam situation, and the need to secure open mail servers, that more
and more are using authorization.

If I were writing mail software, for general purpose (not just for myself), I
would probably need to include an authorization option.

I suppose, from what you've written, that if I'm really interested in this,
I'd have to start following some of the mail newsgroups. I guess that is a
project for some other point in my life, since I've not time right now! (Hey,
maybe by then they'll get a SMTP authorization standard ironed out and in a
single document, just to make MY life easier?) I had heard that SMTP
authorization is just a proposed standard at this point.

--
Sheila King
http://www.thinkspot.net/sheila/
http://www.k12groups.org/





More information about the Python-list mailing list