[admin update 2013-10-28: see the wiki section on email/smtp]
I'm developing a web application that upon completion of a task should send a mail. While debugging the module that handles the mail (via gmail) on the console, the mail is send. When accessing this module from the webapp, a "Network is unreachable" error is raised.
I have seen that mail for a free account is a reoccurring topic, but I have not seen this difference between console and web access mentioned before.
It's probably because gmail switch their IP addresses for mail servers quite often, so our iptables rules get to be out of date.. It should be fixed when we next bounce the servers.
To be honest, the only permanent fix for this is to pay for unrestricted internet. It's only $5, plug plug!
If I understand your mail correctly the console is running on a different server than the web-app? and therefore it works using the console but does not work using web access?
I can appreciate you wanting you customers/users to pay, but if a service that I need is also offered for free why should I? Just because you cannot guarantee this free service? That reason is just not valid enough. Don't misunderstand me, I'm not unwilling to pay for the service of PA, but for the right reasons.
But I still have to convince myself this way of coding is the best option for my project and the mail requirement part my project is still in development, after the test phase of the mail-module I might not need mail access until deployment of the project. At that time I will require the mail to go trough my own mail system anyway.
I can't comment on the difference between the web and console environments, but the problem Harry's referring to should only affect free account holders. Let me try to explain a little about the setup which will hopefully show why this is only a problem for free accounts, and explain the reasons for it. I should point out this is based on my own understanding and I'm not a PA dev - I'm just another user.
The problem is that free accounts are easily open to abuse, because there's nothing to stop someone registering quite a few different free accounts and using them to either attack or spam other websites and services. As a result, PA implements firewall rules which prevents outgoing TCP connections - this includes websites, email, SSH, everything.
Since it's useful to be able to make requests of certain sites, however, there is a proxy server supplied for free accounts which allows access to any website on the whitelist. This proxy server is specifically allowed in the firewall rules, so you can connect to it and then make requests of websites via it. Typically this is totally transparent as most HTTP libraries in Python will automatically make use of the proxy without any explicit configuration.
Email is therefore typically blocked, but since it's such a useful function there's another exemption in the firewall rules for Google's mail servers to allow sending of email via a Gmail account. Unfortunately this exemption is added via IP address and Google have a habit of changing their IP addresses frequently. The PA system attempts to keep the firewall up to date, but there's often some delay between Gmail changing the addresses and the PA system updating their firewall rules - this is because it's a complicated distributed system and it takes some time for these changes to take effect. This isn't a failing in a core PA service, it's just a difficulty of allowing access to Gmail's servers in a secure fashion, which is provided on a best-effort basis.
Paid accounts, on the other hand, don't suffer any of these restrictions - they can freely make outgoing requests to external sites, for HTTP, email or anything else. The firewall updates aren't an issue because there are no firewall rules. The proxy isn't an issue because you don't need to use the proxy. PA can afford to do this because paid accounts are much less open to abuse - if someone abuses other sites via PA, the devs have a lot more potential to block that user in the future than on a free account. They would, of course, only do this for genuine abuse such as DoS attacks on other sites.
I should also add that there's a 30 day no-quibble money-back guarantee on account upgrades - if you decide the service doesn't meet your needs within 30 days of upgrading, you can get a full refund on the first month's subscription.
Whether you upgrade is of course up to you, but hopefully that's explained how and why there are much fewer restrictions on paid accounts.
Hello Cartroo
Thanks for the explanation. The fact that it works with the console and not on the web-server still worries me, considerably. I would assume there is only one firewall........
As for the need of the firewall, I can agree that a free service needs to have restrictions to block abuse. That said, when services are offered, regardless if they are free or not, I would expect them to work under the conditions that they are offered. When services cannot be guaranteed under the free account conditions, I would not offer this service at all under these conditions.
Since this is not the first forum entry for this topic (and yes I have read the others as well) I hope that it will be solved, otherwise I can guarantee this will not be the last forum entry concerning SMTP and free account.
The 30 day no-quibble money-back guarantee option will only sponsor PayPal, and not benefit PA or me.
Besides coding in python, complaining is another hobby of mine :-)
I agree that it's an interesting data point, but I suspect PA doesn't use a single firewall, but instead uses the built-in Linux iptables firewall. That means each host would have its own set of rules. It's possible that the rules for Gmail specifically update on different hosts at different times, but that would be something the PA devs would have to comment upon. We shouldn't forget that we're still guessing slightly as to the cause of the problem - we'll see if it resolves itself when the servers next reset.
I can see where you're coming from re reliability of services, but personally I'd prefer that services like PA make a best effort to offer working features such as Gmail access, as opposed to simply disallowing it because it has periods of occasional downtime. Since Gmail access isn't mentioned anywhere in the official documentation (as far as I'm aware), perhaps it should officially be considered an unsupported feature - Gmail itself was officially "beta" for the first five years of its existence, for example.
I'm sure the PA devs would love to have the time to work on all these issues straight away, but I'm sure you can understand they focus their efforts on the features and reliability of the core hosting services.
harry
|
2710
posts
|
PythonAnywhere staff
|
