SMTP: Simple Mail Transport Protocol

The SMTP protocol us used to transmit email from one server (or client) to another server. It is a simple text-based conversation that is used, therefore, no binary data (executable files, pictures, MP3 files) can be directy transmitted via SMTP. (More on that later).

Communications

You can run an SMTP conversation yourself using the “telnet” command. Simply telnet to port 25 on the mail server you wish to send mail to. Then you can follow this basic conversation. Your lines are in bold. 

telnet globeclubs.com 25
Trying 199.105.102.140...
onnected to globelists.com
Escape charactier is '^]'.
220 globelists.com ESMTP
HELO theglobe.com
250 globelists.com
MAIL FROM: afair@theglobe.com
250 ok
RCPT TO: afair@globeclubs.com
250 ok
DATA
354 go ahead
From: afair@theglobe.com
To: afair@globeclubs.com
Subject: SMTP Test    

Hello, Email World!
.
250 ok 969304804 qp 16376
QUIT
221 globelists.com
Connection closed by foreign host.

First, you establish the connection with the SMTP server, then introduce yourself (HELO), then give the sender’s email address (MAIL FROM:) and the recipient’s email address (RCPT TO:). The sender and recipient establish the envelope for the mail message. The envelope contains the information used to delivery and bounce the message. The mail message itself is sent (DATA, the message, and terminated by a period (.)). Note that the mail headers inside the message (To:, From:, etc) is completely arbitrary to the mail system. It is only intepreted by mail clients (and application), not the mail server. When the message is placed in the Qmail mail queue, the message appears (250 ok 969304804 qp 16376) with the timestamp and the qmail queue process id (used to give the message number to qmail). If the message can not be delivered, the system will bounce the message to the “return path” in the envelope (the address identified in the “RCPT TO.” line. Note that this return path may not always be the sender; it can be an address where bounces can be tracked and processed.

Also Note that the Sender and Recipient addresses in the envelope are not necessarily the same as those in the To: and From: fields in the mail header. This is how spam happens. It is also used to forge email addresses. As you can see, there is no direct verification that the sender is the domain it claims to be, and that the user or email addresses are valid. The only piece of information you can rely on is the “RCPT TO:” field because that is what gets the message delivered... and that isn’t of much value! Most mail clients and servers do not keep the envelope information after the mail has been delivered to the mailbox or application.

This also shows how email can not be considered a secure information transfer system. First, the sender can not be absolutely verified. Although, with reverse DNS lookup and an identd check, you can get more resonably assured of the sender. This consumes a lot of resources and is not usually turned on. Secondly, the text is sent as clear text, which can be read by any processs anywhere over the network the mail data travels. For this reason, do not send passwords, credit card numbers, or any other personal and confidentail data.

 
qmail/smtp.txt · Last modified: 2005/07/17 14:44 by allen