1 / 14

SMTP / MIME

SMTP / MIME. Florin Zidaru. Outline. What is SMTP? How does SMTP work? SMTP Security Issues MIME. 1. What is SMTP?. Simple Mail Transport Protocol (SMTP) is the network protocol used to send email across the Internet. Simple protocol, purely ASCII text-based uses TCP port 25.

parksjohn
Télécharger la présentation

SMTP / MIME

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SMTP / MIME Florin Zidaru

  2. Outline • What is SMTP? • How does SMTP work? • SMTP Security Issues • MIME

  3. 1. What is SMTP? • Simple Mail Transport Protocol (SMTP) is the network protocol used to send email across the Internet. • Simple protocol, purely ASCII text-based • uses TCP port 25

  4. 1. What is SMTP? Ctd. • a "push" protocol that does not allow one to "pull" messages from a remote server on demand. • it is limited in its ability to queue messages at the receiving end so usually used with POP3 or IMAP to let the user save messages in a server mailbox and download them periodically from the server. • users typically use a program that uses SMTP for sending e-mail and either POP3 or IMAP for receiving e-mail.

  5. 2. How does SMTP work? • as the result of a user mail request, the sender-SMTP establishes a two-way transmission channel to a receiver-SMTP (destination or an intermediate) • SMTP commands are generated by the sender-SMTP and sent to the receiver-SMTP • SMTP replies are sent from the receiver-SMTP to the sender-SMTP in response to the commands.

  6. 2. How does SMTP work? Ctd.

  7. 2. Example of the SMTP procedure

  8. 3. SMTP Security Issues • Fatal flaw: trusts the users Why? Developed when the Internet was small • lack of a comprehensive way of verifying an e-mail sender's identity. This makes it easy for people to mask their identities by forging return addresses and taking over victim machines to conduct their activities. • Consequences: spam, viruses, trojan horses

  9. 3. SMTP Security Issues • Authentication problem solution: SMTP over SSL/TLS protocol is available at the Internet Engineering Task Force's Web site • But, how do we establish "trust relationships“? Problem: design a system that authenticates mail servers, rather than individuals. A third party would have to determine whether an e-mail server is responsible for sending spam. That kind of responsibility--voluntarily assumed by operators of various spam blacklists--could be difficult and expensive if applied to the Internet as a whole.

  10. 3. SMTP Security Issues : Enumeration • SMTP enumeration What is enumeration? Once an attacker has identified live hosts and running services, he will turn to probing the identified services more fully for known weaknesses • SMTP provides 2 built-in commands that allow for enumeration of users • VRFY – confirms names of valid users • EXPN – reveals the addresses of aliases and mailing lists

  11. 3. SMTP Security Issues : Enumeration • Example: Enumeration can be done over a telnet connection: telnet 192.168.202.34 25 Connected to 192.168.202.34 220 mail.bigcorp.com ESMTP 8.8.7/8.8.7 vrfy root 250 root <root@bigcorp.com> expn adm 250 adm <adm@bigcorp.com> quit

  12. 3. SMTP Enumeration Countermeasures: • oldie-but-goodie service that should be turned off • newer versions of SMTP server software sendmail (www.sendmail.org) offer syntax that can be embedded in the mail.cf file to disable the discussed commands • Microsoft’s Exchange Server prevents nonprivileged users from using EXPN and VRFY by default in recent versions

  13. 4. MIME: • Multipurpose Internet Mail Extensions • Internet Standard that extends the format of e-mail to support: - text in character sets other than US-ASCII; - non-text attachments; - multi-part message bodies; • a fundamental component of communication protocols such as HTTP, which requires that data be transmitted in the context of e-mail-like messages, even though the data might not fit this context.

  14. Resources • SMTP on Wikipedia: http://en.wikipedia.org/wiki/SMTP • RFC 821 – SMTP http://www.ietf.org/rfc/rfc0821.txt • SMTP Security: http://news.com.com/2100-1038_3-5058610.html

More Related