Internet Draft B. Crouzet
Document: draft-crouzet-amtp-00.txt Institute of Technology
Tallaght
Expires: December 2003 June 2003
Authenticated Mail Transfer Protocol
Status of this Memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Abstract
Authenticated Mail Transfer Protocol is a second version of Simple
Mail Transfer Protocol. Authenticated Mail Transfer Protocol (AMTP)
improves Simple Mail Transfer Protocol (SMTP) and modifies the
protocol in order to protect email against anonymous mails. The
improvements included in Authenticated Mail Transfer Protocol will be
helpful for the Internet community.
The purpose of this document is to describe the different states of
Authenticated Mail Transfer Protocol to the Internet community. There
are five states:
=> Identified: It is used to identify the user to the server.
=> Email: It is used to send an email.
=> Logout: It is used to release any resources in the server when the
user closes the connection.
=> Information: It is used to inform the recipientÆs server that an
email is waiting to be retrieved on the senderÆs server.
=> Retrieved: It is used to instruct the recipientÆs server to
retrieve the email from the senderÆs server.
Crouzet Expires - October 2003 [Page 1]
Authenticated Mail Transfer Protocol April 20033
An open relay server is important to transfer an email without a
route to the recipientÆs server. A Authenticated Mail Transfer
Protocol server can be located behind different gateways like
routers, a proxy server or a firewall that protect the network. This
document also presents the new command: HEAD. Furthermore, it
explains Authenticated Mail Transfer Protocol commands, reply codes,
advantages and disadvantages. A hacker is the most likely person to
try and to crack the system, and this solution prevents him/her from
doing so.
Conventions used in this document
SA => SenderÆs Server: SA represents a SMTP server where the sender
is known.
SB => RecipientÆs Server: SB represents a SMTP server where the
recipient is located.
In examples, "C:" and "S:" indicate lines sent by the client and
server respectively.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC-2119.
Table of Contents
1. Introduction...................................................4
2. Presentation of Authenticated Mail Transfer Protocol (AMTP)....5
2.1 Transmission Control Protocol/Internet Protocol (TCP/IP) Model
...............................................................5
2.1.1 Data Link Layer......................................6
2.1.2 Network Layer........................................6
2.1.3 Transport Layer......................................7
2.1.4 Application Layer....................................8
2.2 General View...............................................8
2.3 Explanation................................................8
2.4 Goals.....................................................10
3. Authenticated Mail Transfer Protocol States...................10
3.1 Identified State..........................................10
3.1.1 Presentation........................................10
3.1.2 Command.............................................10
3.2 Email State...............................................11
3.2.1 Presentation........................................11
3.2.2 Command.............................................11
3.3 Logout State..............................................11
Crouzet Expires - October 20033 [Page 2]
Authenticated Mail Transfer Protocol April 20033
3.3.1 Presentation........................................11
3.3.2 Command.............................................12
3.4 Information State.........................................12
3.4.1 Presentation........................................12
3.4.2 Command.............................................12
3.5 Retrieved State...........................................13
3.5.1 Presentation........................................13
3.5.2 Command.............................................13
4. Relay.........................................................13
4.1 Presentation..............................................13
4.2 Description...............................................14
4.3 Result....................................................15
5. Protections for the network...................................15
5.1 Presentation..............................................15
5.2 Router....................................................17
5.2.1 1 router............................................17
5.2.2 3 Routers...........................................17
5.3 Firewall..................................................17
5.3.1 Linux...............................................17
5.3.2 Windows.............................................17
5.4 Proxy.....................................................18
5.4.1 Linux...............................................18
5.4.2 Windows.............................................18
5.4.3 Solutions...........................................18
5.5 Proxy and Firewall........................................18
5.5.1 Linux...............................................18
5.5.2 Windows.............................................19
5.6 Result....................................................19
6. Authenticated Mail Transfer Protocol Header...................19
6.1 Presentation..............................................19
6.2 RELAY Tag.................................................19
6.3 HEAD Tag..................................................20
