Cosc 4750 Electronic Mail SMTP Protocol

Cosc 4750 Electronic Mail

SMTP Protocol • The e-mail protocol. – There are several versions. – The basic standard protocol is RFC 821, which we are going to use. • Including some headers so standard mail reader understand the message better. – By default, the smtp server uses port 25

SMTP Protocol commands • SMTP is command based. The client issues a series of commands to the server. • Opening a connection. client opens port 25, then – client: HELO • example: HELO laptop. cs. uwyo. edu – Server: 250 Ok [may contain extra info] • example: 250 alameda. cs. uwyo. edu HELLO laptop. cs. uwyo. edu [IP number], pleased to meet you

SMTP Protocol commands (2) • clients issues from command – MAIL FROM: – example: MAIL FROM: • server responses – 250… sender ok – OR – 5 XX can't accept from sender.

SMTP Protocol commands (3) • Next, who the message is for • client: – RCPT TO: – example: RCPT TO: • server responses: – 250 … Recipient ok – OR – 5 XX user unknown • The client can issue the RCPT command several times to send the same message to multiple addresses.

SMTP Protocol commands (4) • The data section, which were we enter to bulk of the mail message. • Client – data • server responses. – 354 enter mail, end with ". " on a line by itself • client – Enter message, headers, extra information, then enter period on a line by itself example: bah. . bah….

SMTP Protocol commands (5) • Server responses – 250 … message accepted for delivery. • Finally, the client issues the quit command – quit • Server closes the connection.

smtp example C: HELO laptop. cs. uwyo. edu S: 250: HELO laptop C: MAIL FROM: S: 250 ok C: RCPT TO:

smtp example (2) From seker@uwyo. edu Mon Nov 3 19: 10: 47 2003 Return-Path: Received: from localhost (localhost [127. 0. 0. 1]) by meru. cs. uwyo. edu (SGI-8. 12. 5/8. 12. 5) with SMTP id h. A 42 A 4 R 7350019 for ; Mon, 3 Nov 2003 19: 10: 41 -0700 (MST) Date: Mon, 3 Nov 2003 19: 10: 04 -0700 (MST) From: seker@uwyo. edu Message-Id: <200311040210. h. A 42 A 4 R 7350019@meru. cs. uwyo. edu> blah… etc….

More SMTP commands • RESET – RSET, aborts current mail transaction, clears mail to, receipt, and data information stored. • NOOP – NOOP, no operation, server must respond with an OK. • Can be used to determined if the server is "still alive", if for some reasons it quits responding during the connection. • HELP – HELP, help function on the server. Does not have be implemented.

E-mail Headers • While not in the SMTP spec's clients and servers exchange more than just SMTP protocol commands. • Headers transfer information about the e-mail. Where it's been and which servers received and resent the message. – Info about the message, time/date, transport agents are listed, redirections, etc – A record of how and when a message was delivered – "Required" headers are listed in RFC 822

Some Headers • Before the main body of mail message • Subject: • To: • REPLY-TO: • CC: , … • Content type of message – examples: – Content-type: text/plain – Content-type: text/html • Extra headers – X-: • After all headers, that must be to blank lines for the clients programs to understand the headers have entered. • Client programs also add headers to your e-mail when they access the email as well.

Example of Header • • • • • From aperson@hotmail. com Tue Nov 14 12: 29: 43 2000 Received: from alameda. cs. uwyo. edu (alameda. cs. uwyo. edu [129. 72. 216. 20]) by meru. cs. uwyo. edu (SGI-8. 9. 3/8. 9. 3) with ESMTP id MAA 20335 for ; Tue, 14 Nov 2000 12: 29: 43 -0700 (MST) Received: from roper (pmdf@roper. uwyo. edu [129. 72. 10. 8]) by alameda. cs. uwyo. edu (8. 9. 3/8. 9. 3) with ESMTP id MAA 01298 for ; Tue, 14 Nov 2000 12: 29: 38 -0700 Received: from DIRECTORY-DAEMON by ROPER. UWYO. EDU (PMDF V 5. 2 -32 #33749) id <0 G 4100 C 014 TCQY@ROPER. UWYO. EDU> for seker@cs. uwyo. edu (ORCPT rfc 822; seker@uwyo. edu); Tue, 14 Nov 2000 12: 29: 37 -0700 (MST) Received: from hotmail. com (f 74. law 8. hotmail. com [216. 33. 241. 74]) by ROPER. UWYO. EDU (PMDF V 5. 2 -32 #33749) with ESMTP id <0 G 4100 C 1 U 4 TBKY@ROPER. UWYO. EDU> for seker@uwyo. edu; Tue, 14 Nov 2000 12: 29: 36 -0700 (MST) Received: from mail pickup service by hotmail. com with Microsoft SMTPSVC; Tue, 14 Nov 2000 11: 29: 33 -0800 Received: from 12. 23. 109. 98 by lw 8 fd. law 8. hotmail. msn. com with HTTP; Tue, 14 Nov 2000 19: 29: 32 +0000 (GMT)

