hi all, http://dev.rubyonrails.org/ticket/1290 (see my response at the bottom) Here''s what I think: -for mail broadcasts (generating + sending mail to big lists of customers/whoever), I think the use of an MTA is necessary and good practice -for single user-specific mails that are considered part of a program flow (I use the example of a new-user-registration verification email that contains a URL with a hash) it would be _far_ _far_ better to have a lightweight SMTP implementation in ruby that could attempt the delivery right in the app. This gives me a number of advantages, and a new tool: -SMTP user validation (I can ask an SMTP server if it will accept mail for an address, so I have much better validation than ''does this string look like an email address'' - instead I have ''this string looks like an email and I went and asked the MTA for example.com and it said... user account doesn''t exist - please check the spelling of your email address). -Immediate awareness of delivery problems. (If my delivery attempt fails when the user has posted to my registration form, I can return the form and say: hey, I tried to talk to your mail server but (domain didn''t exist / server said you don''t exist / mailbox was full / whatever) - please (do some appropriate thing to correct the problem) and try again. -Round-trip testing becomes a lot more convenient this way because you can (for example) make a unit test that registers, fetches mail from an account, pulls the activation url, visits it, and checks that the user can log in and their database record is what we expect given the post. Do people basically agree with these ideas? Am I insane? -- alex black, founder the turing studio, inc. 510.666.0074 root-16h2cdTTKgpzNNFeSAH1EA@public.gmane.org http://www.turingstudio.com 2600 10th street, suite 635 berkeley, ca 94710
On May 20, 2005, at 6:33 PM, alex black wrote:> -SMTP user validation (I can ask an SMTP server if it will > accept mail for an address, so I have much better validation than > ''does this string look like an email address'' - instead I have > ''this string looks like an email and I went and asked the MTA for > example.com and it said... user account doesn''t exist - please > check the spelling of your email address). > > -Immediate awareness of delivery problems. (If my delivery > attempt fails when the user has posted to my registration form, I > can return the form and say: hey, I tried to talk to your mail > server but (domain didn''t exist / server said you don''t exist / > mailbox was full / whatever) - please (do some appropriate thing to > correct the problem) and try again. > > -Round-trip testing becomes a lot more convenient this way > because you can (for example) make a unit test that registers, > fetches mail from an account, pulls the activation url, visits it, > and checks that the user can log in and their database record is > what we expect given the post. > > Do people basically agree with these ideas? Am I insane?I think you are insane :) 1. I fear the remote MTA that validates email accounts for you. Talk about spammer friendly. Do common MTAs actually do this? 2. Use sender and bounce addresses that invoke Action Mailer. Mail delivery is not synchronous; better to work with it rather than against it. 3. ActionMailer::Base.delivery_method = :test. Send the mail. Do your assertions against ActionMailer::Base.deliveries. You are unit testing your mailer, not the delivery mechanism. I''m confused why you want this feature. We have outgoing MTAs for a reason, and they are pretty much a requirement in today''s world of spam and phishing. Is setting up a mail server with SMTP AUTH for your developers really that bad? Or having them set their ISP''s SMTP config in a file included from environment.rb? There are some easy hacks to get the basic behavior you want which I indicated in earlier comments on your ticket. Perhaps sending to the MX of the recipient''s domain is enough. jeremy
> I think you are insane :)haha, at least you''re honest :)> 1. I fear the remote MTA that validates email accounts for you. Talk > about spammer friendly. Do common MTAs actually do this?Many do ;) Bust out a copy of telnet, go ''splorin. It''s interesting what these machines actually say when you say hello.> 2. Use sender and bounce addresses that invoke Action Mailer. Mail > delivery is not synchronous; better to work with it rather than > against it.Hm - I agree with the last part in theory, but really, on the wire, SMTP is just smaller bits with more back-and-forth: 220 ziji.turingstudio.com ESMTP - with nuke-spam special sauce EHLO fake 250-ziji.turingstudio.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250 8BITMIME AUTH LOGIN 334 dvsddda08uskj <BASE64 ENCODED USERNAME> 334 sdasnmvs990s <BASE64 ENCODED PASSWORD> 235 Authentication successful Mail From: hello-tuhUfRlbOb+gSpxsJD1C4w@public.gmane.org 250 Ok Rcpt to: enigma-16h2cdTTKgpzNNFeSAH1EA@public.gmane.org 250 Ok data 354 End data with <CR><LF>.<CR><LF> test message from command line . 250 Ok: queued as 15C7410F813B quit 221 Bye I can''t remember where the code list reference is, but it''s not rocket science..> 3. ActionMailer::Base.delivery_method = :test. Send the mail. Do > your assertions against ActionMailer::Base.deliveries. You are unit > testing your mailer, not the delivery mechanism.We''re doing that.> I''m confused why you want this feature. We have outgoing MTAs for a > reason, and they are pretty much a requirement in today''s world of > spam and phishing.Not in many large production installations I run or have run doing much $$$ throughput and mail-sending. Many of them do direct smtp-testing to verify users. It works, in production, on big sites.> Is setting up a mail server with SMTP AUTH for your developers really > that bad? Or having them set their ISP''s SMTP config in a file > included from environment.rb?No, I have one, I use it, I like that. I''m not saying that the concept of an external MTA should be dropped, I''m saying we need _another_option_ which is an internal ruby implementation of SMTP.> There are some easy hacks to get the basic behavior you want which I > indicated in earlier comments on your ticket. Perhaps sending to the > MX of the recipient''s domain is enough.It totally is ;) _a -- alex black, founder the turing studio, inc. 510.666.0074 root-16h2cdTTKgpzNNFeSAH1EA@public.gmane.org http://www.turingstudio.com 2600 10th street, suite 635 berkeley, ca 94710
* alex black (enigma-16h2cdTTKgpzNNFeSAH1EA@public.gmane.org) wrote:> > Perhaps sending to the MX of the recipient''s domain is enough. > > It totally is ;)Are you talking about writing a full queuing mail relay agent in Ruby? Things like greylisting and other temporary failures basically make this a requirement if you''re going to be sending mails yourself. Personally I''d be far more interested in built-in bounce/delay message handling in ActiveMailer than making the user wait while I mess about trying to send a mail to their SMTP server during a HTTP request, but.. *shrug* :) -- Thomas ''Freaky'' Hurst http://hur.st/
Jeremy Kemper wrote:> I think you are insane :) > > 1. I fear the remote MTA that validates email accounts for you. Talk > about spammer friendly. Do common MTAs actually do this?Yes. I do that. It cuts down A LOT on my spam processing. I''d rather 550 all of them instead of just deleting. This way someone that sends legitimate email to a wrong address at least knows that it is an inactive email address. Spammers, well, I don''t have too much of a problem with them (of 300 spams/day, only about 1 or 2 stupid ones get though to INBOX). But I do agree that MTA stuff should be handled by the MTA, not some Ruby script. - Adam