在Python中实现传输层安全--简单邮件客户端

Question

我的任务是编写一个简单的邮件客户端，并使用套接字连接到google smtp服务器(不使用smtp lib)。但是，向google smtp服务器发出MAIL FROM命令需要ssl或tls，而这是我无法理解的部分。因此，我正在尝试使用Python的ssl.wrap_socket()方法...

# Create socket called clientSocket and establish a TCP connection with mailserver
clientSocket = socket(AF_INET, SOCK_STREAM)
ssl_clientSocket = ssl.wrap_socket(clientSocket) 
ssl_clientSocket.connect((mailserver, port))

...which不工作。我非常确定我需要包括ca_certs和ca_reqs参数，但我不确定。如果是这样，我该如何着手获取这些证书？我必须下载openssl并生成一个吗？有谁有这方面的经验吗？为了安全起见，这里有完整的代码。

from socket import *
import ssl

msg = "\r\n I love computer networks!"
endmsg = "\r\n.\r\n"

# Choose a mail server (e.g. Google mail server) and call it mailserver
mailserver = "smtp.gmail.com"
port = 587

# Create socket called clientSocket and establish a TCP connection with mailserver
clientSocket = socket(AF_INET, SOCK_STREAM)
ssl_clientSocket = ssl.wrap_socket(clientSocket) 
ssl_clientSocket.connect((mailserver, port))

recv = ssl_clientSocket.recv(1024)
print
print recv

# If the first three numbers of what we receive from the SMTP server are not
# '220', we have a problem
if recv[:3] != '220':
    print '220 reply not received from server.'

# Send HELO command and print server response.
heloCommand = 'HELO Alice\r\n'
ssl_clientSocket.send(heloCommand)
recv1 = ssl_clientSocket.recv(1024)
print recv1

# If the first three numbers of the response from the server are not
# '250', we have a problem
if recv1[:3] != '250':
    print '250 reply not received from server.'

# Send MAIL FROM command and print server response.
mailFromCommand = 'MAIL From: wgimson@gmail.com\r\n'
ssl_clientSocket.send(mailFromCommand)
recv2 = ssl_clientSocket.recv(1024)
print recv2

# If the first three numbers of the response from the server are not
# '250', we have a problem
if recv2[:3] != '250':
    print '250 reply not received from server.'

# Send RCPT TO command and print server response.
rcptToCommand = 'RCPT To: macyali@gmail.com\r\n'
ssl_clientSocket.send(rcptToCommand)
recv3 = ssl_clientSocket.recv(1024)
print recv3

# If the first three numbers of the response from the server are not
# '250', we have a problem
if recv3[:3] != '250':
    print '250 reply not received from server.'

# Send DATA command and print server response.
dataCommand = 'DATA\r\n'
ssl_clientSocket.send(dataCommand)
recv4 = ssl_clientSocket.recv(1024)
print recv4

# If the first three numbers of the response from the server are not
# '250', we have a problem
if recv4[:3] != '250':
    print '250 reply not received from server.'

# Send message data.
ssl_clientSocket.send(msg)

# Message ends with a single period.
ssl_clientSocket.send(endmsg)

# Send QUIT command and get server response.
quitCommand = 'QUIT\r\n'
ssl_clientSocket.send(quitCommand)
recv5 = ssl_clientSocket.recv(I1024)
print recv5

# If the first three numbers of the response from the server are not
# '250', we have a problem
if recv5[:3] != '221':
    print '221 reply not received from server.'

Answer 1

您将连接到端口587，这是STARTTLS的端口。使用SMTPS时(即在任何其他通信之前包装套接字)，则需要连接到端口465而不是端口587。如果使用STARTTLS，则在使用STARTTLS命令并接收到对其的220响应之后包装套接字。在执行STARTTLS之后，您应该再次执行HELO，因为服务器应该会忘记STARTTLS之前发生的所有事情。

在这两种情况下，smtp.google.com端口465和587上的服务器仍然不会返回对MAIL命令的250响应，因为它们要求在发送邮件之前对您进行身份验证。相反，您将得到一个530响应。您需要使用带有gmail.com凭据的AUTH命令进行身份验证，然后才能在这些服务器上成功使用MAIL。

如果您不想进行身份验证，可以尝试使用gmail.com的MX记录中的服务器端口25。目前，服务器是gmail-smtp-in.l.google.com，支持STARTTLS。

Answer 2

 recv5 = ssl_clientSocket.recv(I1024) 

在端口号中有一个I，这是不是导致了这个问题？或者你已经把那部分修好了？