Internet Draft                                            B. Crouzet
   Document: draft-crouzet-amtp-00.txt          Institute of Technology
                                                               Tallaght
   Expires: December 2003                                     June 2003


                   Authenticated Mail Transfer Protocol


Status of this Memo

   This document is an Internet-Draft and is in full conformance with
   all provisions of Section 10 of RFC2026.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
        http://www.ietf.org/ietf/1id-abstracts.txt
   The list of Internet-Draft Shadow Directories can be accessed at
        http://www.ietf.org/shadow.html.


Abstract

   Authenticated Mail Transfer Protocol is a second version of Simple
   Mail Transfer Protocol. Authenticated Mail Transfer Protocol (AMTP)
   improves Simple Mail Transfer Protocol (SMTP) and modifies the
   protocol in order to protect email against anonymous mails. The
   improvements included in Authenticated Mail Transfer Protocol will be
   helpful for the Internet community.

   The purpose of this document is to describe the different states of
   Authenticated Mail Transfer Protocol to the Internet community. There
   are five states:
   => Identified: It is used to identify the user to the server.
   => Email: It is used to send an email.
   => Logout: It is used to release any resources in the server when the
   user closes the connection.
   => Information: It is used to inform the recipientÆs server that an
   email is waiting to be retrieved on the senderÆs server.
   => Retrieved: It is used to instruct the recipientÆs server to
   retrieve the email from the senderÆs server.


Crouzet                 Expires - October 2003                [Page 1]


                 Authenticated Mail Transfer Protocol      April 20033



   An open relay server is important to transfer an email without a
   route to the recipientÆs server. A Authenticated Mail Transfer
   Protocol server can be located behind different gateways like
   routers, a proxy server or a firewall that protect the network. This
   document also presents the new command: HEAD. Furthermore, it
   explains Authenticated Mail Transfer Protocol commands, reply codes,
   advantages and disadvantages. A hacker is the most likely person to
   try and to crack the system, and this solution prevents him/her from
   doing so.



Conventions used in this document

   SA => SenderÆs Server: SA represents a SMTP server where the sender
      is known.

   SB => RecipientÆs Server: SB represents a SMTP server where the
   recipient is located.

   In examples, "C:" and "S:" indicate lines sent by the client and
   server respectively.

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC-2119.

Table of Contents

   1. Introduction...................................................4
   2. Presentation of Authenticated Mail Transfer Protocol (AMTP)....5
      2.1 Transmission Control Protocol/Internet Protocol (TCP/IP) Model
      ...............................................................5
         2.1.1 Data Link Layer......................................6
         2.1.2 Network Layer........................................6
         2.1.3 Transport Layer......................................7
         2.1.4 Application Layer....................................8
      2.2 General View...............................................8
      2.3 Explanation................................................8
      2.4 Goals.....................................................10
   3. Authenticated Mail Transfer Protocol States...................10
      3.1 Identified State..........................................10
         3.1.1 Presentation........................................10
         3.1.2 Command.............................................10
      3.2 Email State...............................................11
         3.2.1 Presentation........................................11
         3.2.2 Command.............................................11
      3.3 Logout State..............................................11


Crouzet                Expires - October 20033               [Page 2]


                 Authenticated Mail Transfer Protocol      April 20033


         3.3.1 Presentation........................................11
         3.3.2 Command.............................................12
      3.4 Information State.........................................12
         3.4.1 Presentation........................................12
         3.4.2 Command.............................................12
      3.5 Retrieved State...........................................13
         3.5.1 Presentation........................................13
         3.5.2 Command.............................................13
   4. Relay.........................................................13
      4.1 Presentation..............................................13
      4.2 Description...............................................14
      4.3 Result....................................................15
   5. Protections for the network...................................15
      5.1 Presentation..............................................15
      5.2 Router....................................................17
         5.2.1 1 router............................................17
         5.2.2 3 Routers...........................................17
      5.3 Firewall..................................................17
         5.3.1 Linux...............................................17
         5.3.2 Windows.............................................17
      5.4 Proxy.....................................................18
         5.4.1 Linux...............................................18
         5.4.2 Windows.............................................18
         5.4.3 Solutions...........................................18
      5.5 Proxy and Firewall........................................18
         5.5.1 Linux...............................................18
         5.5.2 Windows.............................................19
      5.6 Result....................................................19
   6. Authenticated Mail Transfer Protocol Header...................19
      6.1 Presentation..............................................19
      6.2 RELAY Tag.................................................19
      6.3 HEAD Tag..................................................20
      6.4 BODY Tag..................................................20
      6.5 Command...................................................21
   7. Authenticated Mail Transfer Protocol Commands.................21
      7.1 Optional Commands.........................................21
      7.2 Obsolete Commands.........................................21
      7.3 Order of commands.........................................22
      7.4 Authenticated Mail Transfer Protocol Procedures...........23
         7.4.1 Simple Procedure....................................23
         7.4.2 Procedure using optional commands...................24
         7.4.3 Procedure with RSET command.........................26
   8. Authenticated Mail Transfer Protocol Reply codes..............27
      8.1 New Reply Codes...........................................27
      8.2 Reply Codes from Request For Comment 2821.................28
   9. Authenticated Mail Transfer Protocol Information..............28
      9.1 Advantages................................................28
      9.2 Disadvantages.............................................29
      9.3 Denial of Service (DoS)...................................29


Crouzet                Expires - October 20033               [Page 3]


                 Authenticated Mail Transfer Protocol      April 20033


      9.4 Hackers...................................................30
      9.5 Protections...............................................30
      9.6 Trace.....................................................31
      9.7 Testing...................................................31
      9.8 Communication between AMTP and SMTP.......................31
   10. Conclusion...................................................32
   Security Considerations..........................................32
   References.......................................................32
   Appendix.........................................................32
      Appendix A: Acronyms..........................................32
      Appendix B: Terminology.......................................33
   Author's Addresses...............................................34
   Copyright Notice.................................................34


1. Introduction
   Authenticated Mail Transfer Protocol (AMTP) uses the Transmission
   Control Protocol/Internet Protocol (TCP/IP) model to communicate
   across the network. AMTP is a five states process that reduces spam
   mails and stops anonymous mails. There are three Client-to-Server
   communication states (Identified, Email and Logout State) and two
   Server-to-Server communication states (Information and Retrieved
   State).

   The first user (i.e., Client-to-Server) state is the Identified
   state. The protocol asks for a username and a password to identify
   the user. The user has to log in successfully before he/she can use
   the server. The second user state is the Email state. The user can
   employ any protocolÆs commands to send an email. Once the user has
   logged onto the server, he/she does not have to enter his/her email
   address any more. The server will automatically add the email address
   to the message header. The last user state is the Logout state. The
   user is logged onto the system therefore he/she has to be logged out.

   There is also a new transaction between two servers. There are two
   states, that the server has, for answering commands: SELO and SEMA.
   The first Server-to-Server state is the Information state, whereby
   the senderÆs server informs the recipientÆs server that an email is
   waiting to be retrieved. The second Server-to-Server state is the
   Retrieved state, whereby the recipientÆs server retrieves the email
   from the senderÆs server.

   A relayÆs server allows a senderÆs server to route any mails without
   the address of the recipientÆs server. A relayÆs server transmits the
   mail to the recipientÆs server or another relayÆs server like a
   normal server-to-server communication. In order to protect a network,
   it is possible to use a router, a firewall or a proxy server
   associated with a firewall. Under these protections, AMTP is
   operational. AMTP does not work behind a proxy server.


Crouzet                Expires - October 20033               [Page 4]


                 Authenticated Mail Transfer Protocol      April 20033



   In SMTP, the protocol makes no difference between the header and the
   data of the message. However when inserting the command HEAD in AMTP,
   the difference will be noticeable. This protocol both adds and
   removes commands from SMTP. The Authenticated Mail Transfer Protocol
   procedures are demonstrated. It also adds new reply codes and uses
   identical reply codes from SMTP.

   The Identified state has advantages as well as disadvantages. A
   hacker will have more difficulties to crack the system and send an
   anonymous mail. That is to say, that AMTP protects the user from
   receiving anonymous mails. However, the system will need to perform
   more tasks. In order to achieve a complete transaction, it would have
   to connect to the recipient server, send a unique number and close
   the connection. Then the recipientÆs server would have to establish a
   connection to the senderÆs server and retrieve the email on the
   senderÆs server. There are the two transactions, which will make it
   difficult for a hacker to send an anonymous mail.

   In the Appendix chapter, acronyms and terminology are defined in
   Appendix A and B.