• • • • Date: Tue, 14 Nov 2000 12: 29: 32 -0700 (MST) From: A Person Subject: Subject removed To: seker@uwyo. edu Message-id: MIME-version: 1. 0 Content-type: text/plain; format=flowed X-Originating-IP: [12. 23. 109. 98] X-Original. Arrival. Time: 14 Nov 2000 19: 29: 33. 0176 (UTC) FILETIME=[3742 A 780: 01 C 04 E 71] Status: RO X-Status: A X-Keywords: X-UID: 17247

SPAM & mass e-mailing • The same information, you just saw, is what is also used to create and send SPAM. • Can you see the problem?

Example you can try. • From a command window on your computer – telnet mailhost. uwyo. edu 25 – Send yourself an e-mail message, using the SMTP commands.

Sendmail • Currently has about 75% of the market • Versions – 8. 9. 3 to 8. 13 are current standards – 8. 11 out, default for linux systems – 8. 8. 8 Still used by some vendors – 9. 0 is in a beta version and has been for many years.

Mail Systems • Mail User Agent (MUA) – lets users read and compose mail • Mail Transport Agent (MTA) – routes messages among machines • Delivery Agent – places messages in local mailboxes • Access Agent – Connects user agent to messages (IMAP, POP)

User Agent • Your e-mail program. – basic: mail, mailx, Mail (usually same program) – mail (BSD) and Mail (sys. V) may both exist • Non-graphical – elm, pine • graphical – Rmail and VM (with emacs), mh/xmh, many more • Remote – uses pop or imap

• Transport Agents – PMDF (which roper uses), postfix, smail, qmail, exm, zmailer, and sendmail • Delivery agents – – sendmail turns to local programs mail. local or smrsh Also procmail Usually goes to /var/spool/mail or /var/mail • Access agents – imapd or popd (varying names for pop daemons)

Anatomy of a Message • Envelope – Used by sendmail to figure out where the e-mail goes • Header (RFC 822) – Info about the message, time/date, transport agents are listed, redirections, etc – A record of how and when a message was delivered • Body of the message – The message the user sent.

Mail addressing • Sendmail is about 20+ years old. • At that time, the Internet was in dozen pieces – mil nets, arpa nets, bit net, “frodo” nets, and BBS systems – Each had different routing, connection, and naming schemes – Sendmail is still built to support them and transport e-mail between the different “nets”.

Mail Aliases • /etc/aliases file • example: (on a cs. uwyo. edu machine) – abuse: seker@cs. uwyo. edu – fred: flintstone@bedrock. net – webmaster: aperson, bperson – mlist: : include: /home/list/mlistfile. txt • Once you add aliases to the file, you need to run: newaliases

Mail forwarding • Besides the /etc/aliases (which only root can change) • A user can put a. forward file into their directory and sendmail redirect their mail to somewhere else – example of. forward – seker@cs. uwyo. edu You can have more than one address. they need to be comma delimited.

25 hops! • E-mail can only make 25 hops before it is returned to sending as undeliverable. • Meaning: – You should not. forward files moving mail from 1 machine to another machine, etc. – Most e-mail makes about 4 to 8 average hops from one machine to another (across the internet).

List servers • Sendmail can function as a list server with the include command, but you should use another product, like – mailman, majordomo, listproc, smartlist, listserv lite.

Configuration • For debugging and fine gain details, see O’Reilly’s Sendmail guide (500+ pages long). • File and directories involved: – – – /etc/mail/* /etc/sendmail. cf or /etc/mail/sendmail. cf /etc/sendmail. mc (macro configuration for sendmail). /var/spool/mqueue /var/spool/mail or /var/mail

• For most configuration, you can use the sendmail. mc file (8. 9. X+). Uses m 4 macros to generate a sendmail. cf file. • Example: • define(`ALIAS_FILE’, `/etc/aliases’) – defines where the aliases file is.

