Skip to content

Authenticating users

Jump to bottom
Andris Reinman edited this page Sep 7, 2016 · 3 revisions

By default connecting users are not authenticated. If you start allowing connections from outside the same machine (by default all listeners are bound to loopback) then you need to provide some kind of authentication as well. Authentication can be enabled with the feeder.authentication option and authentication requests are done over HTTP (feeder.authUrl option).

By default there is an option to use a single static username and password by setting the user and pass options in the feeder config object and leaving the authentication url unchanged. If you want to use a real authentication backend then you need to implement one yourself.

The request sent by ZoneMTA is a simple HTTP GET with Authorization Basic headers where username is the username provided by SMTP/API client and password is the password for that username. The service should check if the credentials are correct and if so, then return a 200 response. If the credentials are not correct, then thse server should return a non 2xx response, ie 401.

Example

Example authenticator in Express.js

var auth = require('http-auth');
var basic = auth.basic({
        realm: "ZoneMTA"
    }, function (username, password, callback) {
        callback(username === 'admin' && password === 'p2ssw0rd');
    }
);
server.get('/test-auth', auth.connect(basic), function(req, res) {
    res.send('Credentials accepted');
});
Clone this wiki locally