6.4 BODY Tag..................................................20
6.5 Command...................................................21
7. Authenticated Mail Transfer Protocol Commands.................21
7.1 Optional Commands.........................................21
7.2 Obsolete Commands.........................................21
7.3 Order of commands.........................................22
7.4 Authenticated Mail Transfer Protocol Procedures...........23
7.4.1 Simple Procedure....................................23
7.4.2 Procedure using optional commands...................24
7.4.3 Procedure with RSET command.........................26
8. Authenticated Mail Transfer Protocol Reply codes..............27
8.1 New Reply Codes...........................................27
8.2 Reply Codes from Request For Comment 2821.................28
9. Authenticated Mail Transfer Protocol Information..............28
9.1 Advantages................................................28
9.2 Disadvantages.............................................29
9.3 Denial of Service (DoS)...................................29
Crouzet Expires - October 20033 [Page 3]
Authenticated Mail Transfer Protocol April 20033
9.4 Hackers...................................................30
9.5 Protections...............................................30
9.6 Trace.....................................................31
9.7 Testing...................................................31
9.8 Communication between AMTP and SMTP.......................31
10. Conclusion...................................................32
Security Considerations..........................................32
References.......................................................32
Appendix.........................................................32
Appendix A: Acronyms..........................................32
Appendix B: Terminology.......................................33
Author's Addresses...............................................34
Copyright Notice.................................................34
1. Introduction
Authenticated Mail Transfer Protocol (AMTP) uses the Transmission
Control Protocol/Internet Protocol (TCP/IP) model to communicate
across the network. AMTP is a five states process that reduces spam
mails and stops anonymous mails. There are three Client-to-Server
communication states (Identified, Email and Logout State) and two
Server-to-Server communication states (Information and Retrieved
State).
The first user (i.e., Client-to-Server) state is the Identified
state. The protocol asks for a username and a password to identify
the user. The user has to log in successfully before he/she can use
the server. The second user state is the Email state. The user can
employ any protocolÆs commands to send an email. Once the user has
logged onto the server, he/she does not have to enter his/her email
address any more. The server will automatically add the email address
to the message header. The last user state is the Logout state. The
user is logged onto the system therefore he/she has to be logged out.
There is also a new transaction between two servers. There are two
states, that the server has, for answering commands: SELO and SEMA.
The first Server-to-Server state is the Information state, whereby
the senderÆs server informs the recipientÆs server that an email is
waiting to be retrieved. The second Server-to-Server state is the
Retrieved state, whereby the recipientÆs server retrieves the email
from the senderÆs server.
A relayÆs server allows a senderÆs server to route any mails without
the address of the recipientÆs server. A relayÆs server transmits the
mail to the recipientÆs server or another relayÆs server like a
normal server-to-server communication. In order to protect a network,
it is possible to use a router, a firewall or a proxy server
associated with a firewall. Under these protections, AMTP is
operational. AMTP does not work behind a proxy server.
Crouzet Expires - October 20033 [Page 4]
Authenticated Mail Transfer Protocol April 20033
In SMTP, the protocol makes no difference between the header and the
data of the message. However when inserting the command HEAD in AMTP,
the difference will be noticeable. This protocol both adds and
removes commands from SMTP. The Authenticated Mail Transfer Protocol
procedures are demonstrated. It also adds new reply codes and uses
identical reply codes from SMTP.
The Identified state has advantages as well as disadvantages. A
hacker will have more difficulties to crack the system and send an
anonymous mail. That is to say, that AMTP protects the user from
receiving anonymous mails. However, the system will need to perform
more tasks. In order to achieve a complete transaction, it would have
to connect to the recipient server, send a unique number and close
the connection. Then the recipientÆs server would have to establish a
connection to the senderÆs server and retrieve the email on the
senderÆs server. There are the two transactions, which will make it
difficult for a hacker to send an anonymous mail.
In the Appendix chapter, acronyms and terminology are defined in
Appendix A and B.
2. Presentation of Authenticated Mail Transfer Protocol (AMTP)
2.1 Transmission Control Protocol/Internet Protocol (TCP/IP) Model
Figure 1 presents the layered model of TCP/IP. TCP/IP model is used
to communicate across any set of interconnected networks. TCP/IP
model refers to its two main standards: Internet Protocol (IP) in the
Network layer and Transmission Control Protocol (TCP) in the
Transport layer.
