Introduction to Unix

SMTP Simple Mail Transfer Protocol

Overview
Some SPAM Statistics Introduction to SMTP and Email Message Breakdown Sample Messages Extensions (MIME) MTAs and Mailbox Protocols

1st What is SMTP?

The de facto standard for e-mail transmissions across the Internet It is defined in RFC 821 It is a relatively simple, text-based protocol Not entirely secure thus vulnerable to SPAM

Email Spam Statistics 2006

Email considered Spam 40% of all email Daily Spam emails sent 12.4 billion Daily Spam received per person 6 Annual Spam received per person 2,200 Spam cost to all non-corp Internet users $255 million Spam cost to all U.S. Corporations in 2002 $8.9 billion States with Anti-Spam Laws 26 Email address changes due to Spam 16% Estimated Spam increase by 2007 63% Annual Spam in 1,000 employee company 2.1 million Users who reply to Spam email 28% Users who purchased from Spam email 8% Corporate email that is considered Spam 15-20% Wasted corporate time per Spam email 4-5 seconds

Zombies/Bots
A zombie computer (often shortened as zombie) is a computer attached to the Internet that has been compromised by a hacker, a computer virus, or a Trojan horse. Generally, a compromised machine is only one of many in a botnet, and will be used to perform malicious tasks of one sort or another under remote direction. Most owners of zombie computers are unaware that their system is being used in this way. Because the owner tends to be unaware, these computers are metaphorically referred to as zombies. Zombies have been used extensively to send e-mail spam; as of 2005, an estimated 5080% of all spam worldwide was sent by zombie computers This allows spammers to avoid detection and presumably reduces their bandwidth costs, since the owners of zombies pay for their own bandwidth. This spam also greatly furthers the spread of Trojan horses; as Trojans, like viruses are not self-replicating, unlike worms, they rely on the movement of e-mails or spam to grow.

Zombie Hot Spots

Rank 1 2 3 4 5 6 7 8 9 10 Domain # Zombies ttnet.net.tr 46,600 veloxzone.com.br 46,524 tpnet.pl 39,329 telesp.net.br 38,623 brasiltelecom.net.br 32,046 ukrtel.net 25,141 telecomitalia.it 24,313 asianet.co.th 22,200 airtelbroadband.in 18,017 verizon.net 17,100

SMTP
Originated in 1982 (rfc0821, Jon Postel) Goal: To transfer mail reliably and efficiently

SMTP
SMTP clients and servers have two main components

User Agents Prepares the message, encloses it in an envelope. (Eudora for example) Mail Transfer Agent (MTA) Transfers the mail across the internet

SMTP
SMTP also allows the use of Relays allowing other MTAs to relay the mail

What is Mail?
Mail is a text file Envelope

sender address receiver address other information Mail Header defines the sender, the receiver, the subject of the message, and some other information Mail Body Contains the actual information in the message

Message

Post Office Mailbox

Return-Path: <Jwatson@cis.udel.edu> Delivered-To: jwatson@cis.udel.edu

Post office

and mail route

Received: by mail.eecis.udel.edu (Postfix, from userid 62) id 17FBD328DE; Wed, 5 Nov 2003 11:27:02 Received: from mail.acad.ece.udel.edu (devil-rays.acad.ece.udel.edu [128.4.60.10]) by mail.eecis.udel.edu (Postfix) with ESMTP id 5F41832893 for <Jwatson@cis.udel.edu>; Wed, 5 Nov 2003 11:27:01 Received: by mail.acad.ece.udel.edu (Postfix, from userid 62)id 47509456C; Wed, 5 Nov 2003 11:27:01 Received: from stimpy.eecis.udel.edu(stimpy.eecis.udel.edu [128.4.40.17])by mail.acad.ece.udel.edu (Postfix) with SMTP id 7C2943D79 for <Jwatson@cis.udel.edu>; Wed, 5 Nov 2003 11:26:34

Receivers Mailbox

Message-Id: <20031105162634.7C2943D79@mail.acad.ece.udel.edu> Date: Wed, 5 Nov 2003 11:26:34 From: Jwatson@cis.udel.edu To: undisclosed-recipients: ; MIME-Version: 1.0 This is a test.

