Smtp Protocol

SMTP protocol This protocol sends an e-mail with optional attachments. •

Protocol summary

•

Example usage

•

Request and response format ○

•

POST operation

Configuration ○

SMTPS configuration

Protocol summary Name smtp

Description Sends an e-mail using SMTP and MIME encoding. Resource name Can contain the primary recipient e-mail address or can be overridden using mailto protocol configuration parameter. Operations POST - send e-mail. The EmailConnection class provides a simple way to build Connection requests for the smtp protocol implementation, including e-mail attachments.

Example usage The following example uses the EmailConnection API to send a simple e-mail message: try { EmailConnection email = new EmailConnection("[email protected]"); email.setFromAddress("[email protected]"); email.setSubject("Hello you!"); email.setContent("This is the e-mail body."); email.send(); } catch (Exception e) { // Failed to send e-mail }

•

See Sending an e-mail using EmailConnection for more examples using the EmailConnection API.

•

You can also use the sendEmail activity to send an e-mail using the smtp protocol implementation from a flow.

Request and response format This section details the headers and body types for the requests and responses of the supported operations. POST

operation

The POST operation sends an e-mail to a SMTP server. The request body becomes the body of the e-mail message. Request headers Request header name

Comments

e-mail subject text. Sender's e-mail address. If not supplied, the primary recipient e-mail address is From used as the sender's e-mail address. Optional List of recipient e-mail addresses. The primary recipient e-mail address To (as specified by the request resource target or the mailto configuration parameter) is automatically added. Cc Optional List of CC recipient e-mail addresses. Bcc Optional List of BCC recipient e-mail addresses. e-mail body MIME type. If not specified, text/plain; charset=UTF-8 is Content-Type assumed. MIME-Version Simple applications must leave this header unset. Any other headers to be sent with the SMTP message. If the request header has Other headers multiple values, each value is sent to the server as a separate SMTP header. Subject

•

The values of To, Cc and Bcc headers must be lists of simple, individual e-mail addresses. Addresses must be of the form [email protected] only (real name annotations are not supported). Multiple addresses must be represented as multiple values in the lists (comma-separated lists of addresses are not supported).

•

The MIME-Version header should only be set by advanced, MIME-aware applications and connection handlers. If the following conditions are all true then the body is assumed to be already encoded into 7-bit ASCII and is transmitted without further MIME processing:

•

○

MIME-Version

is specified.

○

Content-Type

header value begins with multipart/mixed.

○

The request body is not an instance of MultipartBody.

If the request body is an instance of MultipartBody then the values of the following request headers are replaced with values appropriate for the MIME encoded request body: ○

MIME-Version

○

Content-Type

○

Content-Transfer-Encoding

Request body Request body type String

Comments

Encodes character data for SMTP transmission using MIME, according to or Reader charset in Content-Type header. If Content-Type has multiple values then the first value is used. If charset not specified then 7-bit ASCII is assumed.

Request body type byte[] or InputStream MultipartBody

Other types

Comments Encodes binary data for SMTP transmission using MIME. Encode multi-part body using MIME. Calls toString() and processes result as String.

Response headers No response headers defined. Response body containing final response message from SMTP server.

String

Configuration Parameter hostname

Description SMTP server hostname.

port

SMTP server port number.

Port 465 if smtpsConfig is set, otherwise port 25.

mailto

Override primary recipient e-mail address.

Request target resource name.

smtpsConfig

SMTPS configuration name.

userid

AUTH PLAIN user ID.

AUTH PLAIN password. (XOR strings are supported) connectionTimeout Connection timeout, in seconds. readTimeout Socket read timeout, in seconds. password

Default localhost

None set. (Unencrypted SMTP connection) None set. (Unauthenticated SMTP connection) None set. seconds. 60 seconds. 15

•

If the userid configuration parameter is supplied, the userid and password values are sent to the SMTP server, using the AUTH PLAIN authentication mechanism. The connection will fail if the SMTP server rejects the supplied credentials or does not support the AUTH PLAIN authentication mechanism.