The principle works as follows: any layer (for example, the network
layer) uses the services of the layer below it (in this case the Data
Link layer) without knowing how that layer provides these services.
For instance, the network layer will provide services to the layer
located above it (in this case the Transport layer).
The goal of this architecture is to allocate tasks to the different
layers. Indeed, this work could not be handled by only one protocol,
considering the amount of work it requires. A single protocol would
be very complex and non-progressive.
---------------------------------------------------------------------
Application layer: Telnet, POP3, IMAP4, and SMTP.
Transport layer: TCP, UDP
Network layer: IP, ICMP
Data link layer: HDLC, PPP
Crouzet Expires - October 20033 [Page 5]
Authenticated Mail Transfer Protocol April 20033
Physical layer: ISO 8802 standard, IEEE 802
---------------------------------------------------------------------
Figure 1: Presentation of the TCP/IP layers
---------------------------------------------------------------------
The Physical layer covers the physical interface between a data
transmission device and a network. The Network Access layer deals the
exchange of data between an end system and the network to which it is
attached. The Internet layer provides the routing function across
multiple networks. It is where Internet Protocol (IP) is used. The
Transport layer or host-to-host layer insures the arrival of all data
at their destination application and the order in which packets were
sent. Transmission Control Protocol (TCP) is most commonly used to
provide this function. The Application layer contains the logic
needed to support the various user applications, where Simple Mail
Transfer Protocol (SMTP) or Authenticated Mail Transfer Protocol
(AMTP) is located. The SMTP or AMTP header manipulates and presents
the data to a user. It analyses commands and sends a reply to a user.
2.1.1Data Link Layer
The Ethernet header contains the source and destination Ethernet
address, and a checksum field. The Ethernet address is known as MAC
address. It is a unique number that is used to recognise a network
card. The manufacturer is the one that generates this number. The
Ethernet header finds any packet addresses to the recipientÆs
computer on the network. In the Ethernet header, there is a checksum
field located at the end of the packet. The checksum field is used to
measure the checksum of the packet. It validates the number of octet
in the packetÆs length.
This layer is responsible for discovering any packet addresses to its
computer on the network. The layer takes a packet from the network
wire, strips away any Ethernet header information and passes the
packet to the Network layer. This layer is also responsible for
comparing the value of the packetÆs length with the checksum field.
If the result is incorrect, the layer asks the sender to send back
the packet. If it is correct, the packet goes to the Network layer.
2.1.2Network Layer
Internet Protocol (IP) is the routing layer datagram service of the
TCP/IP model. IP routes frames from host to host. The IP header
contains routing and control information to transport the packet
successfully. The IP header includes the source and destination
Internet address, the protocol number, and another checksum field.
Internet address is 32 bits binary number such as ô12.1.1.1ö
recognised as a machineÆs address. The protocol number tells IP where
to send the packet to the following layer in TCP/IP model. The
Crouzet Expires - October 20033 [Page 6]
Authenticated Mail Transfer Protocol April 20033
checksum allows IP to verify that the header was not being damage
during the transport.
IP is the protocol that hides the underlying physical network by
creating a virtual network view. It is an unreliable and best-effort
connectionless packet delivery protocol. It has no reliability, flow
control or error recovery to the underlying network interface
protocol. IP is not capable of handling lost, out of order, or even
duplicated packets. Higher layers provide these facilities. The
maximum length or frame limitation is set to 1500 bytes. Instead of
limiting the IP datagram length to a maximum, IP can deal with
fragmentation and re-assembly of its datagrams. IP is able to
separate the packet on the sender side and to put it together on the
recipient side.
An important function of the IP layer is IP routing. It provides the
basic mechanism for routers to interconnect different physical
networks, i.e. an Internet host can simultaneously function as a
normal host and a router. The protocol is responsible to locate a
route and to transmit a packet to its recipient.