Spam-related features • FEATURE (`access_db’) – Allows you to build a “mail firewall” The file looks like the following cyberspammer. com 550 Spam not accepted okguy@cyberspammer. com OK badguy@aol. com REJECT 170. 201. 180. 16 REJECT uwyo. edu RELAY hotlivesex@ 550 Spam not accepted

Other FEATUREs • FEATURE(`relay_entire_domain’) – allows relaying for just your domain • RELAY_DOMAIN(`domain, …’) – add more domains to be relayed. • define(conf. CW_FILE, `-o /etc/sendmail. cw’) • FEATURE(use_cw_file) – in the sendmail. cw list virtual domains and domains you want to have relayed • Define(`SMART_HOST’, ‘mailhost. uwyo. edu’) – Where all outbound mail will be sent • MASQUERADE_AS, MASQUERADE_DOMAIN, masquerade_envelope, and masquerade_entier domain – Can the From line, so that you “hide”/masquerade as a single machine

Debugging mail • mail –v seker@uwyo. edu – Send an e-mail as normal, but sendmail then gives verbose out as it talks to the receiving machine.

Lastly • Sendmail is cryptic and hard to configure and difficult to lecture on most of it, but a lot doesn’t need to be configured manually. • Read the book for more information and if needed be buy a good sendmail reference book.

Anti. Virus and Linux • There are many vendors who provide antivirus for “mail gateways” on UNIX and linux – Clamav is an open source version and is also free. – http: //www. clamav. net/

Clamav • • command-line scanner fast, multi-threaded daemon milter interface for sendmail database updater with support for digital signatures virus scanner C library on-access scanning (Linux® and Free. BSD) detection of over 40000 viruses, worms and trojans built-in support for RAR (2. 0), Zip, Gzip, Bzip 2, Tar, MS OLE 2, MS Cabinet files, MS CHM (Compressed HTML), MS SZDD • built-in support for mbox, Maildir and raw mail files • built-in support for Portable Executable files compressed with UPX, FSG, and Petite

Configuring Clamav • /etc/clamd. configuration file – See the varying documentation in the file. • For clamav-milter – Reads /etc/clamd. conf and takes command line parameters – Some common ones • • • --max-children=15 --noreject --dont-wait --force-scan --dont-log-clean --postmaster-only --timeout=0 --quarantine-dir=/quarantinedir --pidfile=/var/run/clamav-milter. pid local: /var/run/clamav-milter. sock

With Sendmail • Configure clamav and clamav-milter – Make sure both are started and start onboot. – Clamav-milter is part that works with sendmail (and other mailers) – Add the following lines to the sendmail. mc file INPUT_MAIL_FILTER(`clmilter', `S=local: /var/run/clamav/cla mav-milter. sock, F=, T=S: 4 m; R: 4 m')dnl – Clamav-milter. sock must be same as configured in clamav define(`conf. INPUT_MAIL_FILTERS', `clmilter') – Now e-mail will be scanned for viruses.

Virus updates • Uses freshclam to get updates. – Configured to run as a deamon or as cron job – Uses DNS entries to lookup the current virus pattern files, if new, then it downloads it and updates the definition file.

Spam. Assassin • Get it from the DAG archive – For Redhat/Fedora/Cent. OS • Main Config’s are in /etc/mail/spamassassin/, but can be configured per user as well. • Normally called via procmail, instead of sendmail – can be configured into sendmail like clamav

local. cf • Configure up which tests and the “threshold” value – Somewhere between 6 and 10. # How many hits before a message is considered spam. required_score 7. 6 # Change the subject of suspected spam rewrite_header subject [SPAM-H]

Using for all inbound e-mail • Edit/create a file /etc/procmailrc, uses procmail DROPPRIVES=yes # send mail through spamassassin : 0 HD #look for Subject: [SPAM-H] # don't run spamassassin on already marked spam * ! ^Subject: . *[SPAM-H] { : 0 fw | /usr/bin/spamc }

Documentation • For Clam. AV – http: //www. clamav. net/ • For Spam. Assassin – http: //spamassassin. apache. org/ – For lots of tips and config’s: http: //www. stearns. org/doc/spamassassin-setup. current. html • For Procmail – http: //www. procmail. org/ see interesting links • For Sendmail – http: //www. sendmail. org/

Q&A