Thanks Brett, I was starting to go a little nuts.
>To a limited extent - also don't forget that the envelope sender and the >from header are different. This seems to imply that I can still change the from header (what I understand to be spoofing). I assume that companies like AddThis (a social media sharing widget), just change the from header. How can I do that through Django? Best, Ben On May 10, 10:22 am, Brett Parker <idu...@sommitrealweird.co.uk> wrote: > On 10 May 07:15, benp wrote: > > > > > > > > > > > Hi, > > > I'm new to mail servers. My issue is that I want to enable my > > website's users to email each other directly via their personal (often > > gmail) accounts. I've have the default Email backend set up and my > > settings file looks like this: > > > EMAIL_HOST='smtp.gmail.com' > > > EMAIL_HOST_USER='...@mycompany.com' > > > EMAIL_HOST_PASSWORD='mypass' > > > EMAIL_PORT=587 > > > When I try to send mail to a user with the send_mail() function, the > > sender naturally defaults to b...@mycompany.com, even when I add a > > "sender" argument to the function, such as b...@gmail.com. HOWEVER, > > when I add another user from my google apps account (i.e. > > h...@mycompany.com) to that sender argument, it does send override the > > default and send the mail from h...@mycompany.com. > > By default google's auth smtp service will rewrite the from header to > the authenticated user. I do not believe that there's a way to stop it > from doing so (you can add extra sender addresses to the authentication > account, but each of those will then get a "please confirm that we're > allowed to do this" mail.). > > > Now, an additional wrinkle is that when I add the option "auth_user" > > and "auth_password" arguments to the send_mail function (ie. > > b...@gmail.com + myotherpass), it also overrides the EMAIL_HOST_USER > > default. What this is suggesting to me is that I need to pass my > > gmail credentials to override the default. That's a problem for > > sending mail between users because I obviously don't have their > > passwords. > > > I know that you can spoof FROM fields and clearly there are > > webservices out there that send emails from any account to any > > account, without credentials. > > To a limited extent - also don't forget that the envelope sender and the > from header are different. > > > What am I missing here? > > Mostly that gmail *will not* allow you to send from an address that it > does not know you've got permission to send from. If you use thier auth > smtp service it *will* rewrite the from header. > > Thanks, > -- > Brett Parker -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.