Mail Protocols
“DATA NETWORK” FOR JTOs PH-II : SMTP
Mail Protocols Introduction Mail service is perhaps the most widely used application on the Internet. Several protocols for mail service are available, but the most widely used is the Simple Mail Transfer Protocol (SMTP). Because of large number of mobiles and workstation users on the Internet, other support protocols, such as POP3 (Post Office version 3) and IMAP4 (Internet Message Access Protocol version 4), have also been developed. Simple Mail Transfer Protocol (SMTP) SMTP enables ASCII text messages to be sent to mailbox on TCP/IP hosts that have been configured with mail services. Figure 13.3 shows a mail session that uses SMTP. A user who wants to send mail interacts with the local mail system through the user agent (UA) component of the mail system. The mail is deposited in local mail outgoing mailbox. A sender-SMTP process periodically polls the outgoing box, and when the process finds a mail message in the box, it establishes a TCP connection with the destination host to which mail is to be sent. The receiver-SMTP process running in the destination host accepts the connection, and the mail message is sent to that connection. The receiver-SMTP process deposits the mail message in the destination mailbox on the destination host. If there is no mailbox with the specified name on the destination host, a mail message is sent to the originator. This message indicates that the mailbox does not exist. The sender-SMTP and receiver-SMTP processes that are responsible for the transfer of mail are called message transfer agents (MTA). Mail addresses that are used in SMTP follow the RFC 882 standard. The mail header is often referred to as 882 headers. An example of an 882 address is the following:
[email protected] The test string before the @ symbol specifies the mailbox name, and the text string after the symbol specifies the host name. If the mailbox name contains special characters, such as %, the mailbox name contains a special encoding that is used by mail gateways. In the mail address of
[email protected], the text string KSS is the name of the mailbox on host SH IVA.COM. If you want to send non-text message, such as binary files, audio, or images, by using SMTP, you can encode the message as a text message by using the UUENCODE utility that is available on many systems. The receiver will have to decode the encoded message by using a utility called UUDECODE. Another way of sending non-text message is to use the MIME protocol. MIME (Multipurpose Internet Mail Extensions) is described in RFCs 1896 RFC2046 and RFC2049. MIME is used to encode different content types, such as plain text, richly formatted text, image, audio, video, HTML documents, and so on (see fig. 13.4).
BRBRAITT Nov-2006
2
“DATA NETWORK” FOR JTOs PH-II : SMTP
Figure 13.4 MIME message. (Courtesy Learning Tree) Message header
RFC-822
Text Audio
Message body
MIME RFC-1341
Image Video
MIME message bodies can have nested contents, and MIME user agents can select among alternative representations of contents. For example, if a "dumb" terminal --- which does not have the capability to display an audio/video message -- is used, the terminal can display the text portion of this message. Another Useful feature of MIME is that it can use a pointer to reference data that is stored elsewhere. For example, the pointer can refer to a document on an FTP site. This process prevents the necessity of including the document to every mail message that is sent out on a mail distribution list. Only users that are interested in the document on the FTP site have to retrieves this document. Table 13.3 SMTP Sender (client) Commands for a Minimal Implementation Command
Meaning
HELO sender
This command is a connection request from a sender SMTP.
MAIL FROM : from address
This command is used to initiate a mail transaction in which the mail data is delivered to one or more mailboxes.
RECP TO : send to
This command is used to identify an individual recipient of the mail data. Multiple recipients are specified by multiple use of this command.
DATA
The receiver treats the line following the command as mail data from the sender. The mail data is terminated by a line containing only a period, as in the character sequence
BRBRAITT Nov-2006
3
“DATA NETWORK” FOR JTOs PH-II : SMTP
. QUIT
This command specifies that the receiver must send an OK reply and then close the connection.
RESET
This command specifies that the current mail transaction is to be aborted.
NOOP
This is a no operation command. It specifies no other action than that the receiver send an ok reply. This command can be used as a diagnostic aid to check whether the receiver responds with an OK reply. Table 13.4 Example SMTP Receiver (Mail Server) Commands
Command
Meaning
250
Requested mail action OK, completed.
251 450
User not local; will forward to . Requested mail action not taken: mailbox unavailable. For example, mailbox is busy.
550
Requested action not taken: mailbox unavailable.
451
Requested action aborted: error in processing.
551
User not local; please try .
452
Requested storage.
552
Requested mail action aborted: exceeded storage allocation.
553
Requested action not taken: mailbox name not allowed. For example, mailbox syntax may be incorrect.