How SMTP works

The Essentials
Keyword HELO MAIL FROM: Arguments Senders Host Domain Name Email Address of sender

RCPT TO: DATA QUIT

Email of Intended recipient Body of the message

How about a Demo?

Status Codes
The Server responds with a 3 digit code that may be followed by text info

2## - Success 3## - Command can be accepted with more information 4## - Command was rejected, but error condition is temporary 5## - Command rejected, Bad User!

Status Codes
211 System status, or system help reply . 214 Help message. 220 <domain> Service ready. 221 <domain> Service closing transmission channel. 250 Requested mail action okay, completed. 251 User not local; will forward to <forward-path>. 354 Start mail input; end with <CRLF>.<CRLF>. 421 <domain> Service not available, closing transmission channel. [This may be a reply to any command if the service knows it must shut down]. 450 Requested mail action not taken: mailbox unavailable. 451 Requested action aborted: local error in processing 452 Requested action not taken: insufficient system storage.

Status Codes
500 Syntax error, command unrecognized. [This may include errors such as command line too long] 501 Syntax error in parameters or arguments. 502 Command not implemented. 503 Bad sequence of commands. 504 Command parameter not implemented. 550 Requested action not taken: mailbox unavailable. 551 User not local; please try <forward-path>. 552 Requested mail action aborted: exceeded storage allocation. 553 Requested action not taken: mailbox name not allowed. [E.g., mailbox syntax incorrect] 554 Transaction failed.

Connection Establishment
TCP Connection Establishment

Message Progress

Connection Termination

TCP Connection Termination

Problems with SMTP

No inherent security

Authentication Encryption

Only uses NVT (Network Virtual Terminal) 7-bit ASCII format

E-mails can be forged..

HELO mail.rose.edu MAIL FROM: carberry@rose.edu RCPT TO: wrichards@rose.edu DATA From: Dr. Art Zenner To: Professor Richards Subject: CIT 2243 Professor Richards, By department decree all students in your Introduction to Unix class are hereby to be granted automatic As. Thank you, Dr. Art Zenner . QUIT

Extensions to SMTP
MIME Multipurpose Internet Mail Extensions

Transforms non-ASCII data to NVT (Network Virtual Terminal) ASCII data

Text Application Image Audio Video

MIME and Base64 Encoding

If the internet is the information highway, then the path for email is a narrow tunnel

Only very small vehicles can pass trough

Then how do you send a big truck through a small ravine?

You have to break it down to smaller pieces and transport the pieces through the ravine, and reassemble the truck

MIME and Base64 Encoding

The same happens when you send a file attachment via email. This is known as encoding

the binary data (256 bits) is transformed to ASCII text (128 bits allowing it to fit through the tunnel

On the recipient's end, the data is decoded and the original file is rebuilt.

Mail Transfer Agents (MTA)

MTAs do the actual mail transfers MTAs are not meant to be directly accessed by users. Other MTAs are:

Postfix Qmail MS Exchange CC:Mail Lotus Notes .etc.

Problems with simple SMTP

The first one relates to message length. Some older implementations cannot handle messages exceeding 64KB. Another problem relates to timeouts. If the Client and server have different timeouts, one of them may give up while the other is still busy, unexpectedly terminating the connection. Infinite mail storms can be triggered. For example, If host 1 holds mailing list A and host 2 holds mailing list B and each list contains an entry for the other one, then a message sent to either list could generate a never ending amount of email traffic unless somebody checks for it.

ESMTP (RFC 2821)

To get around the problems with simple SMTP, extended SMTP has been defined in RFC 2821. Clients wanting to use it should send an EHLO message instead of HELO initially. If this is rejected, then the server is a regular SMTP server, and the client should proceed in the usual way. If the EHLO is accepted, then new commands and parameters are allowed.

Next week.Sendmail