I have java web application to which I'd like to add emailing capabilities, however, I'm unsure what is needed to accomplish this. Specifically I want my app to be able to:
Send emails confirming sign-up
Allow users to send emails to one another, using my app's domain i.e. dan#my-app.com
From my research it seems I'll need a mail transfer agent (MTA) like Postfix and possibly a IMAP server like Courier; but I don't understand the need for the IMAP server.
Thanks.
You need code inside your web app to create and dispatch the email into the SMTP-world. Usually JavaMail is used for this, and you can either enclose it in your web application or (preferred) have the web container provide a correctly configured instance through JNDI. This is vendor specific.
If you do not have a SMTP-server for JavaMail to connect to (frequently this is Exchange for Windows shops), you can either get one running (ask your IT administrator) or use Google Mail or Hotmail or others if it is ok for your web application to send mail through them. It is a bit tricky to use GMail as a SMTP-server, but when set up correctly works very well.
You will need the SMTP-server, as it handles all the boring details regarding MX records and resending if the SMTP-server does graylisting, etc. etc.
Oh, and IMAP is for getting delivered mail, not sending mail. You don't need it.
If it's a Java web app, then the server part is a servlet. Given an email message sent from a client form, your server needs to send that text off as an email.
There's code in the Java EE stack to do this, or you can specifically download JavaMail. This will allow your programs to act as mail clients.
Your MTA receives messages from your servlet and sends them to the users. So far so good.
But you also need a postbox, i.e. the equivalent of a mail in-box for your users. Postfix, QMail and others offer a basic "flat" mailbox model, where mail is simply stored until the client picks it up, and then (usually) deleted. Access is via POP3. IMAP offers a lot more organizational capability, i.e. the ability to specify hierarchies of nested mailboxes, to transfer mails between them and so on. You probably won't want to create a GUI front end to all that complexity, so I'd guess you don't really need an IMAP server. You do, however, want a relatively simple POP3 server to allow your servlet to access the mailboxes via TCP/IP. This is usually part of the "standard" email server packages.
To have your own domain known to the world, you need access to the MX records of your DNS service, i.e. you have to set up one or two of your hosts, on an Internet-facing address, to be your post office.
Finally, if you want to save yourself a lot of trouble, be very careful in configuring your MTA (SMTP server) such that there is no chance for it being used as an open relay. i.e. it should not be possible for your users to send mail to the outside world in general (or hackers will find a way to abuse your Web interface to do this), and mail from the Internet should not reach your users. Most importantly, there should be no way for mail from the Internet to be forwarded to someplace else in the Internet. Find an open relay testing service (they're free) on the 'net and get one to run a test on your configuration once you think you're done.
EDIT:
Looking at Thorbjorn's answer, I realized you probably don't want your users receiving their mail through your app; they probably already have email providers and accounts of their own. In that case, you don't need to worry about inbox capability or a POP3 server. You could consider offering full email services at your domain but that's a very thankless job and if you have any choice, leave that dirty work to GMail, Yahoo, Hotmail and their ilk. Whatever service you provide will never please your customers enough, and you'll be fighting spam and other crime every day.
For starters your server has to have mailing abilities. In linux land sendmail is usually what this will be.
Additionally, check out javaMail.
http://www.oracle.com/technetwork/java/index-jsp-139225.html
Related
From a search, I can find a lot of similar questions to this but all of them seem as far as I can tell to have either been misunderstood or to not be quite the same as this question.
Presumably (maybe not but it seem unlikely) an email process/server knows which emails it holds a record of because they "arrived" and which it holds a record of because someone used SMTP or similar to tell the server to "send" an email out.
If a POP3 client retrieves lots of emails from the server and (we know from observation that) some of those emails are emails that the server was told to send out and some are emails it received, then is the pop3 server contravening the protocol because it provided for download, emails which were conceptually NOT in the "Inbox" or is it at liberty to send what ever it wants since POP3 has NO concept of folders and emails are emails.
Either way, is there an easy and robust way for the client to distinguish between these emails? Or is checking the from field against the account the best on offer? I believe pop3 messages support flags, some POP3 apis do, but perhaps servers are not obliged to make any guarantees, plus I don't see a very clear description of their meaning, so I don't if they can be consisently used to distinguish.
For implementation my preference is Java and com.sun.mail.pop3
I realize there is IMAP, but at this stage I'd like if possible to make a very small change to POP3 client implementation and look at switching to IMAP another time.
Thank you.
POP3 is a protocol to get the messages of your inbox. To send messages you use SMTP protocol.
In my understanding you contact the server using SMTP and deliver a message to the server. The server then delivers this mail to the corresponding target mail server and stores the message in that inbox.
On the other side you contact your own inbox using POP3 to receive the message that are stored in your inbox.
Thus there never should be any conflict between ingoing and outgoing emails as these are two different things and the servers supplying pop3 and smtp for your mailbox can be two total different servers on total different locations. Thus, within one mail server inbox and outbox should be two different storage locations.
