360 likes | 549 Vues
Internet. IMAP store. POP Store. A Typical Mail Environment. Interactive Mail Access Protocol. SMTP. IMAP. Mail Server. Mail Server. Mail Client. SMTP. POP. SMTP. Mail Client. SMTP. Mail. Mail gateway. Mail. reader. reader. Mail. Mail. Mail. daemon. daemon. daemon.
 
                
                E N D
Internet IMAP store POP Store A Typical Mail Environment Interactive Mail Access Protocol SMTP IMAP Mail Server Mail Server Mail Client SMTP POP SMTP Mail Client
SMTP Mail Mail gateway Mail reader reader Mail Mail Mail daemon daemon daemon SMTP/TCP SMTP/TCP Chapter 9, Figure 6
‘Email’ is defined by RFC 821 and RFC 822 • Internet email, that is; not to be confused with LAN email such as cc:Mail or MS Mail, which use proprietary protocols • RFC 821 defines the SMTP protocol • How mail MTAs exchange messages • RFC 822 defines what a mail message looks like
SMTP looks like this $ telnet/port=25 arizona.edu Trying... Connected to ARIZONA.EDU. 220 Arizona.EDU -- Server ESMTP (PMDF V4.3-10 #2381) helo opus1.com 250 Arizona.EDU OK, Tennis.Opus1.COM. mail from:<trumbo@opus1.com> 250 Address Ok. rcpt to:<face@arizona.edu> 250 face@arizona.edu OK. data 354 Enter mail, end with a single ".". This is where all the rest of the data and headers go ... . 250 Ok. quit 221 Bye received. Goodbye. $ Blue sending mailer red receiving mailer
The Commands areFew and Specific $ telnet/port=25 arizona.edu Trying... Connected to ARIZONA.EDU. 220 Arizona.EDU -- Server ESMTP (PMDF V4.3-10 #2381) helo opus1.com 250 Arizona.EDU OK, Tennis.Opus1.COM. mailfrom:<trumbo@opus1.com> 250 Address Ok. rcptto:<face@arizona.edu> 250 face@arizona.edu OK. data 354 Enter mail, end with a single ".". This is where all the rest of the headers go ... . 250 Ok. quit 221 Bye received. Goodbye.
SMTP Reply Codes $ telnet/port=25 arizona.edu Trying... Connected to ARIZONA.EDU. 220 Arizona.EDU -- Server ESMTP (PMDF V4.3-10 #2381) helo opus1.com 250 Arizona.EDU OK, Tennis.Opus1.COM. mail from:<trumbo@opus1.com> 250 Address Ok. rcpt to:<face@arizona.edu> 250 face@arizona.edu OK. data 354 Enter mail, end with a single ".". This is where all the rest of the headers go ... . 250 Ok. quit 221 Bye received. Goodbye.
354 Reply Codes Contain a Lot of Information The first digit indicates success, failure, or incomplete The third digit is the specific message for that category The second digit is the category of error message In fact, only the reply codes count. Other information in a reply is purely for human consumption.