2. Presentation of Authenticated Mail Transfer Protocol (AMTP)
2.1 Transmission Control Protocol/Internet Protocol (TCP/IP) Model
   Figure 1 presents the layered model of TCP/IP. TCP/IP model is used
   to communicate across any set of interconnected networks. TCP/IP
   model refers to its two main standards: Internet Protocol (IP) in the
   Network layer and Transmission Control Protocol (TCP) in the
   Transport layer.

   The principle works as follows: any layer (for example, the network
   layer) uses the services of the layer below it (in this case the Data
   Link layer) without knowing how that layer provides these services.
   For instance, the network layer will provide services to the layer
   located above it (in this case the Transport layer).

   The goal of this architecture is to allocate tasks to the different
   layers. Indeed, this work could not be handled by only one protocol,
   considering the amount of work it requires. A single protocol would
   be very complex and non-progressive.

   ---------------------------------------------------------------------
      Application layer: Telnet, POP3, IMAP4, and SMTP.

      Transport layer: TCP, UDP

      Network layer: IP, ICMP

      Data link layer: HDLC, PPP


Crouzet                Expires - October 20033               [Page 5]


                 Authenticated Mail Transfer Protocol      April 20033



      Physical layer: ISO 8802 standard, IEEE 802
   ---------------------------------------------------------------------
      Figure 1: Presentation of the TCP/IP layers
   ---------------------------------------------------------------------

   The Physical layer covers the physical interface between a data
   transmission device and a network. The Network Access layer deals the
   exchange of data between an end system and the network to which it is
   attached. The Internet layer provides the routing function across
   multiple networks. It is where Internet Protocol (IP) is used. The
   Transport layer or host-to-host layer insures the arrival of all data
   at their destination application and the order in which packets were
   sent. Transmission Control Protocol (TCP) is most commonly used to
   provide this function. The Application layer contains the logic
   needed to support the various user applications, where Simple Mail
   Transfer Protocol (SMTP) or Authenticated Mail Transfer Protocol
   (AMTP) is located. The SMTP or AMTP header manipulates and presents
   the data to a user. It analyses commands and sends a reply to a user.

2.1.1Data Link Layer
   The Ethernet header contains the source and destination Ethernet
   address, and a checksum field. The Ethernet address is known as MAC
   address. It is a unique number that is used to recognise a network
   card. The manufacturer is the one that generates this number. The
   Ethernet header finds any packet addresses to the recipientÆs
   computer on the network. In the Ethernet header, there is a checksum
   field located at the end of the packet. The checksum field is used to
   measure the checksum of the packet. It validates the number of octet
   in the packetÆs length.

   This layer is responsible for discovering any packet addresses to its
   computer on the network. The layer takes a packet from the network
   wire, strips away any Ethernet header information and passes the
   packet to the Network layer. This layer is also responsible for
   comparing the value of the packetÆs length with the checksum field.
   If the result is incorrect, the layer asks the sender to send back
   the packet. If it is correct, the packet goes to the Network layer.

2.1.2Network Layer
   Internet Protocol (IP) is the routing layer datagram service of the
   TCP/IP model. IP routes frames from host to host. The IP header
   contains routing and control information to transport the packet
   successfully. The IP header includes the source and destination
   Internet address, the protocol number, and another checksum field.
   Internet address is 32 bits binary number such as ô12.1.1.1ö
   recognised as a machineÆs address. The protocol number tells IP where
   to send the packet to the following layer in TCP/IP model. The



Crouzet                Expires - October 20033               [Page 6]


                 Authenticated Mail Transfer Protocol      April 20033


   checksum allows IP to verify that the header was not being damage
   during the transport.

   IP is the protocol that hides the underlying physical network by
   creating a virtual network view. It is an unreliable and best-effort
   connectionless packet delivery protocol. It has no reliability, flow
   control or error recovery to the underlying network interface
   protocol. IP is not capable of handling lost, out of order, or even
   duplicated packets. Higher layers provide these facilities. The
   maximum length or frame limitation is set to 1500 bytes. Instead of
   limiting the IP datagram length to a maximum, IP can deal with
   fragmentation and re-assembly of its datagrams. IP is able to
   separate the packet on the sender side and to put it together on the
   recipient side.

   An important function of the IP layer is IP routing. It provides the
   basic mechanism for routers to interconnect different physical
   networks, i.e. an Internet host can simultaneously function as a
   normal host and a router. The protocol is responsible to locate a
   route and to transmit a packet to its recipient.

2.1.3Transport Layer
   Transmission Control Protocol (TCP) provides a reliable stream
   delivery and virtual connection service to applications throughout
   the use of sequenced acknowledgement with retransmission of packets
   when needed. TCP is located at the transport layer in the TCP/IP
   model. The TCP header contains a source and destination port number,
   an acknowledgement number, and a sequence number. The port number
   recognises an application, the acknowledgement number indicates that
   the recipient receives the packet and the sequence number numbers the
   octets in the packet and delivers them in the right order.

   TCP advantages are:
   => Stream Data Transfer: TCP sets the data into basic blocks or
   datagrams by grouping the bytes in TCP segments. TCP itself decides
   how to segment the data.
   => Reliability: TCP assigns a sequence number to each byte
   transmitted, and expects a positive acknowledgment (ACK) from the
   receiving TCP. If the ACK is not received within a timeout interval,
   the data is retransmitted. The receiving TCP uses the sequence
   numbers to rearrange the segments as they arrive out of order, and to
   eliminate duplicate segments.
   => Full Duplex: TCP provides concurrent data streams in both
   directions.
   => Flow Control: The receiving TCP, when sending an ACK back to the
   sender, also indicates to the sender the number of bytes it can
   receive beyond the last received TCP segment, without causing overrun
   and overflow in its internal buffers.



Crouzet                Expires - October 20033               [Page 7]


                 Authenticated Mail Transfer Protocol      April 20033


   => Logical Connections: TCP initialises and maintains certain status
   information for each data stream. The combination of the reliability
   and flow control mechanisms is called a logical connection.

   To sum up, TCP provides end-to-end reliable communication. It ensures
   the retransmission of any lost packets, puts in order the received
   packets and acknowledges any packets to the sender. TCP is safe; in
   any case, the packet arrives to the recipient.

2.1.4Application Layer
   The Authenticated Mail Transfer Protocol (AMTP) header handles and
   presents the data to the user. It analyses commands and sends an
   answer to the user. It is located at the Application layer in the
   TCP/IP model. This is where the implementation of AMTP is located.

2.2 General View
   The following figure describes the States of Authenticated Mail
   Transfer Protocol in a general view. In the Identified state, the
   user has to be identified before he/she sends the email. The user
   writes his/her email in the Email state. At the end of the message,
   the server delivers the email to the recipient. If the recipient is
   internal, the email is immediately delivered to the recipientÆs
   mailbox. If the recipient is external, the sender server uses the
   Information state. The recipientÆs server executes the Retrieved
   state to retrieve the email from the senderÆs server. These two
   states are reserved to the server and are the result of the solution
   to recognise a user, reduce spam mails and stop anonymous mails.

   ---------------------------------------------------------------------
   User -> Identified State -> Email State Logout State

   Sender server -> Information State -> Logout State

   Recipient server -> Retrieved State -> Logout State
   ---------------------------------------------------------------------
   Figure 2: General View of Mail Transfer Protocol
   ---------------------------------------------------------------------

2.3 Explanation
   The server host starts the Authenticated Mail Transfer Protocol
   service by listening to the port 26. The client establishes a TCP
   connection with the server. He/she can use the command telnet <server
   IP address> 26. If the server accepts the connection, it sends back a
   reply code 220. Now the server and the client can exchange commands
   and responses. The server or the client can close or abort the
   connection at any time.

   The Authenticated Mail Transfer Protocol session progresses through a
   number of steps during its lifetime. Once the TCP connection has been


Crouzet                Expires - October 20033               [Page 8]


                 Authenticated Mail Transfer Protocol      April 20033


   opened and the AMTP server has accepted the transaction, the session
   enters into the Identified State. In this state, the user must
   identify himself to the server. Once the user has successfully done
   this, the session enters into the Email State. In this state, the
   user will be allowed to request an action from the server. He/she can
   send an email to a random user. When the user has finished his/her
   session, he/she has to enter the command QUIT and the session enters
   into the Logout State. Therefore, the server releases no more
   information and closes the network connection (TCP), database
   connection or files.