2.1.3Transport Layer
Transmission Control Protocol (TCP) provides a reliable stream
delivery and virtual connection service to applications throughout
the use of sequenced acknowledgement with retransmission of packets
when needed. TCP is located at the transport layer in the TCP/IP
model. The TCP header contains a source and destination port number,
an acknowledgement number, and a sequence number. The port number
recognises an application, the acknowledgement number indicates that
the recipient receives the packet and the sequence number numbers the
octets in the packet and delivers them in the right order.
TCP advantages are:
=> Stream Data Transfer: TCP sets the data into basic blocks or
datagrams by grouping the bytes in TCP segments. TCP itself decides
how to segment the data.
=> Reliability: TCP assigns a sequence number to each byte
transmitted, and expects a positive acknowledgment (ACK) from the
receiving TCP. If the ACK is not received within a timeout interval,
the data is retransmitted. The receiving TCP uses the sequence
numbers to rearrange the segments as they arrive out of order, and to
eliminate duplicate segments.
=> Full Duplex: TCP provides concurrent data streams in both
directions.
=> Flow Control: The receiving TCP, when sending an ACK back to the
sender, also indicates to the sender the number of bytes it can
receive beyond the last received TCP segment, without causing overrun
and overflow in its internal buffers.
Crouzet Expires - October 20033 [Page 7]
Authenticated Mail Transfer Protocol April 20033
=> Logical Connections: TCP initialises and maintains certain status
information for each data stream. The combination of the reliability
and flow control mechanisms is called a logical connection.
To sum up, TCP provides end-to-end reliable communication. It ensures
the retransmission of any lost packets, puts in order the received
packets and acknowledges any packets to the sender. TCP is safe; in
any case, the packet arrives to the recipient.
2.1.4Application Layer
The Authenticated Mail Transfer Protocol (AMTP) header handles and
presents the data to the user. It analyses commands and sends an
answer to the user. It is located at the Application layer in the
TCP/IP model. This is where the implementation of AMTP is located.
2.2 General View
The following figure describes the States of Authenticated Mail
Transfer Protocol in a general view. In the Identified state, the
user has to be identified before he/she sends the email. The user
writes his/her email in the Email state. At the end of the message,
the server delivers the email to the recipient. If the recipient is
internal, the email is immediately delivered to the recipientÆs
mailbox. If the recipient is external, the sender server uses the
Information state. The recipientÆs server executes the Retrieved
state to retrieve the email from the senderÆs server. These two
states are reserved to the server and are the result of the solution
to recognise a user, reduce spam mails and stop anonymous mails.
---------------------------------------------------------------------
User -> Identified State -> Email State Logout State
Sender server -> Information State -> Logout State
Recipient server -> Retrieved State -> Logout State
---------------------------------------------------------------------
Figure 2: General View of Mail Transfer Protocol
---------------------------------------------------------------------
2.3 Explanation
The server host starts the Authenticated Mail Transfer Protocol
service by listening to the port 26. The client establishes a TCP
connection with the server. He/she can use the command telnet <server
IP address> 26. If the server accepts the connection, it sends back a
reply code 220. Now the server and the client can exchange commands
and responses. The server or the client can close or abort the
connection at any time.
The Authenticated Mail Transfer Protocol session progresses through a
number of steps during its lifetime. Once the TCP connection has been
Crouzet Expires - October 20033 [Page 8]
Authenticated Mail Transfer Protocol April 20033
opened and the AMTP server has accepted the transaction, the session
enters into the Identified State. In this state, the user must
identify himself to the server. Once the user has successfully done
this, the session enters into the Email State. In this state, the
user will be allowed to request an action from the server. He/she can
send an email to a random user. When the user has finished his/her
session, he/she has to enter the command QUIT and the session enters
into the Logout State. Therefore, the server releases no more
information and closes the network connection (TCP), database
connection or files.
Authenticated Mail Transfer Protocol contains two serverÆs states:
Information and Retrieved states. These states are reserved to the
mail server only and occur in cases where the server has to send an
external email. A user will be able to call the command but the
transaction will be aborted after the server recognises the
parameters are incorrect. Only one server knows the user, it is the
senderÆs server. The recipientÆs server accepts information coming
from the senderÆs server or a user. The only thing mailÆs servers
have in common is the port 25. It is the only piece of information
that a server can recognise another mailÆs server. The port 25 makes
sure that the transaction takes place between two mail servers and
not between a user and a server.