•

If the value of smtpsConfig is either null or the empty string then an unencrypted socket connection will be used to connect to the SMTP server. If the value contains a SMTPS configuration name, the named configuration will be used to establish a SSL socket connection to SMTP server (SMTPS). The default value of the port parameter is 25 for SMTP and 465 for SMTPS.

•

Protocol configuration can be applied to the connection request using various mechanism, as described in Configuring protocols.

In the following example, a default SMTP server is set for the smtp protocol: /config/connection/defaults/smtp/hostname = "smtp.projectzero.org"

With no further configuration, the specified SMTP server will be contacted on port 25, using an unencrypted connection and no authentication. The next example contains a default configuration for a secure SMTP server:

/config/connection/defaults/smtp/hostname = "smtp.projectzero.org" /config/connection/defaults/smtp/userid = "user1" /config/connection/defaults/smtp/password = "password1" /config/connection/defaults/smtp/smtpsConfig = "defaultConfig"

Using this configuration an SMTPS connection will be established to port 465 of the specified server, using the predefined defaultConfig SSL configuration. The user ID and password will be sent to the SMTP server to authenticate the connection.

SMTPS configuration By setting a value for the smtpsConfig protocol configuration parameter, you can specify that an SSL socket is to be used to connect to the SMTP server (SMTPS). The value of smtpsConfig names a SMTPS configuration to be used for the connection. The zero.core module contains a predefined SMTPS configuration, which checks that the SMTPS server presents a valid certificate signed by one of a selection of well-known certificate authorities. To use this configuration, the value of smtpsConfig must be set to defaultConfig. The defaultConfig configuration does not present a client certificate to the remote server. You can configure a custom SMTPS configuration using your own trust store and key store. An SMTPS configuration is specified using the key /config/connection/smtps/ configName, as demonstrated in the following example: /config/connection/smtps/mySmtpsConfig = { "trustStore" : "config/truststore.jks", "trustStorePassword" : "password", "trustStoreType" : "JKS" }

The above configuration can be selected by setting smtpsConfig value to mySmtpsConfig. The SSL configurations defined under /config/connection/smtps/ configName can contain the following properties: Property trustStore trustStorePassword trustStoreType keyStore

Description File name of trust store to be used to validate server identity. Trust store password. (XOR strings are supported) Trust store type. File name of key store containing client certificate.

keyStorePassword

Key store password. (XOR strings are supported)

keyStoreType

Key store type.

Notes Required. Required. Required. Optional, default is no client certificate. Required if keyStore is specified. Required if keyStore is specified.

If true, the outbound connection does not Optional, default disableTrustVerification perform any checks to validate the identity of value is false the remote server.

Introduction to e-mail

E-mail is considered as being the most widely used service on the Internet. So the TCP/IP protocol suite offers a range of protocols allowing the easy management of email routing over the network.

The SMTP protocol The SMTP protocol (Simple Mail Transfer Protocol) is the standard protocol enabling mail to be transferred from one server to another by point to point connection. This is a protocol operating in online mode, encapsulated in a TCP/IP frame. The mail is sent directly to the recipient's mail server. SMTP protocol works using text commands sent to the SMTP server (on port 25 by default). Each command sent by the client (validated by the ASCII character string CR/LF, equivalent to a press on the enter key) is followed by a response from the SMTP server comprising of a number and a descriptive message. Here is a scenario of a request for sending mail to an SMTP server •

When opening the SMTP session, the first command to be sent is the HELO command followed by a space (written <SP>) and the domain name of your machine (in order to say "hello, I am this machine"), then validated by enter (written ). Since April 2001, the specifications for the SMTP protocol, defined in RFC 2821, mean that the HELO command is replaced by the EHLO command.