   Authenticated Mail Transfer Protocol contains two serverÆs states:
   Information and Retrieved states. These states are reserved to the
   mail server only and occur in cases where the server has to send an
   external email. A user will be able to call the command but the
   transaction will be aborted after the server recognises the
   parameters are incorrect. Only one server knows the user, it is the
   senderÆs server. The recipientÆs server accepts information coming
   from the senderÆs server or a user. The only thing mailÆs servers
   have in common is the port 25. It is the only piece of information
   that a server can recognise another mailÆs server. The port 25 makes
   sure that the transaction takes place between two mail servers and
   not between a user and a server.

   The first state is the Information State. In this state, the senderÆs
   server informs the recipientÆs server that an email is waiting to be
   delivered. The senderÆs server gives the recipientÆs server a number
   that refers to the email, the recipient's address and its IP address
   or domain name. The IP address or domain name is required to allow
   the recipientÆs server to connect into the senderÆs server. The
   second state is the Retrieved State. In this state, the recipientÆs
   server connects to the senderÆs server to retrieve an email. It gives
   the number and the recipient address that has been passed in the
   Information State. When these states are completed, the transaction
   enters in to the Logout State to close the connection and stop
   releasing information.

   These two states are automatic and fast. It is only two computers
   that are exchanging data. A timeout can be created when the server is
   waiting for a command. The two functions of these servers are to send
   and read information. They do not perform tasks that require time,
   resource or memory.

   A graphical representation of Authenticated Mail Transfer Protocol
   can be found in the Appendix C. The flowchart describes some actions
   and events of the protocol. It also gives a descriptive view of the
   protocol.




Crouzet                Expires - October 20033               [Page 9]


                 Authenticated Mail Transfer Protocol      April 20033


2.4 Goals
   This solution solves the problem of anonymous email. Therefore,
   everyone knows where the email comes from. The sender exists and the
   senderÆs server recognises him/her. It does not stop spam mails but a
   user has the possibility to avoid it and locate the sender. The
   solution still has to be tested to see if a hacker can crack it and
   if this solution is feasible on the network.

3. Authenticated Mail Transfer Protocol States
3.1 Identified State
3.1.1Presentation
   This state is important because it protects the user from anonymous
   email. Two new commands have been added to realise this state. The
   user connects to the server and receives the reply code 220 that
   means that the connection is successful and allows the user enters
   into the Identified State. In this state, the user types the command
   USER that means he/she wants to be identified by the server. The
   server answers by the reply code 250 when it is ready to recognise
   the user. The user can also quit the connection at any time by typing
   the command QUIT. In this case, the server will close any resources.

   The user types his/her username and password. Any user can be
   identified with these parameters. There are three types of answers
   for the server. In the case the username and password correspond to
   one user, the server replies with the code 250 and sends him/her a
   welcome message and the serverÆs capabilities that give some helpful
   information about serverÆs capabilities to the user. The server now
   knows the user who can use now any AMTP commands. In the case the
   username and password are incorrect, the server replies with the code
   401. After the third try from the user, the server closes the
   connection and replies with the code 555.

3.1.2Command
   USER
   The user enters the command USER to inform the server that he/she
   wants to be identified by the server. It is the first step for a
   user: Before he/she can send any email, he/she has to be identified
   by the server. The command USER does not need any parameters.

   <USERNAME> <PASSWORD>
   The user has entered the command USER. Now he/she needs to enter
   his/her username and password. In order to protect the user, the
   username has to be different from his/her email address and make sure
   that there is no space between words. Also, the username and password
   are entered after the command USER in order to protect these data. It
   will be difficult for a hacker to find these parameters. If the
   hacker listens to the network, he/she has to catch the command USER
   and the packet with the username and password data.



Crouzet                Expires - October 20033              [Page 10]


                 Authenticated Mail Transfer Protocol      April 20033



3.2 Email State
3.2.1Presentation
   In this state, the user can send an email. Once the user is logged
   into the server, he/she does not have to enter his/her email address
   any more. The server will add his/her email address to the header of
   the message.  The command MAIL FROM has been removed from the
   protocol. The header ôFromö is still needed in the message. The user
   enters the recipientÆs address. He/she types the command RCPT TO:
   <Recipient address>. The server validates the email address and
   acknowledges if the recipientÆs email is internal or external to the
   system. If it is internal, the server checks if the user exists or
   not. If the user does not belong to the server, the server sends back
   an error. If the email is external, the server continues the process.

   The user will be able to enter a complete header with the command
   HEAD. This command separates the header of the message from its body.
   This command is describes in section 6: ôAuthenticated Mail Transfer
   Protocol Headerö in this document.

   After this, the user enters the command DATA to specify the messageÆs
   body. The user writes the data. The server saves these data into an
   email. If the recipientÆs email is internal, the AMTP server
   transports the message to the recipientÆs mailbox directly. If the
   recipient email is external, the AMTP server starts the Information
   State.

3.2.2Command
   RCPT TO: <recipientÆs address> [, <recipientÆs address>]
   This command is used to identify an individual recipient of the mail
   data. It is the same command described in RFC 2821 [5], therefore
   reply codes are the same. The parameter for this command can be a
   list of recipientÆs addresses separated by a coma (æ,Æ). The command
   returns information about the validity of the recipientÆs address.

   DATA
   The user uses this command to enter the data of the message. When the
   server accepts the command DATA, it has to send a message to the
   recipient. The server keeps a trace of it, either for relaying or for
   final delivery, by using the line ôReceived Fromö in the header of
   the message. This trace indicates the identity of the host. It is the
   same command described in RFC 2821. Reply codes are the same.

3.3 Logout State
3.3.1Presentation
   The Logout State is what closes the connection between the server and
   the client when the user has finished with his/her email and wants to
   leave the server. The server will stop releasing any of the resources
   used like the database, the TCP channel, files and the thread. The


Crouzet                Expires - October 20033              [Page 11]


                 Authenticated Mail Transfer Protocol      April 20033


   user uses the command QUIT to close the connection. In this process,
   it is important that the server closes every resource.

3.3.2Command
   QUIT
   The command QUIT does not need any parameter. The server replies with
   the code 221. It is only after this reply code that the transaction
   is finished.

3.4 Information State
3.4.1Presentation
   In this state, the senderÆs server (SA) contacts the recipientÆs
   server (SB). This state is reserved for the server only. SA connects
   to SB and receives the reply code 220. Then, SA sends the command
   SELO with three parameters. The three parameters are the domain name
   of SA, a unique number created by SA and the recipient address. SB
   verifies if the domain name or IP address corresponds to the
   parameters found in the network packet. SB checks if the recipient
   exists or not in its server. If the recipient is unknown, SB sends
   the error back to SA, SA sends it back to the user and deletes the
   message. If the process is handled successfully, SB continues with
   the Retrieved state.

   In case the server is a relay to distribute the email, the senderÆs
   server proceeds normally. The relayÆs server will retrieve the email
   and send the number to the recipientÆs server. The senderÆs server
   will only proceed with the relayÆs server, which is a useful tool for
   sending emails to everyone everywhere. The senderÆs server will use
   it to send email around the world without knowing some of the mail
   servers. The relayÆs server needs the ability to answer the command
   SELO and to provide the action for the Retrieved State. The relayÆs
   server does not require to check the recipient. In a relayÆs server,
   the domain name is the only barrier that could stop an email from
   being sent.

3.4.2Command
   SELO <DOMAIN> <NUMBER> <RECIPIENT>
   The command SELO needs three parameters: DOMAIN, NUMBER and
   RECIPIENT. The parameter DOMAIN can be the IP address or the domain
   name of SA. It allows SB to establish a connection with the server.
   The parameter NUMBER is the identifier of the message. This parameter
   allows SA to recognise the message. The parameter RECIPIENT is the
   recipient's address. SA saves these parameters and the address of the
   recipientÆs server.

   The parameter RECIPIENT is used to identify an individual recipient
   of the mail data. If the server knows the recipient or if the domain
   name is in the relay table, SB answers by the reply code 250. If the
   user is not recognised by the server or if the domain name is not on


Crouzet                Expires - October 20033              [Page 12]


                 Authenticated Mail Transfer Protocol      April 20033


   the relay table, SB sends back the reply code 550. The relay table is
   a list of domain names where the server relays emails to another
   server. In case of success, SB enters into the Retrieved State.

3.5 Retrieved State
3.5.1Presentation
   In the Retrieved State, the recipientÆs server (SB) establishes a
   connection with the senderÆs server (SA) to retrieve the email with
   the number given in the Information state. If the connection is
   successful, SA answers by the reply code 220. Then, SB sends the
   command SEMA with two parameters separated by colon (æ:Æ). These two
   parameters are the recipient address and the unique number. SA checks
   if these parameters exist or not in its mail queue. If the number,
   the address of SB and recipientÆs address are correct, the message
   will be given to SB. SB saves the message and the email appears in
   the recipientÆs mailbox. In case the number and the recipient address
   are incorrect, SA sends an error message to SB.

