Transcript Slide 1
SIMPLE MAIL TRANSFER PROTOCOL SECURITY Bhavesh Jadav Mayur Mulani Guided By Prof : Richard Sinn Introduction • Simple Mail Transfer Protocol is the standard e-mail protocol on the Internet and part of the TCP/IP protocol suite. SMTP defines the message format and the message transfer agent (MTA), which stores and forwards the mail. SMTP was originally designed for only plain text (ASCII text), but MIME and other encoding methods enable executable programs and multimedia files to be attached to and transported with the e-mail message. • SMTP is a relatively simple, text-based protocol, where one or more recipients of a message are specified and then the message text is transferred. SMTP uses TCP port 25. Purpose • The primary purpose of SMTP is to transfer email between mail servers. However, it is critical for email clients as well. In order to send email, the client sends the message to an outgoing mail server, which in turn contacts the destination mail server for delivery. For this reason, it is necessary to specify an SMTP server when configuring an email client. • One important point to make about the SMTP protocol is that it does not require authentication. This allows anyone on the Internet to send email to anyone else or even to large groups of people. It is this characteristic of SMTP that makes junk email or spam possible. Basic Architecture SMTP Model Operation • When an SMTP client has a message to transmit, it establishes a twoway transmission channel to an SMTP server. The responsibility of an SMTP client is to transfer mail messages to one or more SMTP servers. • Once the transmission channel is established and initial handshaking completed, the SMTP client normally initiates a mail transaction. Such a transaction consists of a series of commands to specify the originator and destination of the mail and transmission of the message content (including any headers or other structure) itself. Operation (contd..) • The server responds to each command with a reply; replies may indicate that the command was accepted, that additional commands are expected, or that a temporary or permanent error condition exists. • Once a given mail message has been transmitted, the client may either request that the connection be shut down or may initiate other mail transactions. Basic Commands SMTP defines a small required command set, with several optional commands included for convenience purposes. The minimal set required for an SMTP sending client are: • • • • • • • HELO - Initial State Identification MAIL- Mail Sender Reverse Path RCPT - One Recipient’s Forward Path DATA - Mail Message Text State RSET - Abort Transaction and Reset all buffers NOOP - No Operation QUIT- Commit Message and Close Channel SMTP PROCEDURE There are three steps in SMTP mail transactions. • The transaction is started with a MAIL command which gives the sender identification. If accepted the receiver-SMTP returns a 250 OK reply. • A series of one or more RCPT commands follows giving the receiver information. If accepted, the receiver-SMTP returns a 250 OK reply, and stores the forward-path. If the recipient is unknown the receiver-SMTP returns a 550 Failure reply. • Then a DATA command gives the mail data. If accepted, the receiver-SMTP returns a 354 Intermediate reply and considers all succeeding lines to be the message text. And finally, the end of mail data indicator confirms the transaction. When the end of text is received and stored the SMTP-receiver sends a 250 OK reply. Example of SMTP Procedure This SMTP example shows mail sent by Smith at host Alpha.ARPA, to Jones, Green, and Brown at host Beta.ARPA. S: MAIL FROM:[email protected] R: 250 OK S: RCPT TO:[email protected] R: 250 OK S: RCPT TO:[email protected] R: 550 No such user here S: RCPT TO:[email protected] R: 250 OK S: DATA R: 354 Start mail input; end with <CRLF>.<CRLF> S: Blah blah blah... S: ...etc. etc. etc. S: <CRLF>.