A Typical Mail Environment

1
A Typical Mail Environment
Interactive Mail Access Protocol
SMTP
IMAP
Mail Server
Mail Server
Mail Client
SMTP
POP
SMTP
Mail Client
2
SMTP
Mail
Mail gateway
Mail
reader
reader
Mail
Mail
Mail
daemon
daemon
daemon
SMTP/TCP
SMTP/TCP
3
Email is defined by RFC 821 and RFC 822

• Internet email, that is not to be confused with
  LAN email such as ccMail or MS Mail, which use
  proprietary protocols
• RFC 821 defines the SMTP protocol
• How mail MTAs exchange messages
• RFC 822 defines what a mail message looks like

4
SMTP looks like this

• telnet/port25 arizona.edu
• Trying... Connected to ARIZONA.EDU.
• 220 Arizona.EDU -- Server ESMTP (PMDF V4.3-10
  2381)
• helo opus1.com
• 250 Arizona.EDU OK, Tennis.Opus1.COM.
• mail fromlttrumbo_at_opus1.comgt
• 250 Address Ok.
• rcpt toltface_at_arizona.edugt
• 250 face_at_arizona.edu OK.
• data
• 354 Enter mail, end with a single ".".
• This is where all the rest of the data and
  headers go ...
• .
• 250 Ok.
• quit
• 221 Bye received. Goodbye.

Blue sending mailer red receiving mailer
5
The Commands areFew and Specific

• telnet/port25 arizona.edu
• Trying... Connected to ARIZONA.EDU.
• 220 Arizona.EDU -- Server ESMTP (PMDF V4.3-10
  2381)
• helo opus1.com
• 250 Arizona.EDU OK, Tennis.Opus1.COM.
• mail fromlttrumbo_at_opus1.comgt
• 250 Address Ok.
• rcpt toltface_at_arizona.edugt
• 250 face_at_arizona.edu OK.
• data
• 354 Enter mail, end with a single ".".
• This is where all the rest of the headers go ...
• .
• 250 Ok.
• quit
• 221 Bye received. Goodbye.

6
SMTP Reply Codes

• telnet/port25 arizona.edu
• Trying... Connected to ARIZONA.EDU.
• 220 Arizona.EDU -- Server ESMTP (PMDF V4.3-10
  2381)
• helo opus1.com
• 250 Arizona.EDU OK, Tennis.Opus1.COM.
• mail fromlttrumbo_at_opus1.comgt
• 250 Address Ok.
• rcpt toltface_at_arizona.edugt
• 250 face_at_arizona.edu OK.
• data
• 354 Enter mail, end with a single ".".
• This is where all the rest of the headers go ...
• .
• 250 Ok.
• quit
• 221 Bye received. Goodbye.

7
Reply Codes Contain a Lot of Information
The first digit indicates success, failure, or
incomplete
The third digit is the specific message for that
category
The second digit is the category of error message
In fact, only the reply codes count. Other
information in a reply is purely for human
consumption.
8
Most Common Reply Codes

• 500 Syntax error, command unrecognized
• 501 Syntax error in parameters or arguments
• 502 Command not implemented
• 503 Bad sequence of commands
• 220 ltdomaingt Service ready
• 221 ltdomaingt Service closing transmission channel
• 421 ltdomaingt Service not available, closing
  transmission channelThis may be a reply to any
  command if the service knows it must shut down
• 250 Requested mail action okay, completed
• 354 Start mail input end with ltCRLFgt.ltCRLFgt
• 550 Requested action not taken mailbox
  unavailableE.g., mailbox not found, no access
• 553 Requested action not taken mailbox name not
  allowedE.g., mailbox syntax incorrect
• 554 Transaction failed

The first digit indicates status 1 -
3 success 4 temp negative 5 failure
The second digit is type of error 0 syntax 2 conn
ection 5 mail
9
RFC821 Defines all the Reply Codes

• The numeric codes are definitive
• The text is just for us humans
• Most mailers follow the RFC821 suggested text,
  but some of them get fun and creative
• You cant make up new reply codes for a special
  situation
• Thats what being a protocol is all about