   The relayÆs server proceeds through this state. The difference
   between a relayÆs server and a recipientÆs server is that the relayÆs
   server will start the Information State to inform another relayÆs
   server or the recipientÆs server. The relayÆs server will save the
   email and create a number to use the command SELO. It implements a
   relay queue to keep sending the email.

3.5.2Command
   SEMA <RECIPIENT>:<NUMBER>
   This command is reserved to the server. It needs two parameters:
   RECIPIENT and NUMBER. The parameter RECIPIENT is the recipient
   address. The parameter NUMBER is a number used to recognise the email
   on SA. If the number exists, SA will send the data together. If the
   number is wrong, the connection will be closed.

   If the message has not been retrieved and the lifetime of the email
   has expired, the AMTP server will inform the sender about it. The
   sender can resend the message. The AMTP server will keep a trace of
   this message and inform the administrator about the fact that the
   message has not been retrieved. The administrator can think about the
   reason why the message was not delivered.

4. Relay
4.1 Presentation
   An open relay is an AMTP server that allows people to relay emails.
   By processing mail that is not for or from a local user, an open
   relay makes it possible for an unscrupulous sender to route large
   volumes of spam. A user can send an email to his/her server and use
   the open relay server to transfer a mail to other servers.




Crouzet                Expires - October 20033              [Page 13]


                 Authenticated Mail Transfer Protocol      April 20033


   With this solution, the open relay server will do exactly the same
   transaction as a recipient server. It receives the notification for
   an email and retrieves the email. After this transaction, it will
   inform the recipient server that a mail has to be retrieved on the
   relayÆs server. It is more work for the open relay server. The email
   will arrive to the sender even if the mail passes by an open relay
   server. The transaction between the sender and the recipient within
   an open relay will be longer than if there were a direct link between
   the two servers. The advantages are that the spammer cannot use the
   open relay to send anonymous mail and the senderÆs server does not
   have to know each recipientÆs server to transfer an email.

4.2 Description

   ---------------------------------------------------------------------
   Sender <- AMTP -> Sender Server <- AMTP -> Relay Server <- AMTP ->
   Recipient Server <- POP or IMAP -> Recipient
   ---------------------------------------------------------------------
   Figure 3: Presentation of transaction with a relay server
   ---------------------------------------------------------------------

   The senderÆs server transfers an external email to the relayÆs
   server. When the route to send a mail to the recipient is not known
   by the senderÆs server, it goes through a relayÆs server to
   accomplish the transaction. The senderÆs server enters into the
   Information State and informs the relayÆs server that an email is
   waiting to be retrieved. The relayÆs server accepts the email if it
   knows the recipientÆs server or another relayÆs server that it can
   send the email to by checking its route table. It goes into the
   Retrieved State. The relayÆs server retrieves the email from the
   senderÆs server. Instead of saving the email in the userÆs mailbox,
   it saves the email as an external email and informs the recipientÆs
   server or another relayÆs server about it. The email is saved into
   the relayÆs server and the senderÆs server has sent this email.

   The relayÆs server is in the Information State and waits for an
   answer from the recipientÆs server. The recipientÆs server checks the
   recipientÆs address and validates the mailÆs address. If the user
   does not exist, it sends back an error message to the relayÆs server
   that sends a mail to the sender to informs him/her about the fact
   that the recipientÆs address is incorrect. If the mail address is
   correct, the recipientÆs server enters into the Retrieved State. It
   retrieves the email from the relayÆs server and saves the email into
   the userÆs mailbox.

   The transaction between a senderÆs server and a relayÆs server is
   identical to a transaction between a senderÆs server and a
   recipientÆs server. The same transaction is also used between a
   relayÆs server and a recipientÆs server. The difference in a relayÆs


Crouzet                Expires - October 20033              [Page 14]


                 Authenticated Mail Transfer Protocol      April 20033


   server is that the email has to be sent to another server. The
   relayÆs server will change the parameter NUMBER in the command SELO,
   by creating a new one to avoid a copy of the message.

4.3 Result
   The procedure is:

   ---------------------------------------------------------------------
   Step1:
   Sender MailÆs client --> SenderÆs server
   Using AMTP logout state, AMTP identified state and AMTP mail state
   ---------------------------------------------------------------------
   Step 2:
   SenderÆs server --> RelayÆs server
   Using AMTP information state

   SenderÆs server <-- RelayÆs server
   Using AMTP Retrieved state
   ---------------------------------------------------------------------
   Step 3:
   RelayÆs server --> RelayÆs server
   Using AMTP information state

   RelayÆs server <-- RelayÆs server
   Using AMTP Retrieved state
   ---------------------------------------------------------------------
   Step 4:
   RelayÆs server --> RecipientÆs server
   Using AMTP information state

   RelayÆs server <-- RecipientÆs server
   Using AMTP Retrieved state
   ---------------------------------------------------------------------
   Step5:
   RecipientÆs server <-- Recipient MailÆs client
   Using POP3 or IMAP transaction
   ---------------------------------------------------------------------

   Authenticated Mail Transfer Protocol is operational as a relay
   server. The relayÆs server is used to transfer mails to a recipientÆs
   server. Authenticated Mail Transfer Protocol is therefore protected
   against anonymous mails. A user can send an email to his/her server
   and use the relayÆs server to transfer the mail to other server.

5. Protections for the network
5.1 Presentation
   In order to protect a network, it is possible to use a router, a
   firewall, a proxy server or a firewall associated with a proxy
   server. It is important to accept or refuse requests coming from


Crouzet                Expires - October 20033              [Page 15]


                 Authenticated Mail Transfer Protocol      April 20033


   outside the network or going out of the network. A network has to be
   protected in order to increase the security of the userÆs data.
   Figure 4 represents one possibility of protection of a network. The
   network 1 is outside the network 2. The router, the firewall or the
   proxy server can be used as a gateway. It would allow the network 2
   to establish a route to the network 1. When an administrator combines
   these protections, the diagram of the network is different. In any
   case, an administrator needs a gateway to connect the network 1 with
   the network 2. The design of the network 2 can be different. It is
   possible to have a firewall, a proxy server and a router separately
   or working together.

   ---------------------------------------------------------------------
   Sender <- AMTP -> Sender Server on network 1 <- AMTP -> Firewall,
   Router or proxy server <- AMTP -> Recipient Server
   ---------------------------------------------------------------------
   Figure 3: Presentation of protections for the network
   ---------------------------------------------------------------------

   The first protection is a router. It connects a network to another
   network. Many routers connected to each other create the World Wild
   Web. The Access List is used to ban or to authorise some packets to
   enter the network. The Access list has to be configured in the router
   configuration.

   The second protection is a firewall, which is used to filter IP
   packets going into, or coming out of the network. A firewall can
   block, forward or pass the packet to the final recipient. The
   firewall can be setup to filter a protocol (TCP, UDP or ICMP), a
   port, an IP address or a range of IP address. A firewall is the most
   powerful tool to filter the packets from the network but not to
   protect the IP address of the network.

   The last protection is a proxy server, which is used to filter the
   packet going into, or coming out of the network. It is similar to a
   firewall but the proxy server will keep the network completely
   inaccessible from outside the network. The proxy server redirects any
   queries (HTTP, SMTP or FTP) to the server in charge of the protocol
   whether it is inside or outside the network. From an outside point of
   view, the user believes the proxy server is the server in charge of
   the protocol. He/she cannot establish a connection to any server
   inside the network except for the proxy server. In order to establish
   a transaction going out of the network, the user establishes a
   connection to the proxy server and then the proxy server request the
   userÆs queries. The proxy server changes the user IP address in the
   packet and replaces it by its IP address.

   An administrator can combine these protections and obtain a well-
   protected and secured network. The challenge for him/her is to find


Crouzet                Expires - October 20033              [Page 16]


                 Authenticated Mail Transfer Protocol      April 20033


   the right configuration that protects every server and computer, and
   allows the user to have access to every data authorised outside and
   also inside the network.

5.2 Router
5.2.11 router
   A router type CISCO 2600 has been used to establish the connection
   between two networks. The router allows the network ô192.5.5.0ö to be
   connected to the network ô205.7.5.0ö. These two networks can transfer
   data to one another. Without configuring the Access List,
   Authenticated Mail Transfer Protocol is operational. The senderÆs
   server can establish a connection to the recipientÆs server and send
   an email. The router passes the information to any AMTP servers. It
   is a gateway between these two networks.

