I want to build an service that for user account sign up.
The request send a POST request with JSON to /users/ and the result will be a message indicate action failure or success with an email vi SMTP to user input email.
As I test my function, I see that the response take a (quite) long time for sending the email.
I decided to send the email by an other thread and return 202 status code so the response will return to user quickly.
My question:
I'm doing it right?
If not, what is the better way?
Thanks!
This is the right way. HTTP 202 Accepted is the correct code to implify a started asynchronic process which does not require the HTTP User-Agent to wait for completion.
Only problem I see is invalid email addresses from user input. You should at least check the syntax validity against Email address specification (RFC 5322) or other methods. One step up would be validate the email address existence from SMTP server and maybe respond with HTTP 400 Bad Request in case of email address not found.
Related
I need to capture users email reply.
EXP: after receiving an email,if user is replying to that email, I need to capture user replied or not using AWS SNS can anyone help me.
No, you can not capture use email reply directly with SNS, you can not publish to SNS from email, but one way to do that is to have email listening server, receive email and publish email back to SNS.
You can use mailin, process the receiving email, it also support webhook, At this point, Mailin will listen for incoming emails, parse them and post an urlencoded form multipart/form-data to your webhook url.
Mailin is an smtp server that listens for emails, parses them and
posts them as json to the url of your choice. It checks the incoming
emails dkim, spf, spam score (using spamassassin) and tells you in
which language the email is written.
High-level look can be
I am trying to send email message to a specific email address via the aws pinpoint. My from email address is verified. However, whenever I try to send the email it gives me an error "Failed to submit email message to ". I don't understand where am I going wrong with this.
#Krishna gave the right clue, however to be precise, all of the following must be true:
Your From email address is verified in Amazon Pinpoint/SES.
Either your To email address(es) is verified, OR you have requested Sending Limit Increase specifically for Amazon Pinpoint, not just SES.
In my case it was problem no. 2, I have increased my sending limit for SES but not Pinpoint yet. Amazon treats them somewhat differently, however the error message it gave me was totally undecipherable:
Message not sent: We weren't able to send your email message to someemail#gmail.com. Request Id 982 : Failed to send message.
Specifically, check the Pinpoint project's right sidebar here:
By default Pinpoint provides an sandbox environment.
In order to send emails you need to white-list your from email address as well. ( i.e. got to SES and verify the from email id as well)
You should them be able to send emails via Pinpoint.
The receiver should acknowledge to terms and condition that AWS can send automated emails.
I'd like to send email to third parties on behalf of users. The key is for the user's email to show up as the "from:" email.
I've tried using send_mail with the user's email as the from_email, but to no avail. When I used gmail's servers to send the message, the third party sees the EMAIL_HOST_USER as the "from:" email. And when I tried using namecheap's mail server, I got SMTPRecipientsRefused: {u'<to email>': (553, '5.7.1 <from email>: Sender address rejected: not owned by user <EMAIL_HOST_USER>')}.
If possible, I'd like to avoid asking for their password as well.
Short answer: You can't do that.
Back in the old days, mail servers used to be quite relaxed about posting mail whenever anyone asked them to, but then SPAM happened and people realised that it was actually quite important to check that the person sending an email is actually the person whose address appears in the From: header.
There are now several mechanisms in place that make it very difficult to spoof a sender email address. These include:
Sender Policy Framework (SPF): An email validation system that works by placing restrictions on the IP addresses authorised to send email from a particular email address. If you try sending email from an IP address not associated with the legitimate owner of an email address, your mail will be rejected.
DomainKeys Identified Mail (DKIM): A method for confirming that emails claiming to have originated from a particular mail server really did originate from that server.
Mail transfer agent restrictions: These days, most MTAs are configured to only accept emails from people who it already knows. (This is why you're seeing a Sender address rejected: not owned by user error message).
Instead, your best option — essentially your only option — is to put your own email address in the From: header, and send the email from your own mail server. If you want the reply to go to someone else, add a Reply-To: header containing their email address.
If you are using Exchange, you might be able to use a library such as Exchangelib, in which the author seems to have been inspired by some of Django's design decisions. Unfortunately, it does look like you will still need to ask for the user's password. I'm going to be looking into this further later on, and since I use LDAP authentication to the Django project, perhaps there is some way to use that to authenticate to the email server, but I have my skepticism.
See this question:
https://serverfault.com/questions/546255/sending-email-with-python-django-through-microsoft-exchange-imap
I am writing a simple protocol for a basic chat program.
my question is: once the client has authenticated by providing username and password, should I also ask the client to provide a token in it's following packets? or is it sufficient to keep it's authentication status in a table at server and never expect the client to prove it till it disconnects and reconnects?
You should not demand for authentication for any further messages after client has given correct credentials. If your suspect, each and every message should contain authentication information, and in this implementation you need not to authenticate via "login" - just demand security information on each message.
After successful login, the only case you may demand user credentials is when updating the client's information (by client itself), which includes changing password and other "user" information. You must ask for password when "change password" request is initiated.
Ensure that authentication is having some encryption attached, so that no one can intercept the message. You may also have some key (like few bytes string), that you can validate for each incoming message to ensure the message is coming from correct client (this as per your original design, not for the alternate design I given in first paragraph).
How can i get django send_mail result of email send. I run it local, i do send_mail to my email, and it return True, but letter not sended (because i have not any smtp set). But result is True. How to get real result?
Django uses exceptions to handle email sending problems. The value returned by send_mail is the number of emails that were sent.
If you're not getting an exception, it could be one of a number of things:
You have fail_silently set to True (default is False)
You're using a different email backend (smtp is the default for 1.2+, the only option for earlier versions)
The mail is actually being sent, but something else is wrong (email server, bad email address, spam folders, gmail self-sent mail hiding etc)
Use django-mailer. It puts the emails in the database and uses a cron-jobbed management command to send it out. It will help you track this issue down, improve your app response time, and also make your life easier.
I would also suggest to use exceptions to find out whether email was sent or not.
If you haven't time or option to set up an email server I would suggest to use django+gmail. U can create a 'fake' gmail account (create another one if you already own gmail-acc, it could be 'baned') and use its SMTP as a opportunity to send emails, even if you're working with django's development server (localy). How to is here