Most Common Reply Codes 500 Syntax error, command unrecognized 501 Syntax error in parameters or arguments 502 Command not implemented 503 Bad sequence of commands 220 <domain> Service ready 221 <domain> Service closing transmission channel 421 <domain> Service not available, closing transmission channel[This may be a reply to any command if the service knows it must shut down] 250 Requested mail action okay, completed 354 Start mail input; end with <CRLF>.<CRLF> 550 Requested action not taken: mailbox unavailable[E.g., mailbox not found, no access] 553 Requested action not taken: mailbox name not allowed[E.g., mailbox syntax incorrect] 554 Transaction failed The first digit indicates status: 1 - 3 success 4 temp negative 5 failure The second digit is type of error: 0 syntax 2 connection 5 mail
RFC821 Defines all the Reply Codes • The numeric codes are definitive • The text is just for us humans • Most mailers follow the RFC821 suggested text, but some of them get fun and creative • You can’t make up new reply codes for a special situation • That’s what being a protocol is all about
How to Forge Email $ telnet mail.cs.byu.edu 25 220 cs.byu.edu ESMTP Sendmail 8.10.0.Beta12/8.9.1; Fri, 1 Dec 2000 12:38:14 -0700 helo big.brother.com 250 cs.byu.edu Hello IDENT:cs460ta@tape.cs.byu.edu [128.187.101.97], pleased to meet you mail from:<foo@bar.EDU> 250 2.1.0 <foo@bar.EDU>... Sender ok rcpt to:<clement@cs.byu.edu> 250 2.1.5 <clement@cs.byu.edu>... Recipient ok data 354 Enter mail, end with "." on a line by itself testing . 250 2.0.0 eB1Jw6Y10460 Message accepted for delivery quit 250 2.0.0 eB1Jw6Y10460 Message accepted for delivery Connection closed by Foreign Host
... and the resultant raw mail Received: from big.brother.com (IDENT:cs460ta@tape.cs.byu.edu [128.187.101.97]) by cs.byu.edu (8.10.0.Beta12/8.9.1) with SMTP id eB1Jw6Y10460 for <clement@cs.byu.edu>; Fri, 1 Dec 2000 12:58:31 -0700 Date: Fri, 1 Dec 2000 12:58:31 -0700 From: foo@bar.EDU Message-Id: <200012011958.eB1Jw6Y10460@cs.byu.edu> Status:
Using VRFY/EXPN $ telnet/port=25 cs.arizona.edu Trying... Connected to OPTIMA.CS.ARIZONA.EDU, a SUN-4/75 running SUN4.1.1. 220 optima.cs.arizona.edu Sendmail 5.65c/15 ready at Fri, 4 Dec 1994 14:21:53 MST vrfy ric 250 Ric Anderson <ric> expn live-music 550 live-music... User unknown expn ncl 250 2.1.5 <"|/etc/mail/petidomo/bin/hermes ncl"@cs.byu.edu> quit 221 optima.cs.arizona.edu closing connection $
Beware of vrfyon some mailers! $ telnet/port=25 arizvm1.ccit.arizona.edu Trying... Connected to ARIZVM1.CCIT.ARIZONA.EDU, an IBM 3090-300E running VM/XA. 220 ARIZVM1.ccit.arizona.edu running IBM VM SMTP V2R2 on Sun, 09 Oct 94 13:50:11 MST vrfy foo 250 <foo@ARIZVM1.ccit.arizona.edu> via MAILER@ARIZVM1 vrfy blatz 250 <blatz@ARIZVM1.ccit.arizona.edu> via MAILER@ARIZVM1 vrfy thiscouldnotbearealusername 250 <thiscouldnotbearealusername@ARIZVM1.ccit.arizona.edu> via MAILER@ARIZVM1 vrfy taryn 250 <taryn@ARIZVM1.ccit.arizona.edu> via MAILER@ARIZVM1 quit 221 ARIZVM1.ccit.arizona.edu running IBM VM SMTP V2R2 closing connection Connection closed by Foreign Host
SMTP Extensions (EHLO) • After careful consideration, a few extensions have been added to the SMTP protocol • A mailer supporting extensions uses EHLO instead of HELO in the greeting • The server will respond to indicate it can negotiate extensions • If the server gives a failure to the EHLO, the client SMTP reverts back to plain ol’ SMTP • Sometimes called the ‘eight-bit HELO’, but other extensions are included as well • Described in RFC1651
An EHLO with Extensions $ telnet/port=25 dbc.mtview.ca.us Trying... Connected to DBC.MTVIEW.CA.US, a SUN-SPARC running UNIX. 220 dbc.mtview.ca.us SMTP server ready. ehlo 250-Hello , pleased to meet you 250-HELP 250-SIZE 250-XONE 250-XVRB 250 XQUE quit 221 dbc.mtview.ca.us closing connection Connection closed by Foreign Host A mailer that supports extensions responds with a list of which ones it can do