5.2.23 Routers
   A router type CISCO 2600 and two routers type CISCO 2504 has been
   used to establish the connection between two networks through two
   other networks. Again, AMTP is working perfectly. The AMTP server in
   the network ô192.5.5.0ö can establish a connection and transfer a
   message to the recipient server in the network ô223.8.151.0ö using
   the network ô201.100.11.0ö and ô199.6.15.0ö. The routers are able to
   set up a virtual route between the two AMTP servers. This virtual
   route delivers any packets to the recipient server.

5.3 Firewall
5.3.1Linux
   The command IPCHAINS realises a firewall under Linux. The Linux
   version is a Red Hat 6.0. The firewall routes any packets with the
   port 26 between the two networks and blocks any other requests. The
   Linux computer contains two network cards and a route has to be added
   to connect these two networks. The configuration of the firewall is
   used to let pass the port 26. Authenticated Mail Transfer Protocol is
   operational. The senderÆs server can establish a connection to the
   recipientÆs server and send an email. The firewall passes the
   information to the recipient server [4].

5.3.2Windows
   The software ôSolidShare 2.0ö is used as a firewall. The
   configuration of the firewall is very simple. It is possible to block
   ICMP, UDP or TCP packets, or ports. The firewall accepts TCP
   connections and refuses UDP and ICMP. The configuration has to be
   studied in detail to obtain a well-protected network. Authenticated
   Mail Transfer Protocol is operational. The senderÆs server can
   establish a connection to the recipientÆs server and send an email.
   The router passes the information to any AMTP servers [13].





Crouzet                Expires - October 20033              [Page 17]


                 Authenticated Mail Transfer Protocol      April 20033


5.4 Proxy
5.4.1Linux
   The proxy server is ôTCPPROXY 1.1.6ö. It is a proxy for TCP/IP
   protocols. AMTP does not work with a proxy server because a proxy
   server changes the IP address in the packet and the server inside the
   network cannot establish a connection to a recipient server. The
   senderÆs or the recipientÆs server has to use the IP address of the
   proxy server which will redirect it to the recipientÆs server or to
   the senderÆs server. The proxy server is a relay between the two
   servers except that it does not work like a relayÆs server. The proxy
   server just changes the IP address in the packet and not in the
   command SELO. Authenticated Mail Transfer Protocol is not operational
   because AMTP servers cannot use the command SELO [14].

5.4.2Windows
   The proxy server is ôGateKeeper Pro 4.5ö. Like the operating system
   Linux, AMTP does not work with a proxy server. Authenticated Mail
   Transfer Protocol is not operational because AMTP servers cannot use
   the command SELO [3].

5.4.3Solutions
   Two solutions can make Authenticated Mail Transfer Protocol
   operational. The first solution is to install the mail server on the
   proxy server. The proxy server is not operational on port 26 because
   the mail server listens to the port 26 first. The second solution is
   to change the command SELO. The proxy server changes the IP address
   of the packet but not the IP address in the command SELO. If the
   command SELO does not send its IP address as a parameter and if the
   recipient server uses the IP address of the packet, Authenticated
   Mail Transfer Protocol is operational. This solution should be
   considered with caution because it can decrease the security of the
   network.

5.5 Proxy and Firewall
   To obtain a well-protected network, an administrator installs a
   firewall and a proxy server on each machine. The proxy server will be
   used to hide any IP address on the network and to route HTTP
   requests. The firewall will block or allow some ports to be
   accessible from outside and also inside the network. For AMTP, the
   port 26 needs to be open on the firewall, which let any packets pass
   with the port 26 inside. The proxy server cannot interfere in the
   packet because the firewall has already decided what to do with the
   packet. Authenticated Mail Transfer Protocol is operational.

5.5.1Linux
   The proxy server is ôTCPPROXY 1.1.6ö and the command IPCHAINS creates
   a firewall under Linux. Authenticated Mail Transfer Protocol is
   operational because the firewall overloads the proxy server. The two
   servers can exchange information.


Crouzet                Expires - October 20033              [Page 18]


                 Authenticated Mail Transfer Protocol      April 20033



5.5.2Windows
   The software ôSolidShare 2.0ö is used as a firewall and ôGateKeeper
   Pro 4.5ö as a proxy server. As the operating system Linux,
   Authenticated Mail Transfer Protocol is operational.

5.6 Result
   A router, a firewall, or a proxy server associated with a firewall
   working as a gateway makes Authenticated Mail Transfer Protocol
   operational. The sender and the recipient servers can exchange data.
   The proxy server does not make Authenticated Mail Transfer Protocol
   operational without any change in the protocol. Two solutions have
   been presented to solve the problem.

6. Authenticated Mail Transfer Protocol Header
6.1 Presentation
   The email protocol needs to make a distinction between the header and
   the body and also between the relayÆs server information and the
   header of the message. When a user writes an email from a telnet
   connection, there is a small distinction between the header and the
   body. For example, the subject is entered in the body of the message
   and not in the header. This option is technical and a user will not
   see the difference in the mailÆs software. It is only in the
   structure of the message. The header will be entered separately from
   the data.

   AMTP adds the version of the protocol into the server information. It
   is used to specify the version of the protocol that the server used:
   Version 1.0 for SMTP and Version 2.0 for AMTP. By adding this
   parameter, a recipientÆs server can prevent a user from risks
   incurred. AN AMTP server can accept a message from a SMTP server and
   assign the version to the protocol into the server information.

   The server information is the same content of the header field
   ôReceived Fromö in the Simple Mail Transfer Protocol (SMTP).

   Using HTML tags into the message, the server will be able to detect
   directly the information it needs. The senderÆs server enters these
   tags. These HTML tags are:
   => <RELAY>: Contains the relayÆs server information </RELAY>.
   => <HEAD>: Contains the header information of the message </HEAD>.
   => <BODY>: Contains the body information of the message </BODY>.

6.2 RELAY Tag
   In the relay tag, the information about the relayÆs server is
   specified. The relayÆs server should enter information about the
   senderÆs server and the recipientÆs server using the header field
   ôRELAY FROM: <senderÆs server information> TO <recipientÆs server
   information> BY <relayÆs server information>ö. The recipientÆs server


Crouzet                Expires - October 20033              [Page 19]


                 Authenticated Mail Transfer Protocol      April 20033


   information or the senderÆs server information could be a relayÆs
   server. With this information, it will be possible to identify a
   relayÆs server from the senderÆs server and to determine the route of
   the message.

6.3 HEAD Tag
   In the head tag, the information about the message is specified. A
   new header field is introduced in order to distinct the senderÆs
   server. The line ôSend to:ö is used to display the senderÆs server
   information. To avoid a hacker entering his/her data in the header of
   the message, this head tag is reserved to the senderÆs server. To
   implement this solution, an order of the line will be specified. This
   order will protect the message to be incorrect.

   The order is:
   => SenderÆs details: It is the line ôFrom: e-mail address < name >ö.
   => SenderÆs server: It is the line ôSend to:ö with the server
   information and the protocolÆs version.
   => Date: When the message has been written.
   => Message Identifier: It is the line ôMessage id: <number>ö.
   => RecipientÆs details: It is the line ôTo: e-mail address < name >ö.
   => Subject: It is the subject of the message.
   => Other header: These lines are used to enter different headers that
   are not necessary to deliver an email.
   => MIME details: It is the details for the MIME protocol.

   In order to distinct the header information to the body information,
   a command HEAD is introduced. The user uses this command to enter
   MIME type information. For a simple text message in ASCII characters,
   the user can enter the header ôsubjectö into the body of the message
   using the command DATA. The header ôsubjectö will be added into the
   head tag. If a user does not type the command HEAD, the server
   detects a simple message and presents the email header correctly. The
   server adds the line ôsubjectö into the message and the content will
   be entered into the body tag.

   If a user enters the command HEAD, he can type his/her information
   about the message. The first lines of the header are reserved for the
   server. The server adds the header: ôFromö, ôSend Toö, ôDateö,
   ôMessage idö, and ôToö. After these lines, the user inserts his/her
   header that can be different information for instance MIME type. A
   user inputs the header ôsubjectö in this command. If he/she tries to
   add the header ôsubjectö in the message, it will be part of the
   message and not the header.

6.4 BODY Tag
   The body tag is used to enter the content of the message. Any
   information in this tag will be considered as body information.



Crouzet                Expires - October 20033              [Page 20]


                 Authenticated Mail Transfer Protocol      April 20033


   This information will be displayed to the recipient as the message
   part.

