I've built a Python app on Google App Engine which primarily handles incoming mail and does interesting based upon the email address at which the email is received.
I would like to use a custom domain for receiving emails as <some text>#<my app name>.appspotmail.com is rather cumbersome.
Unfortunately I've been unable to figure out how to get this setup. I've gleaned from questions like this one: Custom Incoming Mail Domain With Google App Engine that there is no way to enable this directly in Google App Engine but that using some sort of DNS trickery--probably related to MX records--that I'll be able to forward the emails sent to <arbitrary string>#<custom domain> to the real address at <arbitrary string>#<my app name>.appspotmail.com.
Can someone explain how to do this? I think the basic problem would be my lack of knowledge with regards to DNS, but may also be associated with the particular restrictions associated with DNS and GAE apps.
The solution presented in this question: Directing email for a domain to AppEngine email receiving service? works explicitly for domains hosted by providers with the cPanel control panel, is there a more generic solution?
It's nothing to do with "DNS trickery". You simply have to use a regular mail service - Google Apps will do - that can be configured to forward all incoming mail to a specific address, namely any address your app can receive email on. Your app can determine the original 'To' address by examining the headers.
Related
Am confused why emails sent by my appengine app are not being signed with DKIM.
Enabled DKIM signing on Google Apps dashboard. Confirmed that my domain is "Authenticating email"
Have setup DNS TXT record using the values indicated in the apps domain. Have confirmed, using 3rd party validation tool, that the DNS is correct. Also, I assume that having a green-light indicator for authenticating email in my Google Apps domain means this record has been validated by Google Apps.
Email-send is being triggered by a click by a user browsing my application via my custom url. The custom url matches the domain for the return address of the sender. The sender return address is an owner of the account.
As far as I know, these are the requirements for emails to be signed automatically. Yet, alas, they are not being signed. Any help or ideas will be greatly appreciated. Thanks -
How long ago did you create your DNS TXT record? Since DKIM is a DNS controlled service, and DNS often takes up to days to propagate across the Internet, you may need to wait for that to happen before Google will recognize it as valid.
I have a website which uses Amazon EC2 with Django and Google App Engine for its powerful Image API and image serving infrastructure. When a user uploads an image the browser makes an AJAX request to my EC2 server for the Blobstore upload url. I'm fetching this through my Django server so I can check whether the user is authenticated or not and then the server needs to get the url from the App Engine server. After the upload is complete and processed in App Engine I need to send the upload info back to the django server so I can build the required model instances. How can I accomplish this? I was thinking to use urllib but how can I secure this to make sure the urls will only get accessed by my servers only and not by a web user? Maybe some sort of secret key?
apart from the Https call ( which you should be making to transfer info to django ), you can go with AES encryption ( use Pycrypto/ any other lib). It takes a secret key to encrypt your message.
For server to server communication, traditional security advice would recommend some sort of IP range restriction at the web server level for the URLs in addition to whatever default security is in place. However, since you are making the call from a cloud provider to another cloud provider, your ability to permanently control the IP address of either the client and the server may diminished.
That said, I would recommend using a standard username/password authentication mechanism and HTTPS for transport security. A basic auth username/password would be my recommendation(https:\\username:password#appengine.com\). In addition, I would make sure to enforce a lockout based on a certain number of failed attempts in a specific time window. This would discourage attempts to brute force the password.
Depending on what web framework you are using on the App Engine, there is probably already support for some or all of what I just mentioned. If you update this question with more specifics on your architecture or open a new question with more information, we could give you a more accurate recommendation.
SDC provides a secure tunnel from AppEngine to a private network elsewhere -- which could be your EC2 instance, if you run it there.
I have a python GAE app that sends emails like in the example using the address of a registered administrator for the application as the "sender" address. When an email arrives from such an API call, here's a pic of the attached warning.
This message may not have been sent by: EmergencyButtonApp#gmail.com
Learn more Report phishing
Am I doing something wrong? None of the 3 options mentioned in the "Learn More" link are relevant I believe: the sender is a gmail address so the "SPF and DKIM authentication" solution isn't relevant, I'm not sending to a mailing list and I'm not using SMTP (I think, though maybe GAE is...).
Assuming you're seeing this in production, it's probably because you're claiming to be from a gmail address, but sending via App Engine. Use one of your app's email addresses as the sender (foo#yourapp.appspotmail.com) and it should work fine.
I think the best solution is to use Google's SMTP servers... It's the best way to not be considered as a spammer.
I'm looking to send many emails via Python and would like to connect to Google's email servers to send it from my company email address (it's for work). I've got working code for sending the email through the old company email (user#work.com) which is our login, but can't figure out how to send it through the alias (user#betterdomain.com) we use frequently.
Long story short, logging in with my regular Google Apps account won't do and I need to sign in with an alias (nickname) instead. Alternatively, I can sign with the regular account (user#work.com) but send via a different email (user#betterdomain.com).
Working in python and pretty new to programming, but am a good listener! (It's like this question: Google Apps - Send email from a nickname but in Python).
If I understand properly, what you are trying to do is get the Google App Engine send an email on behalf of logged in user, who is using his Google Apps Account name to login. Is it right?
In that case, the mail API for App Engine informs about the mail.send_mail() wherein From: address can be the current user if signed in with Google Accounts. If this is not what you are looking for, some clarification might be required.
GAE supports both incoming and outgoing emails: http://code.google.com/appengine/docs/python/mail/
Have any open source email clients been written for GAE? Something that handles encoding issues, attachments, grouping by conversations, etc.
The Google App Engine SDK can send and receive email; however, there are certain limitations in place that would prevent an actual email client from being built:
The App Engine receives email at the following address: string#appid.appspotmail.com
http://code.google.com/appengine/docs/python/mail/receivingmail.html
The problem I see with this is that you would need to have your users setup forwarding rules in their Google Accounts so that incoming mail is forwarded to your app using the above format. This means that they would need to rely on another email service, which would beg the question of what value yours would add over top of the existing service.
Sending is not quite so bad. The Google App Engine App can send mail on behalf of users logged in with their Google Account, so one could build an outbound email client using a user's Google Account.
http://code.google.com/appengine/docs/python/mail/sendingmail.html
For receiving mail, there are instructions here on how to do that by forwarding mail from an existing email client. It is currently not possible to use your own domain to receive emails without forwarding:
Custom Incoming Mail Domain With Google App Engine
In summary, to answer your question, if someone has built an email client on App Engine, they have not made it public or done enough marketing to appear in search results. Even so, their implementation would be subject to the limitations described above.
If you are looking for a general purpose Web-based Email client like Horde to run on the App Engine I'd say you are out of luck yet.
GAE blocks all incoming and outgoing RAW Socket traffic; to access the outside cloud you need to use the URLFetch API, and it only allows you to access HTTP websites. So you can't talk POP3 or IMAP from your app, nor you can listen to SMTP traffic.
You'd need some intermediate service that relays POP3 or IMAP through an HTTP web service running on a server outside GAE, like a VPS, EC2, Rackspace, etc.
I ended up writing my own helpdesk style app on GAE, with some basic email functionality. Working well so far.