The first state is the Information State. In this state, the senderÆs
server informs the recipientÆs server that an email is waiting to be
delivered. The senderÆs server gives the recipientÆs server a number
that refers to the email, the recipient's address and its IP address
or domain name. The IP address or domain name is required to allow
the recipientÆs server to connect into the senderÆs server. The
second state is the Retrieved State. In this state, the recipientÆs
server connects to the senderÆs server to retrieve an email. It gives
the number and the recipient address that has been passed in the
Information State. When these states are completed, the transaction
enters in to the Logout State to close the connection and stop
releasing information.
These two states are automatic and fast. It is only two computers
that are exchanging data. A timeout can be created when the server is
waiting for a command. The two functions of these servers are to send
and read information. They do not perform tasks that require time,
resource or memory.
A graphical representation of Authenticated Mail Transfer Protocol
can be found in the Appendix C. The flowchart describes some actions
and events of the protocol. It also gives a descriptive view of the
protocol.
Crouzet Expires - October 20033 [Page 9]
Authenticated Mail Transfer Protocol April 20033
2.4 Goals
This solution solves the problem of anonymous email. Therefore,
everyone knows where the email comes from. The sender exists and the
senderÆs server recognises him/her. It does not stop spam mails but a
user has the possibility to avoid it and locate the sender. The
solution still has to be tested to see if a hacker can crack it and
if this solution is feasible on the network.
3. Authenticated Mail Transfer Protocol States
3.1 Identified State
3.1.1Presentation
This state is important because it protects the user from anonymous
email. Two new commands have been added to realise this state. The
user connects to the server and receives the reply code 220 that
means that the connection is successful and allows the user enters
into the Identified State. In this state, the user types the command
USER that means he/she wants to be identified by the server. The
server answers by the reply code 250 when it is ready to recognise
the user. The user can also quit the connection at any time by typing
the command QUIT. In this case, the server will close any resources.
The user types his/her username and password. Any user can be
identified with these parameters. There are three types of answers
for the server. In the case the username and password correspond to
one user, the server replies with the code 250 and sends him/her a
welcome message and the serverÆs capabilities that give some helpful
information about serverÆs capabilities to the user. The server now
knows the user who can use now any AMTP commands. In the case the
username and password are incorrect, the server replies with the code
401. After the third try from the user, the server closes the
connection and replies with the code 555.
3.1.2Command
USER
The user enters the command USER to inform the server that he/she
wants to be identified by the server. It is the first step for a
user: Before he/she can send any email, he/she has to be identified
by the server. The command USER does not need any parameters.
<USERNAME> <PASSWORD>
The user has entered the command USER. Now he/she needs to enter
his/her username and password. In order to protect the user, the
username has to be different from his/her email address and make sure
that there is no space between words. Also, the username and password
are entered after the command USER in order to protect these data. It
will be difficult for a hacker to find these parameters. If the
hacker listens to the network, he/she has to catch the command USER
and the packet with the username and password data.
Crouzet Expires - October 20033 [Page 10]
Authenticated Mail Transfer Protocol April 20033
3.2 Email State
3.2.1Presentation
In this state, the user can send an email. Once the user is logged
into the server, he/she does not have to enter his/her email address
any more. The server will add his/her email address to the header of
the message. The command MAIL FROM has been removed from the
protocol. The header ôFromö is still needed in the message. The user
enters the recipientÆs address. He/she types the command RCPT TO:
<Recipient address>. The server validates the email address and
acknowledges if the recipientÆs email is internal or external to the
system. If it is internal, the server checks if the user exists or
not. If the user does not belong to the server, the server sends back
an error. If the email is external, the server continues the process.
The user will be able to enter a complete header with the command
HEAD. This command separates the header of the message from its body.
This command is describes in section 6: ôAuthenticated Mail Transfer
Protocol Headerö in this document.
After this, the user enters the command DATA to specify the messageÆs
body. The user writes the data. The server saves these data into an
email. If the recipientÆs email is internal, the AMTP server
transports the message to the recipientÆs mailbox directly. If the
recipient email is external, the AMTP server starts the Information
State.