6.5 Command
   Head
   A user types the command HEAD to enter the header details. This
   command is like the command DATA. The server replies with the code
   354 to enter the header details. To finish entering the data, the
   user enters a dot. The server will close the header and wait for the
   command DATA. The message header is always in American Standard Code
   for Information Interchange (ASCII) character and no code has to be
   presented.

7. Authenticated Mail Transfer Protocol Commands
7.1 Optional Commands
   RSET
   The command RSET allows a user to reset any action that was already
   done. It allows a user to restart the transaction from the beginning.
   It is the same command described in RFC 2821. The reply codes are
   identical.

   NOOP
   The command NOOP allows a user to reset the time out timer. It is the
   same command described in RFC 2821. The reply codes are the same.

   HELP [<topic>]
   The command HELP gives a user some information about the command it
   provides. It gives back useful information to the client. It is the
   same command described in RFC 2821. The reply codes are identical. If
   a user enters a topic as a parameter, the system provides information
   on this topic.

   MORE TO: <recipient addresses>
   The command MORE TO allows a sender to add more recipientÆs addresses
   to the message without changing the first recipient or correcting any
   recipientÆs address entered wrong. The command RCPT TO gives the
   sender information about the validity of an email but does not
   correct the email. Using the command MORE TO, the sender corrects
   invalid emails. The parameter <recipient addresses> specifies
   multiple recipientÆs addresses separated by a coma (æ,Æ).

   HEAD
   The command HEAD separates the messageÆs header to the messageÆs
   body. This command is like the command DATA and needs no parameters.
   The server replies with the code 354 to enter the header details.
   When a user has finished entering his/her data, he/she enters a dot.

7.2 Obsolete Commands
   Mail From


Crouzet                Expires - October 20033              [Page 21]


                 Authenticated Mail Transfer Protocol      April 20033


   The sender server manages this command and adds the sender address to
   the message. It is a hidden field like the ôreceived fromö field.

   EHLO
   Since a user has to be identified by the server, there is no point to
   keep this command but the result of the command EHLO is important. It
   gives helpful information about the serverÆs capabilities to the
   user. The result will be displayed after the user has been
   identified.

   TURN
   This command allows a client to become a server and the server to
   become the client. For security reasons, this command has been
   disabled.

   VRFY
   A user will be unable to verify an email address for security
   reasons. It is important to know and check an email address but today
   phone, letter or email communications can transmit email addresses.

   EXPN
   For security reasons, this command has been removed from the
   protocol. This command confirms that the argument is a mailing list.
   It is dangerous because a user can know the name of a mailing list
   and diffuse it.

   HELO
   This command comes from RFC 821 [11] and been replaced in RFC 2821 by
   the command EHLO. There is no point in keeping this command in the
   protocol.

   SEND
   It is rarely implemented. There is no point in keeping this command
   and since the protocol changed, this command is obsolete.

   SOML
   It is rarely implemented. There is no point in keeping this command
   and since the protocol changed, this command is obsolete.

   SAML
   It is rarely implemented. There is no point in keeping this command
   and since the protocol changed, this command is obsolete.

7.3 Order of commands
   There are restrictions on the order in which these commands may be
   used. A session starts with the command USER. After this, a user
   enters his/her username and password. The server accepts the client
   if he/she is identified and lets him/her continue the transaction.
   The server gives him/her its capabilities. The commands NOOP, HELP


Crouzet                Expires - October 20033              [Page 22]


                 Authenticated Mail Transfer Protocol      April 20033


   and RSET can be used at any time during a session or without
   previously initialising a session.

   The command RCPT TO begins the construction of the email. It
   specifies the recipientÆs address or multiple recipient addresses. A
   user can add more addresses with the command MORE TO. The command
   MORE TO permits also a user to correct an email address. If a user
   has a complex messageÆs header, he/she enters the command HEAD.
   He/she continues in any case with the command DATA to send the email.
   The transaction can be aborted by the command RSET. There may be zero
   or more emails in the session.

   To close the connection, a user types the command QUIT. He/she
   requests the end of the session.

7.4 Authenticated Mail Transfer Protocol Procedures
7.4.1Simple Procedure
   A simple AMTP procedure for a user is:

   S: 220 AMTP >> Connection successful.
   S: 250 AMTP >> Received from: postgrad-bc 193.1.124.54.
   S: 250 AMTP >>
   C: user
   S: 250 AMTP >> Server Ready
   C: bct 123
   S: 250 AMTP >> Welcome Brice CROUZET to the AMTP server.
   S: 250 AMTP >> SERVER CAPABILITIES.
   S: 250 AMTP >>
   C: rcpt to:jimmy.doody@master.com
   S: 250 Recipient accepted for "jimmy.doody@master.com"
   To add or correct a recipient address, please use the command MORE TO

   S: 250 AMTP >>
   C: data
   S: 354 Enter the data of the message. End with "." on a line  by
   itself.

   C: Subject: AMTP Procedure 1
   C: It is a simple AMTP procedure.
   C: .
   S: 250 Mail delivery successful for "jimmy.doody@master.com"
   S: 250 AMTP >>
   C: quit
   S: 221 Disconnection


   The email has been received:

   <HEAD>


Crouzet                Expires - October 20033              [Page 23]


                 Authenticated Mail Transfer Protocol      April 20033


   From: brice.crouzet@master.com
   Send To: master.com (193.1.124.54); 09 April 2003 08:56:50 o'clock
   IST; Version: 2.0
   Date: 09 April 2003 08:56:50 o'clock IST
   Message id: 1049998467218
   To: jimmy.doody@master.com
   Subject: AMTP Procedure 1
   </HEAD>

   <BODY>
   It is a simple AMTP procedure.
   </BODY>

7.4.2Procedure using optional commands
   An AMTP procedure using optional commands is:

   S: 220 AMTP >> Connection successful.
   S: 250 AMTP >> Received from: postgrad-bc 193.1.124.54.
   S: 250 AMTP >>
   C: user
   S: 250 AMTP >> Server Ready
   C: bct 123
   S: 250 AMTP >> Welcome Brice CROUZET to the AMTP server.
   S: 250 AMTP >> SERVER CAPABILITIES.
   S: 250 AMTP >>
   C: help
   S: 214 This is an AMTP Server.
   214 Topics:
   214 QUIT        HELP        RCPT        HEAD        DATA        RSET
   NOOP

   S: 250 AMTP >>
   C: help data
   S: help for DATA
   S:
   S: 250 AMTP >>
   C: noop
   S: 250 AMTP >> Noop OK
   S: 250 AMTP >>
   C: rcpt to:jimmy.doody@master.com
   S: 250 Recipient accepted for "jimmy.doody@master.com"
   To add or correct a recipient address, please use the command MORE TO

   S: 250 AMTP >>
   C: more to:brice.crouzet@master.com
   S: 250 Recipient accepted for "brice.crouzet@master.com"
   To add or correct a recipient address, please use the command MORE TO

   S: 250 AMTP >>


Crouzet                Expires - October 20033              [Page 24]


                 Authenticated Mail Transfer Protocol      April 20033


   C: head
   S: 354 Enter the header of the message. End with "." on a line  by
   itself.

   C: Subject: AMTP Procedure 2
   C: .
   S: 250 Head Command Accepted
   S: 250 AMTP >>
   C: data
   S: 354 Enter the data of the message. End with "." on a line  by
   itself.

   C: Subject: Test
   C: It is an AMTP procedure using optional commands.
   C: .
   S: 250 Mail delivery successful for "jimmy.doody@master.com",
   "brice.crouzet@master.com"
   S: 250 AMTP >>
   C: quit
   S: 221 Disconnection

   The email has been received:
   Email 1:

   <HEAD>
   From: brice.crouzet@master.com
   Send To: master.com (193.1.124.54); 09 April 2003 09:00:17 o'clock
   IST; Version: 2.0
   Date: 09 April 2003 09:00:17 o'clock IST
   Message id: 1049998673855
   To: jimmy.doody@master.com
   Subject: AMTP Procedure 2
   </HEAD>

   <BODY>
   Subject: Test
   It is an AMTP procedure using optional commands.
   </BODY>

   Email 2:

   <HEAD>
   From: brice.crouzet@master.com
   Send To: master.com (193.1.124.54); 09 April 2003 09:00:17 o'clock
   IST; Version: 2.0
   Date: 09 April 2003 09:00:17 o'clock IST
   Message id: 1049998673895
   To: brice.crouzet@master.com
   Subject: AMTP Procedure 2


Crouzet                Expires - October 20033              [Page 25]


                 Authenticated Mail Transfer Protocol      April 20033


   </HEAD>

   <BODY>
   Subject: Test
   It is an AMTP procedure using optional commands.
   </BODY>

7.4.3Procedure with RSET command
   AN AMTP procedure using the RSET command is:

   S: 220 AMTP >> Connection successful.
   S: 250 AMTP >> Received from: postgrad-bc 193.1.124.54.
   S: 250 AMTP >>
   C: user
   S: 250 AMTP >> Server Ready
   C: bct 123
   S: 250 AMTP >> Welcome Brice CROUZET to the AMTP server.
   S: 250 AMTP >> SERVER CAPABILITIES.
   S: 250 AMTP >>
   C: rcpt to:jimmy.doody@master.com
   S: 250 Recipient accepted for "jimmy.doody@master.com"
   To add or correct a recipient address, please use the command MORE TO

   S: 250 AMTP >>
   C: rset
   S: 250 AMTP >> Reset OK
   S: 250 AMTP >>
   C: data
   S: 503 Need RCPT before DATA "data".

