-
Notifications
You must be signed in to change notification settings - Fork 97
Authenticating users
By default connecting users are not authenticated. If you start allowing connections from outside the same machine (by default all listeners are bound to loopback) then you need to provide some kind of authentication as well. Authentication can be enabled with the feeder.authentication
option and authentication requests are done over HTTP (feeder.authUrl
option).
By default there is an option to use a single static username and password by setting the user
and pass
options in the feeder
config object and leaving the authentication url unchanged. If you want to use a real authentication backend then you need to implement one yourself.
The request sent by ZoneMTA is a simple HTTP GET with Authorization Basic headers where username is the username provided by SMTP/API client and password is the password for that username. The service should check if the credentials are correct and if so, then return a 200 response. If the credentials are not correct, then thse server should return a non 2xx response, ie 401.
Example authenticator in Express.js
var auth = require('http-auth');
var basic = auth.basic({
realm: "ZoneMTA"
}, function (username, password, callback) {
callback(username === 'admin' && password === 'p2ssw0rd');
}
);
server.get('/test-auth', auth.connect(basic), function(req, res) {
res.send('Credentials accepted');
});