EHLO with an Old Mailer $ telnet/port=25 arizvm1.ccit.arizona.edu. Trying... Connected to ARIZVM1.CCIT.ARIZONA.EDU, an IBM 3090-300E running VM/XA. 220 ARIZVM1.ccit.arizona.edu running IBM VM SMTP V2R2 on Tue, 25 Apr 95 21:09:1T ehlo arizona.edu 500 Unknown command, 'ehlo'
Defined SMTP Extensions The non-required SMTP command set: Service Ext EHLO Keyword Parameters Verb Added Behavior ------------- ------------ ---------- ---------- ------------------ Send SEND none SEND defined in RFC 821 Send or Mail SOML none SOML defined in RFC 821 Send and Mail SAML none SAML defined in RFC 821 Expand EXPN none EXPN defined in RFC 821 Help HELP none HELP defined in RFC 821 Turn TURN none TURN defined in RFC 821 Later additions, defined in other RFCs: EHLO RFC1651 “SMTP Service Extensions” 8BITMIME RFC1652, “SMTP Service Extension for 8bit-MIME transport” SIZE RFC1653, “SMTP Service Extension for Message Size Declaration” X extensions (defined to be undefined)
Some Headers are More Important than Others • Required headers • From: [ Resent-From ] • Date: [ Resent-Date ] • one recipient address: To [ Resent-To ] cc [ Resent-cc ] bcc [ Resent-bcc ] (“Blind” carbon copy) From: IN%"SYSTEM@Arizona.EDU" To: IN%"trumbo@Arizona.EDU" Date: Thu, 20 Apr 1995 01:00:24 -0700 (MST)
Originator Headers: who it comes from • From [ Resent-From ] • The agent (person, system or process) that created the message. Should be a single, authenticated machine address generated by the sending agent.
Originator Headers:who sent it on to you • Sender [ Resent-Sender ] • The agent(person, system or process) that sends the message. Intended for use when the sender is not the author of the message, or is one of a group of authors. Not to be used if identical to From field. The Sender field must be present if different from the From field. • Used by lists in this way: From: "Frits A.M. Storms" <STO@MH.NL> Sender: INFO-VAX Discussion <INFO-VAX@UGA.BITNET> To: Multiple recipients of list INFO-VAX <INFO-VAX@UGA.BITNET>
Originator Headers:best reply address • Reply-To [ Resent-Reply-To ] • a mailbox where responses are to be sent, often used by list mail: From: "Frits A.M. Storms" <STO@MH.NL> Subject: Re: Can Satellite Node Crash-Dump into Page File on Local Disk? In-reply-to: Mike's message of 20 May 1995 20:17:28 GMT Sender: INFO-VAX Discussion <INFO-VAX@UGA.BITNET> To: Multiple recipients of INFO-VAX <INFO-VAX@UGA.BITNET> Reply-to: INFO-VAX@SRI.COM Note how the Reply-to: field is used intelligently to direct mail to their preferred address.
The Crucial Received Header Received: from CGNET.COM by Arizona.EDU (PMDF V4.3-9 #2381) id <01HGUMM9OTUO9AR7DY@Arizona.EDU>; Thu, 08 Sep 1994 00:39:13 -0700 (MST) Received: from faop.cgnet.com by CGNET.COM (PMDF V4.3-9 #7702) id <01HGUMN7N4S000370I@CGNET.COM>; Thu, 08 Sep 1994 00:40:08 -0700 (PDT) Received: from msmail.fao.org (191.0.1.130) by FAOVMS.CGNET.COM (PMDF V4.3-8 #3703) id <01HGV4ZD1XTC8WW39N@FAOVMS.CGNET.COM>; Thu, 08 Sep 1994 09:25:10 +0200 Received: by msmail.fao.org with Microsoft Mail id <2E79C6AC@msmail.fao.org>; Thu, 08 Sep 94 09:24:12 +02
Received Lines are Key to What’s Going On • The postmaster’s primary debugging tool • Tells you which systems have touched (or possibly mangled) the mail • Each Gateway that relays a message attaches its own Received header line • This is so important that gateway’s are required by RFC to add a Received line when they handle mail, and they are prohibited by RFC from touching the Received lines put on by other mailers.
Received: from fake.com (Penny.Telcom.Arizona.EDU)by Arizona.EDU (PMDF V4.3-10 #2381) id 01HPRDGE23PSA3CYNG@Arizona.EDU>; Tue, 25 Apr • 1995 15:02:41 -0700 (MST) Received LineIP Address Authentication • Some mailers check to see that the domain name in the SMTP HELO command matches the IP address making the SMTP connection, and put this verified information in the Received line: • RFC1123, Requirements for Internet Hosts, requires that the receiver MUST NOT refuse to accept a message, even if the sender’s HELO command fails verification.