   S: 250 AMTP >>
   C: rcpt to:brice.crouzet@master.com
   S: 250 Recipient accepted for "brice.crouzet@master.com"
   To add or correct a recipient address, please use the command MORE TO

   S: 250 AMTP >>
   C: data
   S: 354 Enter the data of the message. End with "." on a line  by
   itself.

   C: Subject: AMTP Procedure 3
   C: It is an AMTP procedure using RSET command.
   C: .
   S: 250 Mail delivery successful for "brice.crouzet@master.com"
   S: 250 AMTP >>
   C: quit
   S: 221 Disconnection

   The email has been received:


Crouzet                Expires - October 20033              [Page 26]


                 Authenticated Mail Transfer Protocol      April 20033



   <HEAD>
   From: brice.crouzet@master.com
   Send To: master.com (193.1.124.54); 09 April 2003 09:02:13 o'clock
   IST; Version: 2.0
   Date: 09 April 2003 09:02:13 o'clock IST
   Message id: 1049998790603
   To: brice.crouzet@master.com
   Subject: AMTP Procedure 3
   </HEAD>

   <BODY>
   It is an AMTP procedure using RSET command.
   </BODY>

8. Authenticated Mail Transfer Protocol Reply codes
8.1 New Reply Codes
   Reply codes are important for a server and a user because it permits
   them to know if the transaction is correct or not. The reply code 555
   informs the server for any errors that occur between two servers. The
   error permits the server to take action of it. There are four types
   of error: during the Identified state, during the transaction to send
   an email (Email State) and during the transaction between two servers
   for the commands SELO and SEMA.

   For the Identified state, the reply codes are:
   => 503 Use the Command USER before other commands.
   => 401 User unknown û Enter the user information again - only 3
   times.
   => 505 User does not exist û Connection close.
   => 250 User Accepted.

   When the user sends an email, the reply codes are:
   => 501 The email is wrong.
   => 551 User not local.
   => 250 Server Ready.

   When the server uses the command SELO, the reply codes are:
   => 555 Selo command error û Recipient Unknown, Argument missing,
   Command Unknown or Result Unknown.
   => 250 Selo Accepted.
   => 250 Mail accepted for delivery.

   When the server uses the command SEMA, the reply codes are:
   => 555 Sema command error û Argument missing, Mail does not exist,
   Command Unknown or Result Unknown.
   => 555 Mail error.
   => 250 Sema Accepted.
   => 250 Mail delivered.


Crouzet                Expires - October 20033              [Page 27]


                 Authenticated Mail Transfer Protocol      April 20033



8.2 Reply Codes from Request For Comment 2821
   Positive Completion replies are:
   => 211 System status or system help reply.
   => 214 Help message.
   => 220 Service ready.
   => 221 Service closing transmission channel.
   => 250 Requested mail action okay, completed.
   => 251 User not local.
   => 252 Cannot VRFY user, but will accept message and attempt
   delivery.

   Positive Intermediate reply is:
   => 354 Start mail input; end with.

   Transient Negative Completion replies are:
   => 421 Service not available, closing transmission channel.
   => 450 Requested mail action not taken: mailbox unavailable.
   => 451 Requested action aborted: local error in processing.
   => 452 Requested action not taken: insufficient system storage.

   Permanent Negative Completion replies are:
   => 500 Syntax error, command unrecognized.
   => 501 Syntax error in parameters or arguments.
   => 502 Command not implemented.
   => 503 Bad sequence of commands.
   => 504 Command parameter not implemented.
   => 550 Requested action not taken: mailbox unavailable.
   => 551 User not local; please try.
   => 552 Requested mail action aborted: exceeded storage allocation.
   => 553 Requested action not taken: mailbox name not allowed.
   => 554 Transaction failed.

9. Authenticated Mail Transfer Protocol Information
9.1 Advantages
   The main advantage is that the AMTP server knows the user. It allows
   a server to identify and trust a sender. The two servers listen to
   the port 26 and are able to answer any commands. The difference that
   exists with the old protocol is that the recipient server has be
   working to receive the email. The recipient server needs to establish
   a connection with the sender server in order to retrieve the message.
   This transaction allows the senderÆs server to validate the senderÆs
   address.

   The other advantage is that a user is not concerned about the danger.
   The result of an attack will concern only the AMTP server. In order
   to deliver an email, the transaction has to go through every step of
   process. If the transaction detects any error in the process, the



Crouzet                Expires - October 20033              [Page 28]


                 Authenticated Mail Transfer Protocol      April 20033


   server will stop the transaction with the client. It is important to
   ensure the security for the user.

   To find the number and the recipient address is a very high difficult
   task. These two parameters depend on the sender server and the user.
   It is possible to find the algorithm that produced the number but it
   will be difficult to find the recipient address and the number
   together. The recipient address depends on the sender and the number
   will depend on the number of messages sent. These numbers are stored
   in the server, where it is difficult to crack the database.

9.2 Disadvantages
   To send an external email takes longer and needs two connections. The
   two servers concerned have to establish a connection between each
   other. It takes more time to do this than SMTP. The big inconvenient
   is the time taken. It does not take longer than with Simple Mail
   Transfer Protocol but to transfer an email is a complete and secure
   transaction.

   The main problem is the number of connections between the two
   servers. The result of a high number of connections can be a Denial
   of Service attack. The server has to respond to two different types
   of connection: a user and a server. The server needs more resources
   to complete the transaction. There are three server queues. The first
   queue is to inform the recipient server. The second queue is to
   retrieve the message with the number. The third queue is to write the
   email in the recipient mailbox.
   The AMTP server will be busy and need more resources. Today, the
   resource allows computers to do this. The problem comes from the
   bandwidth of the network.

9.3 Denial of Service (DoS)
   The Denial of Service attack is characterised by an explicit attempt
   by attackers to prevent legitimate users of a service from using that
   service. Attackers:
   => Attempt to overflow a network,
   => Attempt to disrupt connections between 2 computers,
   => Attempt to prevent a particular individual from accessing a
   service or
   => Attempt to disrupt service to a specific system.

   In the case of Authenticated Mail Transfer Protocol, the result of
   the attack is that the server should be unable to transfer a mail.
   To increase the number of connections to the server can attack the
   server. In order to prevent this type of attack, the server has to
   analyse connections to the server, especially when they have failed.
   With the connection, the server can find the sender and block him/her.
   It is possible to implement a firewall to block the incorrect packet,
   for example, when IP address is incorrect or when the result of


Crouzet                Expires - October 20033              [Page 29]


                 Authenticated Mail Transfer Protocol      April 20033


   commands SEMA and SELO have failed. The administrator has to observe
   the serverÆs performance and to establish an ordinary level.

   The Denial of Service attack can be terrible for everybody. In any
   case, the server needs a backup server in order to still be able to
   work when a DoS attack occurs. The service will keep on transferring
   the message. The administrator determines the origin of the attack
   and kills the attackerÆs connections.

9.4 Hackers
   A hacker has to run an AMTP server on port 26. It is more difficult
   for him/her because only one programme can listen to the port 26. A
   hacker cannot implement a programme on an AMTP server. Moreover,
   he/she cannot use a telnet connection to send an anonymous email or
   create a fake AMTP server on a computer without a port 26.

   A hacker can use a Denial of Service attack. Then, the AMTP server
   will be allowed to answer any transaction, which is dangerous. A
   hacker will use the command used by the server to attack the server.
   This will be impossible to do because the hacker has to know the
   number of the message and the recipient address, which he/she does
   not. It is impossible to determine these parameters. If the hacker
   tries too many times, the server will discover the attack and close
   the connection. It is impossible for the user to be attacked.