•

The second command is "MAIL FROM:" followed by the email address of the originator. If the command is accepted the server sends back the message "250 OK"

•

The next command is "RCPT TO:" followed by the email address of the recipient. If the command is accepted the server sends back the message "250 OK"

•

The DATA command is the third stage for sending email. It announces the start of the message body. If the command is accepted the server sends back an intermediary message numbered 354 indicating that the sending of the email body can begin and considers the collection of following lines until the end of the message located by a line containing only a dot. The email body possibly contains some of the following headers: ○ Date ○ Subject ○ Cc ○ Bcc ○ From

If the command is accepted the server sends back the message "250 OK" Here is an example of a transaction between a client (C) and an SMTP server (S) S: C: S: C:

220 smtp.commentcamarche.net SMTP Ready EHLO machine1.commentcamarche.net 250 smtp.commentcamarche.net MAIL FROM:<[email protected]>

S: 250 OK C: RCPT TO:<[email protected]> S: 250 OK C: RCPT TO:

S: 550 No such user here C: DATA S: 354 Start mail input; end with . C: C: C: C: C: C:

Subject: Hello Hello Meandus, How are things? See you soon! .

S: 250 OK C: QUIT R: 221 smtp.commentcamarche.net closing transmission

The basic specifications of the SMTP protocol mean that all the characters sent are coded in ASCII code over 7 bits and that the 8th bit is explicitly put at zero. So to send accented characters it is necessary to resort to algorithms integrating MIME specifications: •

base64 for attached files

•

quoted-printable (abbreviated to QP) for special characters contained within the message body

It is therefore possible to send an email using a simple telnet on port 25 of the SMTP server: telnet smtp.commentcamarche.net 25

(the server indicated above is deliberately nonexistent, you can try by replacing commentcamarche.net by the domain name of your internet service provider) Here is a summary of the principal SMTP commands Command HELO (now EHLO)

Example EHLO 193.56.47.125

DATA QUIT

MAIL FROM: [email protected] RCPT TO: [email protected] DATA message QUIT

HELP

HELP

MAIL FROM: RCPT TO:

Description Identification using the IP address or domain name of the originator computer Identification of the originator's address Identification of the recipient's address Email body Exit the SMTP server List of SMTP commands supported by the server

All the specifications for the SMTP protocol are defined in RFC 821 (since April 2001, the SMTP protocol specifications are defined in RFC 2821).

HTTP protocol- What is HTTP? Computers on the World Wide Web use the HyperText Transfer Protocol to talk with each other. The HTTP provides a set of instructions for accurate information exchange. The communication between the client (your browser) and the server (a software located on a remote computer) involves requests sent by the client and responses from the server. Each client-server transaction, whether a request or a response, consists of three main parts

1. A response or request line 2. Header information 3. The body A client connects to the server at port 80 (unless it has been changed by the system administrator) and sends a request. The request line from the client consists of a request method, the address of the file requested and the HTTP version number. GET /mypage.html HTTP/1.1

The above request calls for mypage.html file using the GET HTTP method; the version of HTTP used is 1.1. After the request line comes the header data that consists of configuration information about the client and its document viewing preferences. The header is a series of lines, each of which contains a specific detail about the client and ends with a blank line. A header may look like this: ACCEPT: */* ACCEPT_LANGUAGE:en-us REFERER:http://www.simplygraphix.com/wedes.html USER_AGENT:Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0) ...

Most of the lines in the header are self-explanatory. The ACCEPT identifies the various kinds of files which the client can display. The REFERER lines contains the document from which the request was generated. In the case above, it is webdes.html document from http://www.simplygraphix.com web site that has sent the request. the The USER_AGENT specifies the browser and gives details on its version number. The body of the request will contain data sent by the client via POST method. The server now responds. Again, the response consists of three parts. The response line contains information on the HTTP version number, a status code that indicates the result of the request from the client and a description of the status code in 'English'. HTTP/1.1 200 OK

The HTTP version used is 1.1 and the status code 200 and 'OK' explain the result of the client's request. There are many HTTP server status codes and you can know more about them through the links given at the end of this page. The header from the server contains information about the server software and the document sent to the client. Date: Wed, 16 Aug 2000, 13:25:54 GMT Server: NCSA/1.5.2 Last-modified: Sat, 22 Jan 2000, 05:15:43 Content-type: text/html Content-length: 12443

The header is followed by a blank line that indicates the end of the header information. From the example above, the server sends an html document of size 12443 bytes as shown by the Contenttype and Content-length lines. The server line gives details about the server software. The rest is quite evident. One last point on the HTTP protocol- HTTP is a stateless protocol, which means that the connection between the browser and the server is lost once the transaction ends.

