Writing a Secure SMTP Server in Python
Email as a Platform
Some startups are beginning to see existing email protocols as a rich platform to develop applications on top of. This is cool, email is an incredible tool for communication and I don’t think it has ever been fully utilized. Hell, even my mom knows her email address (and she thinks I fix printers for a living).
Here’s a list of some companies doing some awesome stuff with email protocols:
- posterous.com
- fiesta.cc
- mailgun.net
- attachments.me *cough*
Building an Application on SMTP
There are a million options for quickly getting an HTTP-based web application off the ground. The options available for building applications on top of SMTP/IMAP/POP aren’t quite as mature (or, as the case might be, simply don’t exist).
Python, being the swiss army knife of programming languages, has an SMTP server in its standard libraries:
http://docs.python.org/library/smtpd.html
I’ve been using this as a starting point for rapidly developing applications on top of SMTP. Having said that, it was missing some features I wanted:
- There was no SSL support.
- The library dealt somewhat poorly with multiple concurrent requests.
- The library does not support AUTH.
Secure SMTPD
I have started a project that subclasses smtpd.py and adds support for SSL and AUTH. I have also changed the way in which new connections are handled (they are now forked), making the main process block less.
Other than that, Secure-SMTPD works pretty much exactly the same way as the standard library:
easy_install secure-smtpd
SSL SMTP Server
SSL SMTP Client
You can find and contribute to the project here:
https://github.com/bcoe/secure-smtpd
My goal is to create something that can act as a good foundation for rapidly prototyping rich SMTP-based applications that are: secure, fast, and simple.
— Ben (@benjamincoe)
