On 10 May 07:15, benp wrote: > Hi, > > I'm new to mail servers. My issue is that I want to enable my > website's users to email each other directly via their personal (often > gmail) accounts. I've have the default Email backend set up and my > settings file looks like this: > > EMAIL_HOST='smtp.gmail.com' > > EMAIL_HOST_USER='b...@mycompany.com' > > EMAIL_HOST_PASSWORD='mypass' > > EMAIL_PORT=587 > > > When I try to send mail to a user with the send_mail() function, the > sender naturally defaults to b...@mycompany.com, even when I add a > "sender" argument to the function, such as b...@gmail.com. HOWEVER, > when I add another user from my google apps account (i.e. > h...@mycompany.com) to that sender argument, it does send override the > default and send the mail from h...@mycompany.com.
By default google's auth smtp service will rewrite the from header to the authenticated user. I do not believe that there's a way to stop it from doing so (you can add extra sender addresses to the authentication account, but each of those will then get a "please confirm that we're allowed to do this" mail.). > Now, an additional wrinkle is that when I add the option "auth_user" > and "auth_password" arguments to the send_mail function (ie. > b...@gmail.com + myotherpass), it also overrides the EMAIL_HOST_USER > default. What this is suggesting to me is that I need to pass my > gmail credentials to override the default. That's a problem for > sending mail between users because I obviously don't have their > passwords. > > I know that you can spoof FROM fields and clearly there are > webservices out there that send emails from any account to any > account, without credentials. To a limited extent - also don't forget that the envelope sender and the from header are different. > What am I missing here? Mostly that gmail *will not* allow you to send from an address that it does not know you've got permission to send from. If you use thier auth smtp service it *will* rewrite the from header. Thanks, -- Brett Parker -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.