Transcript Simple Mail Transfer Protocol

Introduction to Unix
SMTP – Simple Mail Transfer Protocol
Overview
Some SPAM Statistics
Introduction to SMTP and Email
Message Breakdown
Sample Messages
Extensions (MIME)
MTA’s and Mailbox Protocols
1st – What is SMTP?
The de facto standard for e-mail
transmissions across the Internet
It is defined in RFC 821
It is a relatively simple, text-based protocol
Not entirely secure thus vulnerable to
SPAM
Email Spam Statistics 2006














Email considered Spam 40% of all email
Daily Spam emails sent 12.4 billion
Daily Spam received per person 6
Annual Spam received per person 2,200
Spam cost to all non-corp Internet users $255 million
Spam cost to all U.S. Corporations in 2002 $8.9 billion
States with Anti-Spam Laws 26
Email address changes due to Spam 16%
Estimated Spam increase by 2007 63%
Annual Spam in 1,000 employee company 2.1 million
Users who reply to Spam email 28%
Users who purchased from Spam email 8%
Corporate email that is considered Spam 15-20%
Wasted corporate time per Spam email 4-5 seconds
Zombies/Bots
A zombie computer (often shortened as zombie) is a computer
attached to the Internet that has been compromised by a hacker, a
computer virus, or a Trojan horse.
Generally, a compromised machine is only one of many in a botnet,
and will be used to perform malicious tasks of one sort or another
under remote direction. Most owners of zombie computers are unaware
that their system is being used in this way. Because the owner tends to
be unaware, these computers are metaphorically referred to as
zombies.
Zombies have been used extensively to send e-mail spam; as of 2005,
an estimated 50–80% of all spam worldwide was sent by zombie
computers This allows spammers to avoid detection and presumably
reduces their bandwidth costs, since the owners of zombies pay for
their own bandwidth. This spam also greatly furthers the spread of
Trojan horses; as Trojans, like viruses are not self-replicating, unlike
worms, they rely on the movement of e-mails or spam to grow.
Zombie Hot Spots
Rank
1
2
3
4
5
6
7
8
9
10
Domain
# Zombies
ttnet.net.tr
46,600
veloxzone.com.br
46,524
tpnet.pl
39,329
telesp.net.br
38,623
brasiltelecom.net.br
32,046
ukrtel.net
25,141
telecomitalia.it
24,313
asianet.co.th
22,200
airtelbroadband.in
18,017
verizon.net
17,100
SMTP
Originated in 1982 (rfc0821, Jon Postel)
Goal: To transfer mail reliably and efficiently
SMTP
SMTP clients and
servers have two
main components


User Agents –
Prepares the
message, encloses it
in an envelope.
(Eudora for example)
Mail Transfer Agent
(MTA) – Transfers the
mail across the
internet
SMTP
SMTP also allows the use of Relays allowing
other MTAs to relay the mail
What is Mail?
Mail is a text file
Envelope –



sender address
receiver address
other information
Message –


Mail Header – defines
the sender, the
receiver, the subject of
the message, and
some other
information
Mail Body – Contains
the actual information
in the message
Post Office
Mailbox
Post office
and mail route
Receivers
Mailbox
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: by mail.eecis.udel.edu (Postfix, from userid 62)
id 17FBD328DE; Wed, 5 Nov 2003 11:27:02
Received: from mail.acad.ece.udel.edu
(devil-rays.acad.ece.udel.edu [128.4.60.10])
by mail.eecis.udel.edu (Postfix) with ESMTP id
5F41832893 for <[email protected]>; Wed, 5
Nov 2003 11:27:01
Received: by mail.acad.ece.udel.edu (Postfix, from userid
62)id 47509456C; Wed, 5 Nov 2003 11:27:01
Received: from stimpy.eecis.udel.edu(stimpy.eecis.udel.edu
[128.4.40.17])by mail.acad.ece.udel.edu (Postfix)
with SMTP id 7C2943D79 for
<[email protected]>; Wed, 5 Nov 2003 11:26:34
Message-Id:
<[email protected]>
Date: Wed, 5 Nov 2003 11:26:34
From: [email protected]
To: undisclosed-recipients: ;
MIME-Version: 1.0
This is a test.
How SMTP works
The Essentials
Keyword
Arguments
HELO
MAIL FROM:
Sender’s Host Domain Name
Email Address of sender
RCPT TO:
DATA
QUIT
Email of Intended recipient
Body of the message
How about a Demo?
Status Codes
The Server responds with a 3 digit code
that may be followed by text info




