smtp tapu ahmed jeremy nunn. basics responsible for electronic mail delivery. responsible for...
TRANSCRIPT
SMTPSMTP
Tapu AhmedTapu Ahmed
Jeremy NunnJeremy Nunn
BasicsBasics
Responsible for electronic mail Responsible for electronic mail delivery. delivery.
Simple ASCII protocol that runs on Simple ASCII protocol that runs on top of TCP/IP.top of TCP/IP.
Uses reserved port number 25.Uses reserved port number 25.
SMTP ModelSMTP Model
You want to send an E-Mail from A to B.
Both A and B are simple workstations.
A B
We will first attempt the destination server to see if it will accept mail.
A
Port 25
Server B
If server can accept mail, the client submits.
If, server is busy, client will cancel connection and try again.
A submits source and destination. If both are valid, server gives the go-ahead signal
A B
Our goal is to send a mail from A to B
Step 1
Step 2
Step 3
Send Req
ACK
A Local Mail Server
Send Mail
ACK
A
Local Mail Server
will store and queue
Local Mail Server
DNS QueryDNS Server
Reply with IP address resolution
Step 4
Step 5
Step 6
Server A Server B
REQ
ACK
Server A Server B: receive/stor
e
Send
ACK
Server B B
Ring
ACK
Optional
SMTP protocol exists here, between the two servers and their “jumps.”
The exchange of mails using The exchange of mails using TCP/IP is performed by a TCP/IP is performed by a message message transfer agent transfer agent (MTA). (MTA). – An MTA is responsible for routing An MTA is responsible for routing
mails to their proper destinations.mails to their proper destinations.– MTA uses the Mail Exchange (MX) MTA uses the Mail Exchange (MX)
record from a DNS server to record from a DNS server to determine location.determine location.
In essence, the SMTP protocol In essence, the SMTP protocol describes how two MTAs describes how two MTAs communicate with each other communicate with each other using a single TCP connection.using a single TCP connection.
Sending Host
User A Queue
Local MTA
Local MTA
Local MTA
Relay MTA
Relay MTA
Local MTA
Local MTA
User BUser
Mailboxes
Local MTA
Receiving Host
Across the internet
Queue of mail
Queue of mail
Topics for SMTPTopics for SMTP
SMTP DescriptionSMTP Description– Primarily RFC 821 and 822Primarily RFC 821 and 822– Message formatsMessage formats– ExtensionsExtensions
SMTP ApplicationsSMTP Applications– PurposePurpose– OperationsOperations– Unique problems encountered.Unique problems encountered.
Topics for SMTP Topics for SMTP continuedcontinued
Security and performance issuesSecurity and performance issues– HackingHacking– End-end delivery system End-end delivery system
performanceperformance– Spamming issuesSpamming issues
Looking AheadLooking Ahead– Future standardizationsFuture standardizations
RFC 821RFC 821
A Description of SMTPA Description of SMTP– Objective is to deliver mail reliably Objective is to deliver mail reliably
and efficiently.and efficiently. Points of interestPoints of interest
– Mailing/sendingMailing/sending– ForwardingForwarding– RelayingRelaying– Opening/closingOpening/closing
SMTP ProcedureSMTP Procedure– MAIL commandMAIL command
Clear buffer and get ready to receive Clear buffer and get ready to receive mailmail
Gives sender IDGives sender ID
– RCPT commandRCPT command Gives receiver informationGives receiver information
– DATA commandDATA command Send the dataSend the data
S: MAIL FROM: S: MAIL FROM: [email protected]@yahoo.com R: OKR: OK
S: RCPT TO: S: RCPT TO: [email protected]@yahoo.com R: OKR: OK
S: RCPT TO: S: RCPT TO: [email protected]@yahoo.com R: ERROR; no such user hereR: ERROR; no such user here
S: RCPT TO: S: RCPT TO: [email protected]@yahoo.com R: OKR: OK
S: DATAS: DATA– send mailssend mails– Ending signatureEnding signature
R: OKR: OK
RFC 821 also provides:RFC 821 also provides:– VerificationVerification– SMTP commands and syntax structureSMTP commands and syntax structure– State diagramsState diagrams– Sequencing of commands and repliesSequencing of commands and replies
Extensions:Extensions:– RFC 1869RFC 1869
EHLO commandEHLO command
– MAIL, RCPT, DATA can all receive MAIL, RCPT, DATA can all receive additional values.additional values.
