Is it possible to build a custom SMTP server on Google App Engine to listen for incoming email, using the Python smtpd module?
App Engine's hosted and custom runtimes are meant for HTTP traffic (ports 80 and 443). You will not be able to receive traffic on the ports necessary to operate an SMTP server.
In fact, ports 25, 465 and 587 are blocked for outbound connections across all of Google Cloud. Instead, you can use an external service such as SendGrid, Mailgun, or Mailjet: https://cloud.google.com/compute/docs/tutorials/sending-mail#choosing_an_email_service_to_use
(This article is about sending email but these services allow you to receive email as well.)
Related
Is it possible to deploy a node.js app on Cloud Foundry that listens for HTTPS requests on port 443?
Well, the good news is that you don't have to do that. The Cloud Foundry platform takes care of it for you.
All you need to do is push your app and assign a route to the app. Your platform operations team will already have everything set up so that traffic for both HTTP and HTTPS routes through to your application.
The only thing you probably want to do in your application is to look at the x-forwarded-proto (should be http or https) or x-forwarded-port (80 or 443) header. You can use this to determine if the client's connection was over HTTP or HTTPS, and if it's HTTP then issue a redirect to ask the client to connect over HTTPS (this force clients to use HTTPS).
You can read more about this in the docs at the following link:
https://docs.cloudfoundry.org/adminguide/securing-traffic.html
Having said all that, if you really want to control the certs for some reason you can do that. You would need to map a TCP route to your application. This will enable TCP traffic to flow directly to your application. Then you can configure your application as an HTTPS endpoint on the mapped TCP route and port.
Some notes about this:
You will almost certainly end up with some high numbered port, not 443. The platform will have a pool of available ports, which is configured by your operations team, and you are limited to using only those ports.
The platform and buildpacks will not help set up TLS, you will need to handle that all on your own. The good news is that it should work exactly the same as if your app were running on a VM or your local laptop.
You will need to create your own TLS certs and push them with the application. You can probably use Let's Encrypt, but you may need to obtain these through your employer, if you work for a large company.
I am developing a simple chatbot using the DialogFlow agent and using the web interface to communicate to the agent.
I want to bind it to the existing web portal which runs behind a firewall. So, my question is on which port numbers does the Dialog Flow agent communicates with so that I can open those specific ports on the firewall.
You specify this in your Fulfillment webhook call. Otherwise HTTPS defaults to 443, and http to 80.
https://yourdomainname:port/url
https://yourdomainname.com:5000/webhookpageserverurl
(will open up to port 5000)
Training
http://www.webreference.com/html/tutorial2/2.html
I am building a web app using node.js and the azure web app service. My node.js server is supposed to accept UDP data from client devices, but I am having difficult time setting this up.
Does any form of azure web app service accept data from ports other than TCP 80 and 443? Can an azure web app linux docker container be setup to accept data from a specific UDP port?
Azure App Service is restricted to TCP 80/443. See Express Applications throwing 500 on azure.
If you need to listen on a port different from 80/443, you'd need to deploy to a Virtual Machine which supports any TCP/UDP ports.
I'm developing a security system. It has a proxy server acting like a ssl termination using Nginx which will forwards all tcp/ip connections from clients to other third-party systems.
The client-proxy connections must be authenticated and securely encrypted by ssl.
And my problems is:
Each client is a computer which installed Windows 7 OS or higher. It has been installed with some third-party applications which cannot be interfered. For the better user experience, all clients' tcp/ip outbound requests from any applications must be transparently "converted" into (or "wrapped" in) ssl requests before coming to proxy server. And my first idea is to develop a network driver to access these requests using windows api, namely WFP(Windows Filtering Platform). I have read its online documentation but it's not easy to understand. Can you have to find some projects like this or tell me which sections in the documentation need to be focused? Thank you in advance!
Your issue is a bit unclear but here are my thoughts:
You want to have full encryption between the End User Client to the App Service.
Current:
Client --(443: TLS)--> NGINX --(Clear; Port 80)--> App Service
(Terminate TLS)
Change:
Client --(443: TLS)--> NGINX --(TLS; Port 443)--> App Proxy -(Plain; 80)-> App Service
(Terminate TLS) (Nginx with self-signed Cert)
The change is to add an additional Nginx server on the app server to provide the last layer of TLS between the load balancer and the App Service.
If your App service has the capability to serve SSL connections directly that's even better as you can just configure that in place of running an additional Nginx server on the app host. (If you wanted you could run apache or any other web server that supports proxy/load balancing capabilities)
If you are worried about the App Service port, it won't make a difference, the idea is that the App Proxy (being Nginx or the likes) will handle the encryption on a different port to then pass via localhost to the App Service (in plain text).
Additional Resources:
Can Nginx do TCP load balance with SSL termination?
https://serverfault.com/questions/978922/nginx-proxy-pass-to-https
https://reinout.vanrees.org/weblog/2017/05/02/https-behind-proxy.html
https://nginx.org/en/docs/http/ngx_http_ssl_module.html
I have a site hosted on Windows Azure and currently I am using SendGrid to send emails. However, we have Mimecast as our email provider and it is marking all emails received from SendGrid as spam.
Is there a way to use Mimecast as the SMTP Relay service from my Windows Azure application?
Well,
Azure as such does not apply any restriction on the outgoing traffic (beside some bandwidth throttling based on the Size of the VM you are running on, but this quite generous). So in practice you can use any SMTP relay service.
Whether you can use Mimecast specifically, you shall turn to Mimecast support or products page. But there is nothing in Azure that would stop you from using this or that service (any service).
And Yes, you can use System.Net.Mail.SmtpClient or any other Smtp Client library to talk to external SMTP Service. Whether that external SMTP Service will accept your connection or not, is not subject to any kind of Azure limitation, but sole decision of the service you chose to use.
You should raise a ticket with SendGrid so they can manage this situation. The reason SendGrid is provided is to precisely avoid your mail being marked as spam. You will be unlikely to see any successful mail delivery if you route SMTP traffic directly from an Azure host to a receiving SMTP server.