2## - Success
3## - Command can be accepted with
more information
4## - Command was rejected, but error
condition is temporary
5## - Command rejected, Bad User!
Status Codes
211 System status, or system help reply .
214 Help message.
220 <domain> Service ready.
221 <domain> Service closing transmission channel.
250 Requested mail action okay, completed.
251 User not local; will forward to <forward-path>.
354 Start mail input; end with <CRLF>.<CRLF>.
421 <domain> Service not available, closing transmission channel.
[This may be a reply to any command if the service knows it
must shut down].
450 Requested mail action not taken: mailbox unavailable.
451 Requested action aborted: local error in processing
452 Requested action not taken: insufficient system storage.
Status Codes
500 Syntax error, command unrecognized. [This may include errors
such as command line too long]
501 Syntax error in parameters or arguments.
502 Command not implemented.
503 Bad sequence of commands.
504 Command parameter not implemented.
550 Requested action not taken: mailbox unavailable.
551 User not local; please try <forward-path>.
552 Requested mail action aborted: exceeded storage allocation.
553 Requested action not taken: mailbox name not allowed.
[E.g., mailbox syntax incorrect]
554 Transaction failed.
Connection Establishment
TCP Connection
Establishment
Message Progress
Connection Termination
TCP Connection Termination
Problems with SMTP
No inherent security


Authentication
Encryption
Only uses NVT (Network Virtual Terminal)
7-bit ASCII format
E-mails can be forged…..
HELO mail.rose.edu
MAIL FROM: [email protected]
RCPT TO: [email protected]
DATA
From: Dr. Art Zenner
To: Professor Richards
Subject: CIT 2243
Professor Richards,
By department decree all students in your “Introduction to
Unix” class are hereby to be granted automatic A’s.
Thank you,
Dr. Art Zenner
.
QUIT
Extensions to SMTP
MIME – Multipurpose Internet Mail Extensions

Transforms non-ASCII data to NVT (Network Virtual Terminal)
ASCII data
 Text
 Application
 Image
 Audio
 Video
MIME and Base64 Encoding
If the internet is the information
highway, then the path for email is a
narrow tunnel

Only very small vehicles can pass trough
Then how do you send a big truck
through a small ravine?

You have to break it down to smaller
pieces and transport the pieces through
the ravine, and reassemble the truck
MIME and Base64 Encoding
The same happens when you send a file
attachment via email.
This is known as encoding


the binary data (256 bits) is transformed to
ASCII text (128 bits
allowing it to fit through the tunnel
On the recipient's end, the data is
decoded and the original file is rebuilt.
Mail Transfer Agents (MTA)
MTAs do the actual mail transfers
MTAs are not meant to be directly
accessed by users.
Other MTA’s are:






Postfix
Qmail
MS Exchange
CC:Mail
Lotus Notes
….etc.
Problems with simple SMTP
The first one relates to message length. Some older
implementations cannot handle messages exceeding
64KB.
Another problem relates to timeouts. If the Client and
server have different timeouts, one of them may give up
while the other is still busy, unexpectedly terminating
the connection.
Infinite mail storms can be triggered. For example, If
host 1 holds mailing list A and host 2 holds mailing list B
and each list contains an entry for the other one, then a
message sent to either list could generate a never
ending amount of email traffic unless somebody checks
for it.
ESMTP (RFC 2821)
To get around the problems with simple
SMTP, extended SMTP has been defined in
RFC 2821.
Clients wanting to use it should send an
EHLO message instead of HELO initially. If
this is rejected, then the server is a regular
SMTP server, and the client should proceed in
the usual way. If the EHLO is accepted, then
new commands and parameters are allowed.
Next week….Sendmail