3.2.2Command
RCPT TO: <recipientÆs address> [, <recipientÆs address>]
This command is used to identify an individual recipient of the mail
data. It is the same command described in RFC 2821 [5], therefore
reply codes are the same. The parameter for this command can be a
list of recipientÆs addresses separated by a coma (æ,Æ). The command
returns information about the validity of the recipientÆs address.
DATA
The user uses this command to enter the data of the message. When the
server accepts the command DATA, it has to send a message to the
recipient. The server keeps a trace of it, either for relaying or for
final delivery, by using the line ôReceived Fromö in the header of
the message. This trace indicates the identity of the host. It is the
same command described in RFC 2821. Reply codes are the same.
3.3 Logout State
3.3.1Presentation
The Logout State is what closes the connection between the server and
the client when the user has finished with his/her email and wants to
leave the server. The server will stop releasing any of the resources
used like the database, the TCP channel, files and the thread. The
Crouzet Expires - October 20033 [Page 11]
Authenticated Mail Transfer Protocol April 20033
user uses the command QUIT to close the connection. In this process,
it is important that the server closes every resource.
3.3.2Command
QUIT
The command QUIT does not need any parameter. The server replies with
the code 221. It is only after this reply code that the transaction
is finished.
3.4 Information State
3.4.1Presentation
In this state, the senderÆs server (SA) contacts the recipientÆs
server (SB). This state is reserved for the server only. SA connects
to SB and receives the reply code 220. Then, SA sends the command
SELO with three parameters. The three parameters are the domain name
of SA, a unique number created by SA and the recipient address. SB
verifies if the domain name or IP address corresponds to the
parameters found in the network packet. SB checks if the recipient
exists or not in its server. If the recipient is unknown, SB sends
the error back to SA, SA sends it back to the user and deletes the
message. If the process is handled successfully, SB continues with
the Retrieved state.
In case the server is a relay to distribute the email, the senderÆs
server proceeds normally. The relayÆs server will retrieve the email
and send the number to the recipientÆs server. The senderÆs server
will only proceed with the relayÆs server, which is a useful tool for
sending emails to everyone everywhere. The senderÆs server will use
it to send email around the world without knowing some of the mail
servers. The relayÆs server needs the ability to answer the command
SELO and to provide the action for the Retrieved State. The relayÆs
server does not require to check the recipient. In a relayÆs server,
the domain name is the only barrier that could stop an email from
being sent.
3.4.2Command
SELO <DOMAIN> <NUMBER> <RECIPIENT>
The command SELO needs three parameters: DOMAIN, NUMBER and
RECIPIENT. The parameter DOMAIN can be the IP address or the domain
name of SA. It allows SB to establish a connection with the server.
The parameter NUMBER is the identifier of the message. This parameter
allows SA to recognise the message. The parameter RECIPIENT is the
recipient's address. SA saves these parameters and the address of the
recipientÆs server.
The parameter RECIPIENT is used to identify an individual recipient
of the mail data. If the server knows the recipient or if the domain
name is in the relay table, SB answers by the reply code 250. If the
user is not recognised by the server or if the domain name is not on
Crouzet Expires - October 20033 [Page 12]
Authenticated Mail Transfer Protocol April 20033
the relay table, SB sends back the reply code 550. The relay table is
a list of domain names where the server relays emails to another
server. In case of success, SB enters into the Retrieved State.
3.5 Retrieved State
3.5.1Presentation
In the Retrieved State, the recipientÆs server (SB) establishes a
connection with the senderÆs server (SA) to retrieve the email with
the number given in the Information state. If the connection is
successful, SA answers by the reply code 220. Then, SB sends the
command SEMA with two parameters separated by colon (æ:Æ). These two
parameters are the recipient address and the unique number. SA checks
if these parameters exist or not in its mail queue. If the number,
the address of SB and recipientÆs address are correct, the message
will be given to SB. SB saves the message and the email appears in
the recipientÆs mailbox. In case the number and the recipient address
are incorrect, SA sends an error message to SB.