10
How to Forge Email

• telnet mail.cs.byu.edu 25
• 220 cs.byu.edu ESMTP Sendmail 8.10.0.Beta12/8.9.1
  Fri, 1 Dec 2000 123814 -0700
• helo big.brother.com
• 250 cs.byu.edu Hello IDENTcs460ta_at_tape.cs.byu.edu
  128.187.101.97, pleased to meet you
• mail fromltfoo_at_bar.EDUgt
• 250 2.1.0 ltfoo_at_bar.EDUgt... Sender ok
• rcpt toltclement_at_cs.byu.edugt
• 250 2.1.5 ltclement_at_cs.byu.edugt... Recipient ok
• data
• 354 Enter mail, end with "." on a line by itself
• testing
• .
• 250 2.0.0 eB1Jw6Y10460 Message accepted for
  delivery
• quit
• 250 2.0.0 eB1Jw6Y10460 Message accepted for
  delivery
• Connection closed by Foreign Host

11
... and the resultant raw mail

• Received from big.brother.com (IDENTcs460ta_at_tape
  .cs.byu.edu 128.187.101.97)
• by cs.byu.edu (8.10.0.Beta12/8.9.1) with SMTP id
  eB1Jw6Y10460
• for ltclement_at_cs.byu.edugt Fri, 1 Dec 2000
  125831 -0700
• Date Fri, 1 Dec 2000 125831 -0700
• From foo_at_bar.EDU
• Message-Id lt200012011958.eB1Jw6Y10460_at_cs.byu.edugt
  
• Status

12
Using VRFY/EXPN

• telnet/port25 cs.arizona.edu
• Trying... Connected to OPTIMA.CS.ARIZONA.EDU, a
  SUN-4/75 running SUN4.1.1.
• 220 optima.cs.arizona.edu Sendmail 5.65c/15 ready
  at Fri, 4 Dec 1994 142153 MST
• vrfy ric
• 250 Ric Anderson ltricgt
• expn live-music
• 550 live-music... User unknown
• expn ncl
• 250 2.1.5 lt"/etc/mail/petidomo/bin/hermes
  ncl"_at_cs.byu.edugt
• quit
• 221 optima.cs.arizona.edu closing connection

13
Beware of vrfyon some mailers!

• telnet/port25 arizvm1.ccit.arizona.edu
• Trying... Connected to ARIZVM1.CCIT.ARIZONA.EDU,
  an IBM 3090-300E running VM/XA.
• 220 ARIZVM1.ccit.arizona.edu running IBM VM SMTP
  V2R2 on Sun, 09 Oct 94 135011 MST
• vrfy foo
• 250 ltfoo_at_ARIZVM1.ccit.arizona.edugt via
  MAILER_at_ARIZVM1
• vrfy blatz
• 250 ltblatz_at_ARIZVM1.ccit.arizona.edugt via
  MAILER_at_ARIZVM1
• vrfy thiscouldnotbearealusername
• 250 ltthiscouldnotbearealusername_at_ARIZVM1.ccit.ariz
  ona.edugt via MAILER_at_ARIZVM1
• vrfy taryn
• 250 lttaryn_at_ARIZVM1.ccit.arizona.edugt via
  MAILER_at_ARIZVM1
• quit
• 221 ARIZVM1.ccit.arizona.edu running IBM VM SMTP
  V2R2 closing connection
• Connection closed by Foreign Host

14
SMTP Extensions (EHLO)

• After careful consideration, a few extensions
  have been added to the SMTP protocol
• A mailer supporting extensions uses EHLO instead
  of HELO in the greeting
• The server will respond to indicate it can
  negotiate extensions
• If the server gives a failure to the EHLO, the
  client SMTP reverts back to plain ol SMTP
• Sometimes called the eight-bit HELO, but other
  extensions are included as well
• Described in RFC1651

15
An EHLO with Extensions

• telnet/port25 dbc.mtview.ca.us
• Trying... Connected to DBC.MTVIEW.CA.US, a
  SUN-SPARC running UNIX.
• 220 dbc.mtview.ca.us SMTP server ready.
• ehlo
• 250-Hello , pleased to meet you
• 250-HELP
• 250-SIZE
• 250-XONE
• 250-XVRB
• 250 XQUE
• quit
• 221 dbc.mtview.ca.us closing connection
• Connection closed by Foreign Host

A mailer that supports extensions responds with a
list of which ones it can do
16
EHLO with an Old Mailer

• telnet/port25 arizvm1.ccit.arizona.edu.
• Trying... Connected to ARIZVM1.CCIT.ARIZONA.EDU,
  an IBM 3090-300E running VM/XA.
• 220 ARIZVM1.ccit.arizona.edu running IBM VM SMTP
  V2R2 on Tue, 25 Apr 95 21091T
• ehlo arizona.edu
• 500 Unknown command, 'ehlo'