354
Start mail input; end with .
554
Transaction failed.
action
not
taken;
insufficient
system
Figure 13.5 shows an SMTP session that uses some of these commands. Notice that in this example, mail is being sent from the user [email protected] identified by the MAIL command.
BRBRAITT Nov-2006
4
“DATA NETWORK” FOR JTOs PH-II : SMTP
Figure 13.5 Example SMTP session showing SMTP commands. (Courtesy Learning Tree) _____________________________________________________________ __ Example SMTP session S: R:
HELO machine HELO machine, pleased to meet you
S: R:
MAIL FROM: [email protected] 250 OK
S: R:
RCPT To: 250 OK
S: R:
RCPT To: [email protected] 550 No such user here
S: R:
RCPT To: 250 OK
S: R: S: S: S: S: R:
DATA 354 Start mail input: end with message text message text message text_etc 250 OK
[email protected]
}
User bob does not have a mailbox at ltree.psi.com
[email protected]
R = SMTP receiver S = SMTP sender The mail is being sent to [email protected] and [email protected]. Note that the mailbox [email protected] does not exist, so an error message (550 status code) is returned to indicate that there is no such user. The mail server responds to all other commands with a status code of 250. SMTP-related standards document are described in table 13.5
Table 13.5 SMTP-Related Standard RFCs
BRBRAITT Nov-2006
5
“DATA NETWORK” FOR JTOs PH-II : SMTP
Protocol
Name
Status
RFC#
STD#
SMTP
Simple Mail Transfer Protocol SMTP Service Ext for Message Size SMTP service Extensions Format of Electronic Mail Message
Rec
821
10
Rec
1870
10
Rec
1869
10
Rec
822
11
SMTP-SIZE SMTP-EXT MAIL
Post Office Protocol Version 3 (POP3) SMTP expects the destination host --- the mail server receiving the mail --- to be online; otherwise, a TCP connection cannot be established with the destination host. For this reason, it is not practical to establish an SMTP session with a desktop for receiving mail because desktop workstations are often turned off at the end of the day. In many network environments, SMTP mail is received by a SMTP host that is always active on the network (see fig. 13.6). This SMTP host provides a maildrop service. Workstations interact with the SMTP host and retrieves messages by using a client/server mail protocol, such as POP3 (Post Office Protocol version 3) described in RFC 1939. POP3 uses the TCP transport protocol, and the POP3 server listens on its well-known TCP port number 110. Although POP3 is used to download messages from the server, SMTP is still used to forward messages from the workstation user to its SMTP mail server. Table 13.6 through 13.8 list the POP3 command based on the RFC 1939 specification. Although the USER and PASS commands (see table 13.7) are listed as optional commands in RFC 1939, most POP3 implementations support these commands. The reason why USER/PASS can be regarded as optional is because they can be replaced by the MD5 (Message Digest version 5) authentication method used in the APOP command.
Figure 13.6 POP3 client/ server architecture. (Courtesy Learning Tree)
BRBRAITT Nov-2006
6
“DATA NETWORK” FOR JTOs PH-II : SMTP
POP3 server
110 SMTP TCP
POP3 client
IP
TCP/IP Internet
TCP IP User agent
• Message Transfer Agent (MTA) is run on a computer with more resources than that available to the workstation. -- offers a “maildrop” service to smaller nodes, such as workstations • POP3 provides dynamic access to maildrop server.
BRBRAITT Nov-2006
7
“DATA NETWORK” FOR JTOs PH-II : SMTP
Table 13.6 Required POP3 Commands Command
Meaning
STAT
This command is used to specify a positive response consisting of +OK followed by a single space, the number of messages in the mail drop, a single space, and the size of the mail drop in octets. Example response: +OK msgid size.
LIST (msg)
When a message number is specified, the POP3 server returns the scan listing for the message, such as its message number and size. When no message number is specified, a positive response is returned; and then the response goes multiple, where each line contains a scan listing of all messages waiting at the mailbox.
RETR msg
This command is used to retrieve a list of messages waiting for the user mailbox at the POP3 server. The POP3 server issues an initial positive response of +OK, and then the response given is multiline. After the initial +OK, the POP3 server sends the multiline message corresponding to the specified message number. If a message cannot be found, the +ERR response is returned.
DELE msg
This command marks the specified message as deleted.
NOOP
This command means No Operation. The POP3 server does nothing; it merely replies with a positive response of +OK. This command can be used as a diagnostic to check whether the POP3 connection is OK.
