separate authentication for IMAP and SMTP? - ios

I'm working on an iOS app through which user can read and send messages from his email account.
My question is that once user is logged in into IMAP server for reading mails, he has to login separately into SMTP server for sending mail? or the question can be vice versa, once he is logged in into SMTP server he have to login separately into IMAP server for reading email.

I'm not entirely sure what your question is, but yes. For IMAP/SMTP, the incoming and outgoing components are completely separate protocols, and don't even have to be on the same server (and often aren't: see imap.gmail.com and smtp.gmail.com), so yes, they need to be logged in to separately. Usually, they're the same username and password, but that's not even always true.

Related

Way to intercept emails on smtp docker (namshi/smtp)

I am looking for a way to test the email sending feature of our app. I have configured namshi/smtp docker image to act as an smtp server and our app is using this smtp server to send emails. We currently have a system that reads the email on the client side once its delivered, to verify we are formatting the email correctly. This is a bit unreliable since it involves an actual email being delivered.
So, I wanted to see if there is a way to intercept or read emails being delivered through this local smtp server. I checked the logs of the smtp server but as expected, it doesn't have any details of the email body or subject. Anyone knows anyway I could intercept these smtp requests somehow?
Or if there is a better way to verify email formatting as part of integration testing?
Heres a good source on how to use smtpd library in python to mock an SMTP server https://pymotw.com/2/smtpd/. Mock SMTP server and process emails through smtpd.SMTPServer.process_message

Rails emails SMTP validator gem high error rate?

For context: I already have a regex for format validation and MX check, and would like to add a layer of SMTP validation. I have tried 2 gems: email_verifier and Truemail, none of which seem to perform well. For example, Truemail gem: tested on 1081 valid emails (verified by sending a link and have the users click), 171 came out invalid => ~15% fail rate for various reasons: the mail server blocks SMTP call resulting in an error code, timeout (when I already configured the timeout limit to be 10s), some emails need to be verified twice to return true, etc.
I was wondering if there's a way to appropriately do emails SMTP validation in RoR, or should I resolve to other paid services (Snov , Truemail , etc) ?
It is likely that trying to connect directly to the smtp servers of the destination email domains from your Rails web server resulted in those servers rejecting your connection attempt as spam.
How were the 1081 valid emails sent originally? Most web applications don't send email directly from the Rails application server connecting to an SMTP server, but rather relaying through an SMTP relay or service such as AWS SES, Sendgrid, Mailchimp, etc. Those services would be configured better with correct SPF and DKIM DNS records for the IP addresses sending on behalf of the origin address and also likely have better reputations for the IP addresses they are originating from.

Implementing Mail Server using TIdSMTPServer

I have acquired the domain name - xyz.in from GoDaddy.com and also acquired the mail ID - info#xyz.in. And currently, I can able to send 500 mails by using GoDaddy.
So, I'm thinking to implement my Mail Server using Delphi - TIdSmtpServer. I found few samples but for sending mails how can I use the sender ID as info#xyz.in and send mails. As I need to send only mails, what are the other settings and please provide some basic sample code.
Thanks in advance.
SMTP is one-way, from sender to receiver. You cannot send emails with TIdSMTPServer, only receive them. Your SMTP server needs to store received emails as needed for you to retrieve them later, via POP3/IMAP, or whatever custom system you want to make.
When someone wants to send an email to you at info#xyz.in, they perform a DNS lookup of the MX record for xyz.in, then connect to that server and issue SMTP commands to deliver the email to the info mailbox 1. So you need to configure your domain's DNS MX record to point at the IP address of your SMTP server machine.
To send an email from your system to someone else, use TIdSMTP instead, so it can connect to and send the email to the other person's SMTP server. You can use TIdDNSResolver to lookup a domain's MX records to find the IP address(es) to connect to 1.
1: most users send an outgoing email through their ISP's own SMTP server and let it relay the email to each recipient's domain SMTP server as needed. And use their ISP's SMTP server to receive emails. This is easier for users to use and configure, and it is safer as it allows ISPs to implement security and anti-spam measures. So you may end up sticking with GoDaddy's SMTP server instead of running your own in the long run.

TIdSTMPServer OnMsgReceive event to redirect mail to other smtp servers

I'm using indy and I'm hosting a mail server. I'd like to make a secure connection to other mail (smtp) servers without username/password from my IdSMTPServer so that if my server receives an email that's got to go to yahoo or gmail for example I can redirect it successfully. I tried Remy's answer to this topic Using INDY SMTPServer - using IdSMTPRelay but it didn't work for me. I also tried using TIdSMTP to send the message but if I leave the username/password fields unassigned I receive the error Authentication required from the smtp servers i'm sending the mail to. The IdSMTPServer has self signed OpenSSL certificates assigned to it with the IdServerIOHandlerSSLOpenSSL component so I suppose I should be able to achieve SSL connection but I just don't know how.

Secure session login to server on phonegap

I have had a look around to try to get some info on how to create a secure login and session on a phone gap app for ios. I'm trying to talk to an online server via an api. Can anyone give some tips or some starting point?
Thanks
You just want a secure login or secure interactions between your client and server?
If you want a secure login i would recommend you to transmit your username and password via. HTTPS to the server. On server-side you check it and if its ok you respond a session-token and a session cookie. For the rest of the interactions you only send your sessoin-cookie to identify yourself. When the user turns off the app, and starts it again you check your token expiraton date, if its still vaild you send your token to the server instead of username + password (HTTPS again) to get a new session-cookie.
With this way you dont have to transmit your user-data all the time and the user does not have to login every time he starts the app. You could also achieve this behavour if you store username and password on phone but thats very bad practice. If you want a totally secure connection between client and server (like for payments and stuff), you have to do it all with HTTPS.
Basically you use standard web-technologies. This way to handle this is called Token-Authentication.

Resources