17
Defined SMTP Extensions

• The non-required SMTP command set
• Service Ext EHLO Keyword Parameters Verb
  Added Behavior
• ------------- ------------ ----------
  ---------- ------------------
• Send SEND none
  SEND defined in RFC 821
• Send or Mail SOML none SOML
  defined in RFC 821
• Send and Mail SAML none SAML
  defined in RFC 821
• Expand EXPN none
  EXPN defined in RFC 821
• Help HELP none
  HELP defined in RFC 821
• Turn TURN none
  TURN defined in RFC 821
• Later additions, defined in other RFCs
• EHLO RFC1651 SMTP Service Extensions
• 8BITMIME RFC1652, SMTP Service Extension for
  8bit-MIME transport
• SIZE RFC1653, SMTP Service Extension for
  Message Size Declaration
• X extensions (defined to be undefined)

18
Some Headers are More Important than Others

• Required headers
• From Resent-From
• Date Resent-Date
• one recipient address
• To Resent-To
• cc Resent-cc
• bcc Resent-bcc
• (Blind carbon copy)
• From IN"SYSTEM_at_Arizona.EDU"
• To IN"trumbo_at_Arizona.EDU"
• Date Thu, 20 Apr 1995 010024 -0700 (MST)

19
Originator Headers who it comes from

• From Resent-From
• The agent (person, system or process) that
  created the message. Should be a single,
  authenticated machine address generated by the
  sending agent.

20
Originator Headerswho sent it on to you

• Sender Resent-Sender
• The agent (person, system or process) that sends
  the message. Intended for use when the sender is
  not the author of the message, or is one of a
  group of authors. Not to be used if identical
  to From field. The Sender field must be present
  if different from the From field.
• Used by lists in this way
• From "Frits A.M. Storms" ltSTO_at_MH.NLgt
• Sender INFO-VAX Discussion ltINFO-VAX_at_UGA.BITNETgt
• To Multiple recipients of list INFO-VAX
  ltINFO-VAX_at_UGA.BITNETgt

21
Originator Headersbest reply address

• Reply-To Resent-Reply-To
• a mailbox where responses are to be sent, often
  used by list mail
• From "Frits A.M. Storms" ltSTO_at_MH.NLgt
• Subject Re Can Satellite Node Crash-Dump into
  Page File on Local Disk?
• In-reply-to Mike's message of 20 May 1995
  201728 GMT
• Sender INFO-VAX Discussion ltINFO-VAX_at_UGA.BITNETgt
• To Multiple recipients of INFO-VAX
  ltINFO-VAX_at_UGA.BITNETgt
• Reply-to INFO-VAX_at_SRI.COM

Note how the Reply-to field is used
intelligently to direct mail to their preferred
address.
22
The Crucial Received Header

• Received from CGNET.COM by Arizona.EDU (PMDF
  V4.3-9 2381)
• id lt01HGUMM9OTUO9AR7DY_at_Arizona.EDUgt Thu, 08 Sep
  1994 003913 -0700 (MST)
• Received from faop.cgnet.com by CGNET.COM (PMDF
  V4.3-9 7702)
• id lt01HGUMN7N4S000370I_at_CGNET.COMgt Thu, 08 Sep
  1994 004008 -0700 (PDT)
• Received from msmail.fao.org (191.0.1.130)
• by FAOVMS.CGNET.COM (PMDF V4.3-8 3703)
• id lt01HGV4ZD1XTC8WW39N_at_FAOVMS.CGNET.COMgt Thu,
  08 Sep 1994 092510 0200
• Received by msmail.fao.org with Microsoft Mail
  id lt2E79C6AC_at_msmail.fao.orggt
• Thu, 08 Sep 94 092412 02

23
Received Lines are Key to Whats Going On

• The postmasters primary debugging tool
• Tells you which systems have touched (or possibly
  mangled) the mail
• Each Gateway that relays a message attaches its
  own Received header line
• This is so important that gateways are required
  by RFC to add a Received line when they handle
  mail, and they are prohibited by RFC from
  touching the Received lines put on by other
  mailers.

24
Received LineIP Address Authentication

• Some mailers check to see that the domain name in
  the SMTP HELO command matches the IP address
  making the SMTP connection, and put this verified
  information in the Received line
• RFC1123, Requirements for Internet Hosts,
  requires that the receiver MUST NOT refuse to
  accept a message, even if the senders HELO
  command fails verification.