RSET
This command unmarks any messages that have been marked as deleted by the POP33 server. The POP3 server then replies with a positive response of +OK. Example response: +OK mail drop has 3 messages (430 octets)
QUIT
The POP3 server removes all messages marked as deleted from the mail drop and issues the following replies to the status of this operation: +OK or -ERR. The POP3 server releases any exclusive- access lock on the mail drop and closes the TCP connection.
Table 13.7
BRBRAITT Nov-2006
8
“DATA NETWORK” FOR JTOs PH-II : SMTP
Optional POP3 commands Command USER name
Meaning This command is used to specify the name string to identify a mailbox.
PASS string
This command specifies password for the user name.
TOP msg n
The POP3 server sends an +OK response followed by the headers of the specific message, msg, than a blank line followed by n lines in the indicated message body. If the number of lines requested by the POP3 client is greater than the number of lines in the message body, the POP3 server sends the entire message.
UIDL [msg]
This command is used to return a unique identifier listing (UIDL) for the message. The POP3 server sends an +OK response with a line containing information for that message. This line is called a unique ID listing for that message. If no argument is given, the POP3 server issues a +OK positive response and then the response goes multiline. After the initial +OK for each message in the mail drop, the POP3 server responds with a line containing information for that message. A UIDL consists of a message number of the message followed by a single space and then the unique ID of the message.
APOP name digest
The name in a string that identifies the mailbox, and digest is the MD5 (Message Digest version 5) digest string. This command is used to provide an alternative authentication method to the normal USER/PASS exchange, which is sent as clear as text. The APOP authentication method provides for both origin authentication and reply protection. More importantly, with APOP, the password is not sent in the clear over the network.
BRBRAITT Nov-2006
a
server/mailbox-specific
9
“DATA NETWORK” FOR JTOs PH-II : SMTP
Table 13.8 POP3 Server Replies Command
Meaning
+OK -ERR
Command was executed correctly Command execution resulted in error
Figure 13.7 shows a simple interaction between a POP3 client and a POP server. The interaction uses some of the commands listed in table 13.6 though 13.8. Figure 13.7 POP3 sample session. (Courtesy Learning Tree) Example POP3 Session S: <wait for connection on TCP port 110> C: S: +OK dewey POP3 server ready (comments to: PostMaster @ UDEL.EDU) C: USER kss S: +OK kss is a real happy frood C: PASS mypassword S: +OK kss’s maildrop has7 messages (1729 octets) C: STAT S: +OK 7 1729 C: LIST S: +OK 7 messages (1729 octets) S: 1 340 msgid S: 2 512 message size : S: 7 59 S: • Multiline termination C: RETR 1 S: +OK 340 octets . POP3 server sends message 1 S: • C: QUIT S: +OK dewey POP3 server signing off C: S: <wait for next connection>
Connection state
Authorization state
Transaction State • • • •
STAT LIST msg RETER msgid DELE msgid
Update state
S = POP server C = POP3 client
BRBRAITT Nov-2006
10
“DATA NETWORK” FOR JTOs PH-II : SMTP
This simple POP3 session shows that the POP3 session initially enters into a connection state. In this connection state, the TCP connection with the POP3 server is established. Next, the POP3 session enters into the authentication state. In this state, the user must provide a user name and password to be authenticated by the POP3 server. In earlier POP3 implementations, the user name and password authentication information is sent to clear text and is susceptible to compromise, which means that someone examining the POP3 packet can trace & discover the user name and password combination. In POP3 as specified in RFC 1939, an alternative, more secure authentication method based on MD5 can be used. After the user has been authorized, the POP3 session enters the transaction state. In the transaction state, a number of commands --- such as STAT, LIST, RETR, DELE, RSET, and so on --- can be issued. In figure 13.7, the POP3 client issues a STAT command, and the server returns the number of messages with a total size (1,729 octets) of these messages. The POP3 client then uses the LIST command to ask for a list of all the messages. The POP3 server returns the message numbers for each message and its corresponding size. The client then issues the RETR command and specifies each message identifier that is to be downloaded. Depending on the setting at the POP3 client, the POP3 client may issue a DELE command to delete a message that has been retrieved. After the message has been downloaded, the POP3 session enters the update state. In the update state, the POP3 client issues a QUIT command to close the connection. Both POP3 client and POP3 server may then update their internal states to reflect the new count of messages in their respective mailboxes. The TCP connection is then closed.
BRBRAITT Nov-2006
11