Skip to main content

SMTP gateway API with PII column scanning, CIDR allowlist, and optional ADLS audit

Project description

SMTP Gateway (smtp-gateway)

Flask API that sends mail through an internal SMTP relay after checking caller IP (CIDR), bearer token, recipient domains, and PII column names in HTML bodies and CSV/HTML attachments. Optional audit to Azure ADLS and notification emails.

Install

Git is not required. See PUBLISHING.md.

From PyPI (after you publish)

pip install "smtp-gateway==1.0.0"

On VM without PyPI (copy wheel)

pip install /path/to/smtp_gateway-1.0.0-py3-none-any.whl

From project folder (no git, no PyPI)

pip install .

Local development

pip install -e .

Required configuration

Copy .env.example to .env on the server and set at least:

Variable Purpose
API_TOKEN Clients send Authorization: Bearer <token>
FROM_EMAIL Gateway sender address
SMTP_SERVER Internal SMTP host
ALLOWED_DOMAINS Comma-separated recipient domains

Startup fails if any required variable is missing.

PII blocklist and caller CIDRs

The package ships example JSON under smtp_gateway/data/:

  • blocklist.json — sample column names
  • allowed_cidrs.json — empty list (blocks all IPs until you configure)

For production, point to your own files (recommended):

export BLOCKLIST_PATH=/etc/smtp-gateway/blocklist.json
export ALLOWED_CIDRS_PATH=/etc/smtp-gateway/allowed_cidrs.json

Format: JSON arrays. Blocklist entries are strings (one column name per entry). CIDRs are strings like "10.0.0.0/24".

Without ALLOWED_CIDRS_PATH, bundled allowed_cidrs.json is used — empty [] means every caller gets 403 Forbidden IP.

Optional

Variable Purpose
SECURITY_ALERT_EMAIL / SECURITY_ALERT_CC Email on blocked requests
AUDIT_NOTIFICATION_EMAIL / AUDIT_NOTIFICATION_CC Audit copy per send/block
ADLS_ACCOUNT_NAME, ADLS_CONTAINER_NAME, MANAGED_IDENTITY_CLIENT_ID ADLS audit (skipped if unset)
GUNICORN_WORKERS, BIND Process count and listen address

Run

Production (HA — use behind a load balancer, 2+ VMs):

set -a && source .env && set +a
smtp-gateway

Equivalent:

gunicorn -w 4 -b 0.0.0.0:5000 'smtp_gateway.app:create_app()'

Local development (Flask dev server):

set -a && source .env && set +a
python -m smtp_gateway

Health check: GET /health{"status":"healthy"}.

API

POST /send-mail (multipart form):

Field Required Notes
to yes Recipient(s)
subject yes
body yes HTML (table headers scanned for PII)
cc no
file no .csv, .html, .htm only

Headers:

  • Authorization: Bearer <API_TOKEN>
  • Caller IP must match allowed_cidrs.json

Client checklist

  • Call from an allowed CIDR
  • Use allowed recipient domains
  • Avoid blocklisted column names in HTML tables and CSV/HTML attachments

Package layout

src/smtp_gateway/
  app.py              create_app()
  config.py           environment settings
  routes/             /health, /send-mail
  security/           CIDR, domains, auth
  pii/                extract, blocklist, matcher
  audit/              ADLS, email notifications
  data/               bundled example JSON

What you supply vs what is bundled

Bundled in package You supply on the VM
PII matching code Full blocklist.json via BLOCKLIST_PATH
Example blocklist Real allowed_cidrs.json via ALLOWED_CIDRS_PATH
Flask routes, audit code .env secrets and SMTP/ADLS access
smtp-gateway CLI Load balancer, systemd, managed identity + RBAC

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

smtp_gateway-1.0.1.tar.gz (13.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

smtp_gateway-1.0.1-py3-none-any.whl (16.7 kB view details)

Uploaded Python 3

File details

Details for the file smtp_gateway-1.0.1.tar.gz.

File metadata

  • Download URL: smtp_gateway-1.0.1.tar.gz
  • Upload date:
  • Size: 13.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.2

File hashes

Hashes for smtp_gateway-1.0.1.tar.gz
Algorithm Hash digest
SHA256 472218db3c220898a6827dc39724f832f0212ad39ec840aa839e8ca4a844f6ec
MD5 d2cb5aeb2dc12c8942f42e5b141f4d12
BLAKE2b-256 823da3c3cf8696462c827a459b61a2e4489da56ac607a279069fb35b9b0fabd5

See more details on using hashes here.

File details

Details for the file smtp_gateway-1.0.1-py3-none-any.whl.

File metadata

  • Download URL: smtp_gateway-1.0.1-py3-none-any.whl
  • Upload date:
  • Size: 16.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.2

File hashes

Hashes for smtp_gateway-1.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 2fdfe0749ef24defe097fb98da723a02bb00c6042c6a15ab47bf65ea83afc43f
MD5 c2e3f21bce316eb45fada0e8d4ecf09d
BLAKE2b-256 c376a37cd0d191dabeb3fb42e9483903653145f05f1f84328d8c2e93868b7823

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page