25
Received Headers often contain the Message-ID

• An optional, but widely implemented, component of
  the Received line
• The same information as the orginating mailers
  Message-ID field, provided by all the
  intermediate mailers that handle the message
• Lets you figure out if a repeated message is
  being regenerated by the sender, or if the same
  message is being resent by the sender.
• Often lets you figure out which mailer is
  mailbombing you

26
Mail Messages Can Get Repeated Several Ways
The sender can be printing up copies of the
message
Or someone along the way can be making the copies
Different Message-IDs
Same Message-ID
27
HeadersKey Concepts

• The absolute best and generally only way to debug
  email problems is with headers
• You must learn how to walk through headers
  carefully so that you understand exactly what
  happened at each step in the way
• If someone suggests throwing away headers, beat
  them with a hard mallet until they change their
  mind
• Extensions to the standard set of headers are
  common

28
MIME-Multipurpose Internet Mail Extensions

• MIME defines extensions to SMTP to support binary
  attachments of arbitrary format
• MIME requires more capable user agents to
  interpret messages

• RFC 1561, RFC 1562, etc.

29
A sample message with binary attachment
From trumbo_at_Opus1.COM (Jan Trumbo) Subject
small message with Word attachment To
trumbo_at_Opus1.COM MIME-version 1.0 Content-type
MULTIPART/MIXED BOUNDARY"Boundary_ID_nf99lkyavA
uSoClF/HeK0Q" --Boundary_ID_nf99lkyavAuSoClF/He
K0Q Content-type text/plain charsetus-ascii J
oel, attached is a Word document. -
Jan --Boundary_ID_nf99lkyavAuSoClF/HeK0Q Date
Thu, 19 Sep 1996 164952 -0700 Content-type
application/mac-binhex40 nametiny_text_Word_doc.
doc Content-disposition attachment
filenametiny_text_Word_doc.doc ltWord document
and more stuff below heregt
This identical boundary marker separates the
parts of the mail message
30
Client / Server Email POP and IMAP
31
Client/Server EmailFollows 3 Main Models

• Offline (POP3 model)
• Client connects to server and pulls all email
  down to client
• Everything is stored on the client
• Online (Original IMAP model)
• Client connects to server for every transaction
• Everything is stored on the server
• Disconnected (Later IMAP model)
• Client and server share storage burden
• Server is always authoritative and client must
  synchronize to server

32
POP and IMAP only get the mail

• These are protocols for how to deal with a
  mailbox server
• To SEND mail, both POP and IMAP clients use SMTP
• POP and IMAP clients need configuration
• mailbox server
• SMTP server

33
POP - Post Office Protocol

• POP2 and POP3 standards are incompatible, but
  almost everything is POP3 now
• POP clients connect to the server and copy their
  mail to their local hard drive
• POP locks you into reading mail on the client

34
POP is very simple

• telnet/port110 mail.opus1.com
• Trying... Connected to MAIL.OPUS1.COM.
• OK cello.Opus1.COM MultiNet POP3 Server Process
  V4.0(1) at Fri 20-Sep-96 321PM-MST
• user trumbo
• OK User name (trumbo) ok. Password, please.
• pass thisismypasswordincleartext
• OK 3 messages in folder NEWMAIL (V4.0)
• list 2
• OK 2 7124
• stat
• OK 3 14749
• last
• OK 0
• quit
• OK POP3 MultiNet cello.Opus1.COM Server exiting
  (3 NEWMAIL messages left)
• Connection closed by Foreign Host

list gives individual message size in bytes
stat gives total message size in bytes
35
POP has no security

• telnet/port110 mail.opus1.com
• Trying... Connected to MAIL.OPUS1.COM.
• OK cello.Opus1.COM MultiNet POP3 Server Process
  V4.0(1) at Fri 20-Sep-96 321PM-MST
• user trumbo
• OK User name (trumbo) ok. Password, please.
• pass thisismypasswordincleartext
• OK 3 messages in folder NEWMAIL (V4.0)
• list 2
• OK 2 7124
• stat
• OK 3 14749
• last
• OK 0
• quit
• OK POP3 MultiNet cello.Opus1.COM Server exiting
  (3 NEWMAIL messages left)
• Connection closed by Foreign Host

You can test passwords by connecting to the POP
port
36
IMAP Has Everything POP Doesnt

• On-line, off-line, or disconnected mode operation
• Control of all folders everywhere
• Real authentication
• Multiple servers