   If a hacker tries to use the command SELO, it will result in an error
   or in a connection to a server without an email to retrieve. An error
   appears if a hacker does not use an AMTP server. The recipientÆs
   server will be unable to connect to any userÆs computer. In case a
   hacker uses an AMTP server, the recipientÆs server cannot retrieve an
   email except if the hacker has his/her own mail server. In this case,
   the administrator knows exactly where a hacker is and what computer
   he/she is using.

   If a hacker tries to use the command SEMA, it will result in an
   error. A hacker has to know two arguments: the recipientÆs address
   and the number. If these two arguments are correct and save into the
   database of the senderÆs server, the email will be given. If not, an
   error will occur and a hacker gets nothing.

9.5 Protections
   A server is protected when it pays attention to the number of failed
   connections. The programme provided by a hacker will result an error.
   It is impossible for a server to be wrong except if the connection
   fails which is a different error. The user is protected because
   he/she cannot receive anonymous email. This means the end of
   anonymous emails and the frustration that a user can have, because
   he/she does not know what to do about it.



Crouzet                Expires - October 20033              [Page 30]


                 Authenticated Mail Transfer Protocol      April 20033


9.6 Trace
   When a mail is sent, the AMTP server will keep a trace of the message
   into its database. It uses the ômessage idö field to identify the
   message. The sender database contains a table with the sender
   address, the IP address of the sender and the ômessage idö field.
   This information helps an administrator to recognise the original
   sender of a message. It also keeps the IP address of the sender
   secret.

9.7 Testing
   To make sure a hacker cannot send an email to the server, the server
   has been tested. A user has to be identified to the server if he/she
   wants to send or to read an email. A hacker has to know a username
   and a password from the server. Except through this door, a hacker
   cannot send an email.

   If a hacker uses the command SELO, he/she has two choices. The first
   choice is to run the command from a computer without any AMTP server.
   The AMTP server will never go into the next step. It never runs the
   command SEMA. If a hacker is connected to the AMTP server and tries
   to run the command SELO, the transaction will be aborted because
   there is no message waiting in the AMTP server for the hacker. Again,
   a hacker has to find these two parameters (number and recipient
   address), which is not an easy task.

   If a hacker uses the command SEMA, he/she can run the command from an
   AMTP server or from a telnet connection. Nothing will happen. The
   transaction will be disconnected because no message exists. The
   transaction occurs correctly if an email is waiting to be retrieved.
   It means that the number and recipient are correct and that the email
   exists in the server. It is a very secured transaction.

9.8 Communication between AMTP and SMTP
   The communication between the new protocol (AMTP) and the existing
   protocol (SMTP) is impossible since the commands and procedures
   changed. The user to server communication is operational because a
   user establishes a connection to AMTP or SMTP. The server-to-server
   is non operational because the AMTP server cannot answer any SMTP
   commands. It is possible to implement SMTP commands inside an AMTP
   server but it will obsolete AMTP.

   A solution can be to allocate a new port to AMTP like the port 26. If
   the port 26 is opened on the recipientÆs server, the AMTP server
   establishes a connection to the server using AMTP. If the port 26 is
   closed and the port 25 is opened on the recipientÆs server, the AMTP
   server establishes a connection to the server using SMTP. The port 26
   can be used as a transition step to replace SMTP. AMTP can create a
   local network for the transfer of mail between researcher,
   institutes, college or companies who cares about security.


Crouzet                Expires - October 20033              [Page 31]


                 Authenticated Mail Transfer Protocol      April 20033



10. Conclusion
   There is one solution to identify a user by a server. The
   Authenticated Mail Transfer Protocol server needs to know the user
   before it can proceed a transaction with him/her. The transaction
   between two servers takes time and needs more resources. The solution
   offers the guarantee that the sender exists and avoids anonymous
   email, which is the goal reached. It is a major step to proceed to
   the success of the masters thesis.

   Authenticated Mail Transport Protocol contains three client-to-server
   states (Identified, Email and Logout States) and two server-to-server
   (Information and Retrieved States). It is important to have all these
   states because it allows a server to identify a user.

   The header of the email is completely different from the data of the
   message. With the separation of the header from the data and the
   command HEAD, Authenticated Mail Transfer Protocol is able to make a
   difference between the header and the body of an email. Authenticated
   Mail Transfer Protocol adds and removes commands from Simple Mail
   Transfer Protocol. It can also add reply codes.

   There are some advantages and disadvantages to this solution. The
   hacker will find it more difficult to crack Authenticated Mail
   Transfer Protocol with these new states. The user is more protected
   compared to Simple Mail Transfer Protocol, but the server is more
   exposed. Far from being the only solution, it has the merit of
   stopping anonymous mail.

Security Considerations
   Security Considerations has been described during this document.



References


Appendix
Appendix A: Acronyms

   ASCII=> American Standard Code for Information Interchange (ASCII) is
   the most common format for text files in computers and on the
   Internet. In an ASCII file, each alphabetic, numeric, or special
   character is represented with a 7-bit binary number (a string of
   seven 0s or 1s). 128 possible characters are defined [15].

   DNS => Domain Name System (DNS) is a distributed system of having the
   data at different locations and is effectively a database of mappings
   between the names that computer are known as and their IP addresses.


Crouzet                Expires - October 20033              [Page 32]


                 Authenticated Mail Transfer Protocol      April 20033


   In order to communicate with a system one's computer must get the IP
   address of the computer it wants to talk to from the DNS first. These
   are stored in the DNS in what are known as A records [16].

   IP => Internet Protocol (IP) is designed for use in interconnected
   systems of packet-switched computer communication networks. The IP
   provides for transmitting blocks of data called datagramÆs from
   sources to destinations, where sources and destinations are hosts
   identified by fixed length addresses.  The IP also provides for
   fragmentation and reassemble of long datagramÆs, if necessary, for
   transmission through "small packet" networks [9].

   MIME => Multipurpose Internet Mail Extensions (MIME) is an extension
   of the original Internet email protocol that lets people use the
   protocol to exchange different kinds of data files on the Internet.
   The type of data can be audio, video, images, application programs,
   and other kinds, as well as the ASCII handled in the original
   protocol (SMTP). [2] and [6].

   RFC => Request For Comment (RFC) forms a series of notes, started in
   1969, about the Internet. The notes discuss many aspects of computer
   communication, focusing on networking protocols, procedures,
   programmes, and concepts but also including meeting notes, opinion,
   and sometimes humour [12].

   SMTP => Simple Mail Transfer Protocol (SMTP) is to transfer any mail
   from a client to a server and is defining in RFC 0821 [11] and RFC
   2821 [5]. The protocol used the port 25 to receive the data and the
   TCP/IP protocol to transport the data in the network.

   TCP => Transmission Control Protocol (TCP) is intended for use as a
   highly reliable host-to-host protocol between hosts in packet-
   switched computer communication networks, and in interconnected
   systems of such networks [10].

Appendix B: Terminology
   => A mail, email, message or electronic mail represents a message
   sent across the network from one person to another.
   => Anonymous email is email that has been directed to a recipient
   through a third-party server that does not identify the originator of
   the message.
   => Client refers to the user software.
   => Command represents a specific order from a user to an application
   to perform a service.
   => Hacker is a person who tries to break into the computer system.
   => Mail Agent System represents a system to manage the mail (write,
   read, delete and send).
   => Authenticated Mail Transfer Protocol characterises the Simple Mail
   Transfer Protocol version 2.


Crouzet                Expires - October 20033              [Page 33]


                 Authenticated Mail Transfer Protocol      April 20033


   => Protocol or standard represents a set of rules for a subject.
   => Recipient represents the user who receives a mail and is in the
   server side.
   => SA represents a SMTP server where the sender is known.
   => SB represents a SMTP server where the recipient is located.
   => Sender represents the user who sends a mail and is in the client
   side.
   => Server represents the application running from the server side.
   => Spam is unsolicited email on the Internet.
   => Transaction is an exchange of information between 2 servers or a
   server and a user.
   => User is used to refer to a human user.
   => Workstation represents a userÆs computer.

Author's Addresses

   Brice Crouzet (PK4)
   Institute of Technology Tallaght
   Tallaght
   Dublin 24
   Ireland

   Phone: + 353 (0) 14 04 23 45
   Fax: + 353 (0) 14 04 20 00
   E-mail: brice.crouzet@it-tallaght.ie

Copyright Notice
   Copyright (C) The Internet Society (date). All Rights Reserved.
   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph are
   included on all such copies and derivative works. However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION


Crouzet                Expires - October 20033              [Page 34]


                 Authenticated Mail Transfer Protocol      April 20033


   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE."

















































Crouzet                Expires - October 20033              [Page 35]