RFC (2)822RFC (2)822
Describes message formatting for SMTP.Describes message formatting for SMTP.– RFC 822 is the standard for the format of RFC 822 is the standard for the format of
internet text messages.internet text messages.– RFC 2822: new standardRFC 2822: new standard
Points of interestPoints of interest– Message specificationsMessage specifications– Date/time specificationsDate/time specifications– Address specificationsAddress specifications– Different RFC extensionsDifferent RFC extensions
Limitations:Limitations:– 998 character/line max. 78 min.998 character/line max. 78 min.– Only ASCII charactersOnly ASCII characters
Header:Header:– Composed of a field nameComposed of a field name– Terminates by a “:”, and ends with Terminates by a “:”, and ends with
CRLF.CRLF. Address Specification:Address Specification:
– Individual or an entire mailboxIndividual or an entire mailbox– Occurs in multiple fields to indicate Occurs in multiple fields to indicate
sender or receiversender or receiver
Date and Time SpecificationDate and Time Specification– Must be semantically valid.Must be semantically valid.– Added on through numerous Added on through numerous
headers.headers. Extensions:Extensions:
– RFC 2045 and 2046RFC 2045 and 2046 Describe mechanisms for transmissionDescribe mechanisms for transmission
SMTP ApplicationsSMTP Applications
Several SMTP applications exist, too numerous Several SMTP applications exist, too numerous to enumerateto enumerate
qmailqmail– Configuration is “unique” (one file to one config Configuration is “unique” (one file to one config
value)value)– Places many files in the root of your systemPlaces many files in the root of your system– Awkward license prevents distributing modified Awkward license prevents distributing modified
source or binariessource or binaries– Developer/owner is a busy guyDeveloper/owner is a busy guy
sendmailsendmail– Past and current versions (8) have been notoriously Past and current versions (8) have been notoriously
insecureinsecure– Remote root exploits, etc.Remote root exploits, etc.
SMTP ApplicationsSMTP Applications
PostfixPostfix– Uses sensible defaultsUses sensible defaults– Good security track recordGood security track record– Easier to configureEasier to configure– Can query LDAP to pick up new/modified Can query LDAP to pick up new/modified
usersusers Microsoft ExchangeMicrosoft Exchange
– Very easy to use on a Windows networkVery easy to use on a Windows network– Integrates with Active Directory (uses LDAP)Integrates with Active Directory (uses LDAP)– Not the best securityNot the best security
Security and Security and PerformancePerformance
Who needs security?Who needs security?– When SMTP was initially developed, little (none When SMTP was initially developed, little (none
maybe?) emphasis was placed on securitymaybe?) emphasis was placed on security– Design was built on the idea of cooperation and trustDesign was built on the idea of cooperation and trust– Didn’t anticipate spamDidn’t anticipate spam
Mail RelayMail Relay– Relay is sending mail from one mail server to anotherRelay is sending mail from one mail server to another– Most SMTP servers didn’t check authenticity of usersMost SMTP servers didn’t check authenticity of users
Security and Security and PerformancePerformance
Bulk mailsBulk mails– Unsolicited bulk mailers take advantage of thisUnsolicited bulk mailers take advantage of this– Decreases performance of server for rightful Decreases performance of server for rightful
usersusers Relay RestrictionsRelay Restrictions
– Verify that the computer is on the server’s Verify that the computer is on the server’s local networklocal network
– Require a local domain return addressRequire a local domain return address– Do not accept mail from other open relay Do not accept mail from other open relay
serversservers
Security and Security and PerformancePerformance
How about a new SMTP?How about a new SMTP?– The problem is obvious, so let’s change The problem is obvious, so let’s change
the protocolthe protocol– No guaranteed way to implement without No guaranteed way to implement without
creating incompatibilitiescreating incompatibilities– We like the idea of cooperationWe like the idea of cooperation– Maybe there’s another wayMaybe there’s another way
Security and Security and PerformancePerformance
Other Security MeasuresOther Security Measures– Limit the use of commandsLimit the use of commands– Check the validity of the envelopeCheck the validity of the envelope– Limit the size of the emailLimit the size of the email– Limit the number of emails that may be sent in a given Limit the number of emails that may be sent in a given
amount of timeamount of time– Log everythingLog everything– POP-before-SMTP AuthenticationPOP-before-SMTP Authentication
Note that SMTP has no mechanism for privacy Note that SMTP has no mechanism for privacy (encryption).(encryption).– This has to be done at a higher level if neededThis has to be done at a higher level if needed– Currently is application specificCurrently is application specific
Future ProjectionsFuture Projections
Current projects include:Current projects include: Sender Policy Framework (SPF)Sender Policy Framework (SPF)
– Only certain servers are allowed to forward mail from certain Only certain servers are allowed to forward mail from certain domain namesdomain names
– Easy to checkEasy to check New DNS Blackhole ListsNew DNS Blackhole Lists
– Narrowly identify specific invalid sendersNarrowly identify specific invalid senders– Will be viable once a large enough number of servers support Will be viable once a large enough number of servers support
thisthis Spam FilteringSpam Filtering
– Intelligent, self-learning softwareIntelligent, self-learning software– Good job of identifying unwanted messages that get throughGood job of identifying unwanted messages that get through
GreylistingGreylisting– Receiving servers make sending servers waitReceiving servers make sending servers wait– Spammers probably won’t come backSpammers probably won’t come back– More time means more chances to add the offender to the More time means more chances to add the offender to the
blackhole listblackhole list