<CRLF> R: 250 OK SMTP Security • Internal Mail Server – Plain Text Message – Actual Time Delivery • Mail Access – POP/IMAP – HTTPS SMTP Security Issues • No authentication – Spamming – Unauthorized use of relaying, DoS • All communication done in plaintext – Eavesdropping – Man in the middle attacks • VRFY, EXPN commands SMTP Security Issues • SMTP-AUTH: – An extension that adds access control to SMTP – A client may: • indicate an authentication mechanism to the server • perform an authentication protocol exchange • optionally negotiate a security layer for subsequent protocol interactions SMTP-AUTH • SMTP-AUTH: – Only legitimate users can relay mail – Does not guarantee authenticity of envelope header or message header – Spoofing is still possible – The receiver can not tell if the sender was authenticated SMTP-AUTH • Based on Simple Authentication and Security Layer (SASL-RFC-2222) • SASL uses plugins to define authentication mechanisms: – Plaintext password: PLAIN – Shared secret:CRAM-MD5, DIGEST-MD5 – Kerberos: KERBEROS_V4, GSSAPI SMTP-AUTH • • • • • • • • S: 220 smtp.example.com ESMTP server ready C: EHLO jgm.example.com S: 250-smtp.example.com S: 250 AUTH CRAM-MD5 DIGEST-MD5 C: AUTH FOOBAR S: 504 Unrecognized authentication type. C: AUTH CRAM-MD5 S: 334 PENCeUxFREJoU0NnbmhNWitOMjNGNndAZWx3b29kLmlubm 9zb2Z0LmNvbT4= • C: ZnJlZCA5ZTk1YWVlMDljNDBhZjJiODRhMGMyYjNiYmFlNzg 2ZQ== • S: 235 Authentication successful. SMTP-AUTH • AUTH verb can also be applied to mail from: verb • Allows trusted entities to communicate authentication of individual messages • AUTH=<> : not authenticated – C: MAIL FROM:<[email protected]> [email protected] – S: 250 OK SMTP-AUTH • Spoofing is still a problem • Subject to man-in-the-middle attack • Does not provide user authentication, only delivery authentication • Subject to brute force attacks when username – password schemes are used Secure SMTP over TLS • Private, authenticated communication between client and server • Defines a new verb, STARTTLS – Takes no parameters – Used to tell client that the server is TLS capable – Used to start a TLS handshake by client Secure SMTP over TLS • Sample communication: – – – – – – – – – – – – S: <waits for connection on TCP port 25> C: <opens connection> S: 220 mail.imc.org SMTP service ready C: EHLO mail.ietf.org S: 250-mail.imc.org offers a warm hug of welcome S: 250 STARTTLS C: STARTTLS S: 220 Go ahead C: <starts TLS negotiation> C & S: <negotiate a TLS session> C & S: <check result of negotiation> C: <continues by sending an SMTP command> . . . Secure SMTP over TLS • If security level is enough: – All info before handshake is discarded – Client should send a EHLO again: • The server may report different services • Security considerations: – Not end-to-end • SMTP is not end-to-end • The entire chain has to be made secure – Does not indicate authentication for the receiving client Secure SMTP over TLS • Decision on adequateness of security – Must be made locally – Implementation dependent • Susceptible to man-in-the-middle attack: – The STARTTLS response from server may be deleted by an eavesdropper – Client never knows that server is TSL capable Secure SMTP over TLS • Solution to man-in-the-middle attack: – Client records if a server offers TLS – Generates a warning if it is not offered in later sessions • Can not be used to authenticate author: – Every chain needs to be authenticated – Other mechanisms are used for this purpose • PGP, MIME, etc. Securing Email • PGP is a key encryption program mainly intended for email privacy and authentication. • PGP email encryption uses asymmetric key encryption algorithms. • MIME is used to provide authentication, digital signature, data security ,privacy, message integrity and encryption for messages PGP Plain text Message Signature Required? Received Message Yes Generate Signature Confidentiality required? Yes Decrypt the Message No No Compress the Message Confidentiality required? Decompress the Message Yes Encrypt the Message Signature Required? No No Message Ready to send Message Ready to use Yes Verify Signature Conclusion • Spamming is a serious issue – Open mail relays – Open proxies – Worms that make servers vulnerable • Methods presented here do not provide end-toend security – PGP, MIME must be used Any Queries? Thank You!