Received Headers often contain the Message-ID • An optional, but widely implemented, component of the Received line • The same information as the orginating mailer’s Message-ID field, provided by all the intermediate mailers that handle the message • Lets you figure out if a repeated message is being regenerated by the sender, or if the same message is being resent by the sender. • Often lets you figure out which mailer is mailbombing you
Mail Messages Can Get Repeated Several Ways The sender can be printing up copies of the message Or someone along the way can be making the copies Different Message-IDs Same Message-ID
HeadersKey Concepts • The absolute best and generally only way to debug email problems is with headers • You must learn how to walk through headers carefully so that you understand exactly what happened at each step in the way • If someone suggests throwing away headers, beat them with a hard mallet until they change their mind • Extensions to the standard set of headers are common
MIME-Multipurpose Internet Mail Extensions RFC 1561, RFC 1562, etc. • MIME defines extensions to SMTP to support binary attachments of arbitrary format • MIME requires more capable user agents to interpret messages
A sample message with binary attachment From: trumbo@Opus1.COM (Jan Trumbo) Subject: small message with Word attachment To: trumbo@Opus1.COM MIME-version: 1.0 Content-type: MULTIPART/MIXED; BOUNDARY="Boundary_[ID_nf99lkyavAuSoClF/HeK0Q]" --Boundary_[ID_nf99lkyavAuSoClF/HeK0Q] Content-type: text/plain; charset=us-ascii Joel, attached is a Word document. - Jan --Boundary_[ID_nf99lkyavAuSoClF/HeK0Q] Date: Thu, 19 Sep 1996 16:49:52 -0700 Content-type: application/mac-binhex40; name=tiny_text_Word_doc.doc Content-disposition: attachment; filename=tiny_text_Word_doc.doc <Word document and more stuff below here> This identical boundary marker separates the parts of the mail message
Client/Server EmailFollows 3 Main Models • Offline (POP3 model) • Client connects to server and pulls all email down to client • Everything is stored on the client • Online (Original IMAP model) • Client connects to server for every transaction • Everything is stored on the server • Disconnected (Later IMAP model) • Client and server share storage burden • Server is always authoritative and client must synchronize to server
POP and IMAP only get the mail • These are protocols for how to deal with a mailbox server • To SEND mail, both POP and IMAP clients use SMTP • POP and IMAP clients need configuration: • mailbox server • SMTP server
POP - Post Office Protocol • POP2 and POP3 standards are incompatible, but almost everything is POP3 now • POP clients connect to the server and copy their mail to their local hard drive • POP locks you into reading mail on the client
POP is very simple $ telnet/port=110 mail.opus1.com Trying... Connected to MAIL.OPUS1.COM. +OK cello.Opus1.COM MultiNet POP3 Server Process V4.0(1) at Fri 20-Sep-96 3:21PM-MST user trumbo +OK User name (trumbo) ok. Password, please. pass thisismypasswordincleartext +OK 3 messages in folder NEWMAIL (V4.0) list 2 +OK 2 7124 stat +OK 3 14749 last +OK 0 quit +OK POP3 MultiNet cello.Opus1.COM Server exiting (3 NEWMAIL messages left) Connection closed by Foreign Host $ ‘list’ gives individual message size in bytes ‘stat’ gives total message size in bytes
POP has no security $ telnet/port=110 mail.opus1.com Trying... Connected to MAIL.OPUS1.COM. +OK cello.Opus1.COM MultiNet POP3 Server Process V4.0(1) at Fri 20-Sep-96 3:21PM-MST user trumbo +OK User name (trumbo) ok. Password, please. pass thisismypasswordincleartext +OK 3 messages in folder NEWMAIL (V4.0) list 2 +OK 2 7124 stat +OK 3 14749 last +OK 0 quit +OK POP3 MultiNet cello.Opus1.COM Server exiting (3 NEWMAIL messages left) Connection closed by Foreign Host $ You can test passwords by connecting to the POP port
IMAP Has Everything POP Doesn’t • On-line, off-line, or disconnected mode operation • Control of all folders everywhere • Real authentication • Multiple servers