"Conclusively distinguishing" depends on how/why the messages are being seen in POP3. A best effort type solution, though, would involve substring scanning the From field looking for what was provided in the USER command. If a token based authentication mechanism is being used, then you'll need to get an email identifier from whomever issued the token and look for that in From header.
As background, a basic concept in POP3 is called the "maildrop". Most people equate that to "Inbox" in IMAP terms, but it's not necessarily the same. For example, a message filtered at deposit time into a custom folder might show up in POP3's maildrop even though it doesn't show in Inbox via IMAP or Webmail. What goes into the maildrop and is therefore seen in POP3 can vary from implementation to implementation.
If a user only has POP3/SMTP and Webmail as their choices, they'll sometimes BCC themselves on sending to make sure a copy exists somewhere on the server so that they can access it via Webmail if needed. That's because very few SMTP implementations automatically save the message to the user's mailbox, and POP3 has no mechanism for saving the message anywhere but local to the user-agent. For those SMTP servers that do automatically save sent mail in the mailbox, they might just put it in the maildrop when it comes to POP3 servers.
please how to test sending email without real server in java knowing that email is send in a project A and I want to test sending in project B
Email cannot be "sent" without an email server.
Email is modeled after a physical mail system, with a few changes. The "sending" is the equivlent to the dropping the letter off at a post office. It is not possible to do point-to-point email.
Email clients then open their "PO Box" or "Mailbox" on the server, and perhaps (it is optional) then downloads the mail into the local machine.
In fact, the "sending" of an email is a number of back-and-forth communication with the email server using SMTP. Basically sending an email consists of telling the server hello, then asking about it's capabilities, and eventually asking it to validate addresses and accept a body (and optionally attachments).
So, if you really need to send a mail to a product in project B, and you cannot rely on a standalone server, you need to create a server in project B.
I think that you should consider mocking the mail sending. Depending on the frameworks you use, you should be able to find a good way to do it. Here is a blog illustrating a possible mechanism: http://blog.nutpan.com/2012/03/mock-testing-for-java-mail.html?m=1
You can also consider using a mocking framework like easymock or mockito to test it.
I'm using Java to send messages from Gmail with Apache Commons Email, but it seems like it doesn't allow me to send messages from an address different from the one that I use to authenticate.
How do you send messages from a different address using Gmail and Java?
Basically, you are looking for an SMTP server which will let you send a message by spoofing the From MIME header. Well, if you can't find a hosted SMTP server online, you can always install one locally on your box. This will allow you to modify the email address of the sender to make it appear as if it is coming from gmail.
As far as I'm aware you can't. That is what is called relaying. Relaying is what the spammers use to send mail pretending to be whoever. Its a security hole. If you want to send as someone else you need to create another account.
How do you send messages from a different address using Gmail and Java?
For gmail, you most likely can't ... for obvious reasons.
In the Java case, whether you can or can't do this depends on the mail server that your Java application connects to. A mail server typically can be configured to allow this, but it has obvious issues so a responsible mail server admin is not going to allow this, except in controlled circumstances.
I'm working on the Java backend for a Flash webgame - the client and server communicate using Action Message Format (AMF). A few weeks ago, another team in our company had their product hacked by a user who decompiled the Flash client, and used an altered version to flood the backend with bogus requests. We want to prevent this kind of attack in our new game.
(More details: webserver used is Tomcat, AMF client is BlazeDS.)
I'd like to know what the best way to prevent this kind of attack would be. Some ideas I had:
the nginx configuration seemed like the best place to handle rate limiting, but I cant find any resources on how nginx interacts with AMF. Do the AMF requests just get sent straight to Tomcat?
most requests involve a userId param for the relevant user. Rate-limiting requests involving overused userIds might be one approach - however, an attacker who just wants to flood the server could easily spam random userIds.
doing the same as above but using IP addresses in place of userIds could work. However, I can't tell if it's possible to get the IP address from an AMF request.
Your Java application should pass unique identifier to the firewall of host operating system and block that client. With this action you would be able to prevent your application from working on things that it isn't supposed to do (being a firewall).
How could one go about accessing email without interfering in any way that would be visible to a user with standard email clients such as Thunderbird?
P.S: I've marked this as both java and language-agnostic so the approach can be described in general steps or detailled programatically.
You would like to access the mail server directly over network programmatically. You only need to know the address (URL) of the mail server (usually in flavor of smtp.domain.com), the port number (usually 25) and the login username and password (the one of the existing mail account at the mail server).
In low-level, you need to know socket programming. In Java, there's the java.net.Socket API for this. Also see this tutorial. To communicate with a mail server you need to learn the SMTP or IMAP protocols, depending on what the mail server in question understands, to send/retrieve commands as bytes over the socket accordingly.
In high-level, you can use a more convenient API which doesn't require you to understand the low level specifics (which may be pretty complicated and verbose). In Java, you can use the JavaMail API for this. It has an excellent FAQ with a lot of code examples.