Page contents: Understanding the HTTP Protocol and how it is used by the client to receive files and by the server to process client requests.

what is http protocol? The http protocol is the language known as http, which your web browser uses to talk with a web server. The http protocol is used for communications in the Internet. The http protocol leads to the World Wide Web establishment. The development of the http protocol is coordinated by the W3C and IETF, the iterations of the http protocol is presented in the RFCs, and the RFC 2616 from June 1999 defines the http protocol version 1.1, the most commonly used version of the http protocol. The http protocol is a standard of requests and responses between a server and a client. A client using the http protocol is usually a web browser, and the server using the http protocol is the website.

About https, http protocol over SSL The http protocol is not secure. Anyone who has access to your network may potentiality capture and see the sensitive information sent over the http protocol (logins, passwords, etc). In this case web servers use the https protocol. The https protocol is the same http protocol working over an encrypted Secure Sockets Layer (SSL) providing strong encryption.

What is the Difference Between Http and Https? http is hyper text transfer protocol which is responsible for transmitting and receiving information across the Internet where as https is secure http, which is used exchanging confidential information with a server, which needs to be secured in order to prevent unauthorized access. HTTP is Hyper Text Transport Protocol and is transmitted over the wire via PORT 80(TCP). You normally use HTTP when you are browsing the web, it's not secure, and so someone can eavesdrop on the conversation between your computer and the web server. HTTP can support the client asking for a particular file to be sent only if it has been updated after a certain date and time. This would be used if the client has already retrieved a copy of a file by that name from that server, but wants to check to see if it has been updated since then. The server responds either with the updated file, with a message to say the file has not been changed, or with a message that the file no longer exists. HTTPS (Hypertext Transfer Protocol over Secure Socket Layer or HTTP over SSL) is a Web protocol developed by Netscape and built into its browser that encrypts and decrypts user page requests as well as the pages that are returned by the Web server. HTTPS is really just the use of Netscape's Secure Socket Layer (SSL) as a sub layer under its regular HTTP application layering. (HTTPS uses port 443 instead of HTTP port 80 in its interactions with the lower layer, TCP/IP.) SSL uses a 40-bit key size for the RC4 stream encryption algorithm, new-age browsers

use 128-bit key size which is more secure than the former, it is considered an adequate degree of encryption for commercial exchange. HTTPS is normally used in login pages, shopping/commercial sites. How it Work Https is not a separate protocol, but refers to the combination of a normal HTTP interaction over an encrypted Secure Sockets Layer (SSL) or Transport Layer Security (TLS) transport mechanism. This ensures reasonable protection from eavesdroppers and (provided it is implemented properly and the top level certification authorities do their job properly) man-in-the-middle attacks. The default TCP port of an https: URL is 443 (for unsecured HTTP, the default is 80). To prepare a web-server for accepting https connections the administrator must create a public key certificate for the web-server. These certificates can be created for Linux based servers with tools such as Open SSL's ssl or SuSE's gensslcert. This certificate must be signed by a certificate authority of one form or another, who certifies that the certificate holder is who they say they are. Web browsers are generally distributed with the signing certificates of major certificate authorities, so that they can verify certificates signed by them. Main Features Dedicated to HTTP protocol, show a wide range of HTTP related information, request and response header, content, sent and received cookies, stream, query strings, post form values… Request builder, Users can handcraft an HTTP request by using the HTTP Request Builder, or they can use a drag-and-drop operation to move an existing request from the session grid to the Request Builder to execute it again. Hex Viewer allows users to view and edit binary files in hexadecimal and textual format. New Displays Winsock traffic originating from Java applets and JavaScript embedded in a Web page, displays Winsock traffic originating from ActiveX controls and COM objects instanced by an application (Stand-alone Edition Only) "Before request and after response" browser cache comparisons Support HTTPS, show you unencrypted data sent over HTTPS / SSL connections, HTTPS is available if the application uses the Microsoft WININET API (ex. ie, outlook) or Mozilla NSS API. (ex. firefox, thunderbird) Selectively clear caches and cookies which are related with HTTP/HTTPS sessions