The relayÆs server proceeds through this state. The difference
between a relayÆs server and a recipientÆs server is that the relayÆs
server will start the Information State to inform another relayÆs
server or the recipientÆs server. The relayÆs server will save the
email and create a number to use the command SELO. It implements a
relay queue to keep sending the email.
3.5.2Command
SEMA <RECIPIENT>:<NUMBER>
This command is reserved to the server. It needs two parameters:
RECIPIENT and NUMBER. The parameter RECIPIENT is the recipient
address. The parameter NUMBER is a number used to recognise the email
on SA. If the number exists, SA will send the data together. If the
number is wrong, the connection will be closed.
If the message has not been retrieved and the lifetime of the email
has expired, the AMTP server will inform the sender about it. The
sender can resend the message. The AMTP server will keep a trace of
this message and inform the administrator about the fact that the
message has not been retrieved. The administrator can think about the
reason why the message was not delivered.
4. Relay
4.1 Presentation
An open relay is an AMTP server that allows people to relay emails.
By processing mail that is not for or from a local user, an open
relay makes it possible for an unscrupulous sender to route large
volumes of spam. A user can send an email to his/her server and use
the open relay server to transfer a mail to other servers.
Crouzet Expires - October 20033 [Page 13]
Authenticated Mail Transfer Protocol April 20033
With this solution, the open relay server will do exactly the same
transaction as a recipient server. It receives the notification for
an email and retrieves the email. After this transaction, it will
inform the recipient server that a mail has to be retrieved on the
relayÆs server. It is more work for the open relay server. The email
will arrive to the sender even if the mail passes by an open relay
server. The transaction between the sender and the recipient within
an open relay will be longer than if there were a direct link between
the two servers. The advantages are that the spammer cannot use the
open relay to send anonymous mail and the senderÆs server does not
have to know each recipientÆs server to transfer an email.
4.2 Description
---------------------------------------------------------------------
Sender <- AMTP -> Sender Server <- AMTP -> Relay Server <- AMTP ->
Recipient Server <- POP or IMAP -> Recipient
---------------------------------------------------------------------
Figure 3: Presentation of transaction with a relay server
---------------------------------------------------------------------
The senderÆs server transfers an external email to the relayÆs
server. When the route to send a mail to the recipient is not known
by the senderÆs server, it goes through a relayÆs server to
accomplish the transaction. The senderÆs server enters into the
Information State and informs the relayÆs server that an email is
waiting to be retrieved. The relayÆs server accepts the email if it
knows the recipientÆs server or another relayÆs server that it can
send the email to by checking its route table. It goes into the
Retrieved State. The relayÆs server retrieves the email from the
senderÆs server. Instead of saving the email in the userÆs mailbox,
it saves the email as an external email and informs the recipientÆs
server or another relayÆs server about it. The email is saved into
the relayÆs server and the senderÆs server has sent this email.
The relayÆs server is in the Information State and waits for an
answer from the recipientÆs server. The recipientÆs server checks the
recipientÆs address and validates the mailÆs address. If the user
does not exist, it sends back an error message to the relayÆs server
that sends a mail to the sender to informs him/her about the fact
that the recipientÆs address is incorrect. If the mail address is
correct, the recipientÆs server enters into the Retrieved State. It
retrieves the email from the relayÆs server and saves the email into
the userÆs mailbox.
The transaction between a senderÆs server and a relayÆs server is
identical to a transaction between a senderÆs server and a
recipientÆs server. The same transaction is also used between a
relayÆs server and a recipientÆs server. The difference in a relayÆs
Crouzet Expires - October 20033 [Page 14]
Authenticated Mail Transfer Protocol April 20033
server is that the email has to be sent to another server. The
relayÆs server will change the parameter NUMBER in the command SELO,
by creating a new one to avoid a copy of the message.
