Email Protocols and Troubleshooting
Download
Report
Transcript Email Protocols and Troubleshooting
Email Protocols and
Troubleshooting
Brandon Checketts
Components of an Email System
Mail Transport Agent (MTA)
Mail User Agent (MUA)
Local Delivery Agent (LDA)
..others??
Common Email Protocols
Sending Mail:
SMTP (Simple Mail Transport Protocol)
Servers include Sendmail, Postfix, Exim, Qmail
Receiving Mail
IMAP (Internet Message Access Protocol)
POP3 (Post Office Protocol v3)
Servers Include Dovecot, Courier, Qmail
SMTP Design
Delivers a message from one machine to
another
Became popular in the 1980’s (as complement to
UUCP)
Used for outgoing messages from a sender to
their outgoing mail server
Communication between mail servers on the
Internet
Typically listens on TCP Port 25
and also on 587 and 465
SMTP Servers
Sendmail
Postfix
Generaly available, semi-complicated to configure
Qmail
Widely available, semi-straightforward
Exim
Widely available, complicated to configure (M4 macros, etc)
The term ‘sendmail’ is used in multiple contexts
Generally available, completely different than most other *nix
servers
(These are my opinions - your mileage may vary)
SMTP Uses
If ever configuring a mail server, try to separate these two types of services
Outgoing Mail Server
Should have some kind of authentication
Queue messages when receiving server is unavailable
Sends bounce message to sender after retrying delivery
Incoming Mail Server (or MX server)
Receives incoming messages from the Internet
Delivers message to a mailbox
(Should never send a bounce)
Basic SMTP Commands
HELO (and EHLO)
MAIL FROM
RCPT TO
DATA
QUIT
Response Codes
2xx (Success)
4xx (Temporary Failure)
5xx (Permanent Failure
Simple SMTP Session
[root@xpgrinders ~]# telnet filter1.roundsphere.com 25
Trying 64.18.6.14...
Connected to filter1.roundsphere.com.
Escape character is '^]'.
220 Postini ESMTP <snip…>rtisements.
ehlo example.com
250-Postini says hello back
250-STARTTLS
250-8BITMIME
250 HELP
mail from:<[email protected]>
250 Ok
rcpt to:<[email protected]>
250 Ok
data
354 Feed me
Subject: This is a test
From: "Brandon Testing" <[email protected]>
To: "Brandon Testing Again" <[email protected]>
this is my message
.
250 Thanks
quit
221 Catch you later
Simple SMTP Session (Big #1)
[root@xpgrinders ~]# telnet
filter1.roundsphere.com 25
Trying 64.18.6.14...
Connected to filter1.roundsphere.com.
Escape character is '^]'.
220 Postini ESMTP <snip…>rtisements.
ehlo example.com
250-Postini says hello back
250-STARTTLS
250-8BITMIME
250 HELP
mail from:<[email protected]>
250 Ok
Simple SMTP Session (Big #2)
rcpt to:<[email protected]>
250 Ok
data
354 Feed me
Subject: This is a test
From: "Brandon Testing" <[email protected]>
To: "Brandon Testing" <[email protected]>
This is my message
.
250 Thanks
quit
221 Catch you later
Weaknesses and Extensions
No Sender Authentication
Unencrypted
SSL and TLS
Text-Only
SMTP Auth
MIME
Bounces
SPAM
SPF and DKIM
POP3 Protocol
Retrieves messages from a mail server
Typically, messages are downloaded to your mail
client, and deleted from the server
Designed for use with dial-up connections when
people were intermittently connected
Listens on Port 110 (with Secure POP generally
on port 995)
Sample POP3 Session
[root@xpgrinders ~]# telnet mail.roundsphere.com 110
Trying 206.71.88.102...
Connected to mail.roundsphere.com.
Escape character is '^]'.
+OK Dovecot ready.
user [email protected]
+OK
pass letmein
+OK Logged in.
list
+OK 1 messages:
1 482
.
retr 1
+OK 482 octets
<snip>Message Headers</snip>
This is my short message
.
quit
+OK Logging out.
IMAP Protocol
Listens on port 143 (IMAP/SSL on port
993)
Mail stays on the server. Mail Client
caches information locally
Extremely useful for multiple users,
multiple machines, Webmail, etc
Searches are done on the server
Sample IMAP Session
[root@xpgrinders ~]# telnet mail.roundsphere.com 143
Trying 206.71.88.102...
Connected to mail.roundsphere.com.
Escape character is '^]'.
* OK Dovecot ready.
A1 LOGIN [email protected] letmein
A1 OK Logged in.
A2 SELECT Inbox
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
* OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted.
* 1 EXISTS
* 0 RECENT
* OK [UIDVALIDITY 1225333589] UIDs valid
* OK [UIDNEXT 2] Predicted next UID
A2 OK [READ-WRITE] Select completed.
A3 FETCH 1 BODY[HEADER]
* 1 FETCH (BODY[HEADER] {454}
<snip> Message Header Delivered</snip>
A3 OK Fetch completed.
A4 LOGOUT
* BYE Logging out
A4 OK Logout completed.
Connection closed by foreign host.
SPAM & Phishing
SMTP has no built-in way to verify the
legitimacy of the message
Anybody can say they are anybody else
SMTP is far too prolific to try to replace it
(demonstrate sending an email as PayPal)
Fighting Spam
Greylisting
Content Filtering
This can get to be incredibly CPU intensive
DNS-based Blacklists
Consider Appliances and Outsourced
Services
SPF and SenderID
Concept is to validate the path the message took
SPF Record published in DNS gives a list of the
servers authorized to send email for a given
domain
Fairly Simple to create
SPF Record Looks Like:
v=spf1 a a:mail.domain.com ~all
SPF Wizard at http://www.openspf.org/
DomainKeys / DKIM
Cryptographic Hash to sign messages
Public Key and policy information is distributed
via DNS
Private key is used to sign the message, and
certain headers (From, To, Subject, etc)
Recipients use public key to verify authenticity of
the message
Verifies a legitimate sender, and is not
concerned about the path it took to get there.
Fairly complicated to set-up
Sample DKIM Header
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed;
d=brandonchecketts.com;
h= subject:to:message-id:date:from;
s=mail;
bh=t4KP+oqmtYCr/TS32vUW oYU+80M=;
b=E2UmQVoQVm+XMopufIQ6bjnfN9as7R6R7x8i
pJpLn/Xm+SM/fvt4
lV81G2Bt1hisa3V2SP+emw2ecpImC27o+olMA1X
shTARGdUepTFWermUZ0WAaIt4
rWwqv+hpVd/r3RNkRmS+kNZv5uZYQ5PeulOHM
BHvH4Q5R9XDWIe6MiU=
For More Information
Wikipedia!
If Time Permits
Demonstrate Encrypted SMTP/POP
Sessions
Demonstrate Postfix / Dovecot Config Files
Discuss Webmail?
Making Sense out of message headers