4.3 Result
The procedure is:
---------------------------------------------------------------------
Step1:
Sender MailÆs client --> SenderÆs server
Using AMTP logout state, AMTP identified state and AMTP mail state
---------------------------------------------------------------------
Step 2:
SenderÆs server --> RelayÆs server
Using AMTP information state
SenderÆs server <-- RelayÆs server
Using AMTP Retrieved state
---------------------------------------------------------------------
Step 3:
RelayÆs server --> RelayÆs server
Using AMTP information state
RelayÆs server <-- RelayÆs server
Using AMTP Retrieved state
---------------------------------------------------------------------
Step 4:
RelayÆs server --> RecipientÆs server
Using AMTP information state
RelayÆs server <-- RecipientÆs server
Using AMTP Retrieved state
---------------------------------------------------------------------
Step5:
RecipientÆs server <-- Recipient MailÆs client
Using POP3 or IMAP transaction
---------------------------------------------------------------------
Authenticated Mail Transfer Protocol is operational as a relay
server. The relayÆs server is used to transfer mails to a recipientÆs
server. Authenticated Mail Transfer Protocol is therefore protected
against anonymous mails. A user can send an email to his/her server
and use the relayÆs server to transfer the mail to other server.
5. Protections for the network
5.1 Presentation
In order to protect a network, it is possible to use a router, a
firewall, a proxy server or a firewall associated with a proxy
server. It is important to accept or refuse requests coming from
Crouzet Expires - October 20033 [Page 15]
Authenticated Mail Transfer Protocol April 20033
outside the network or going out of the network. A network has to be
protected in order to increase the security of the userÆs data.
Figure 4 represents one possibility of protection of a network. The
network 1 is outside the network 2. The router, the firewall or the
proxy server can be used as a gateway. It would allow the network 2
to establish a route to the network 1. When an administrator combines
these protections, the diagram of the network is different. In any
case, an administrator needs a gateway to connect the network 1 with
the network 2. The design of the network 2 can be different. It is
possible to have a firewall, a proxy server and a router separately
or working together.
---------------------------------------------------------------------
Sender <- AMTP -> Sender Server on network 1 <- AMTP -> Firewall,
Router or proxy server <- AMTP -> Recipient Server
---------------------------------------------------------------------
Figure 3: Presentation of protections for the network
---------------------------------------------------------------------
The first protection is a router. It connects a network to another
network. Many routers connected to each other create the World Wild
Web. The Access List is used to ban or to authorise some packets to
enter the network. The Access list has to be configured in the router
configuration.
The second protection is a firewall, which is used to filter IP
packets going into, or coming out of the network. A firewall can
block, forward or pass the packet to the final recipient. The
firewall can be setup to filter a protocol (TCP, UDP or ICMP), a
port, an IP address or a range of IP address. A firewall is the most
powerful tool to filter the packets from the network but not to
protect the IP address of the network.
The last protection is a proxy server, which is used to filter the
packet going into, or coming out of the network. It is similar to a
firewall but the proxy server will keep the network completely
inaccessible from outside the network. The proxy server redirects any
queries (HTTP, SMTP or FTP) to the server in charge of the protocol
whether it is inside or outside the network. From an outside point of
view, the user believes the proxy server is the server in charge of
the protocol. He/she cannot establish a connection to any server
inside the network except for the proxy server. In order to establish
a transaction going out of the network, the user establishes a
connection to the proxy server and then the proxy server request the
userÆs queries. The proxy server changes the user IP address in the
packet and replaces it by its IP address.
An administrator can combine these protections and obtain a well-
protected and secured network. The challenge for him/her is to find
Crouzet Expires - October 20033 [Page 16]
Authenticated Mail Transfer Protocol April 20033
the right configuration that protects every server and computer, and
allows the user to have access to every data authorised outside and
also inside the network.
5.2 Router
5.2.11 router
A router type CISCO 2600 has been used to establish the connection
between two networks. The router allows the network ô192.5.5.0ö to be
connected to the network ô205.7.5.0ö. These two networks can transfer
data to one another. Without configuring the Access List,
Authenticated Mail Transfer Protocol is operational. The senderÆs
server can establish a connection to the recipientÆs server and send
an email. The router passes the information to any AMTP servers. It
is a gateway between these two networks.
5.2.23 Routers
A router type CISCO 2600 and two routers type CISCO 2504 has been
used to establish the connection between two networks through two
other networks. Again, AMTP is working perfectly. The AMTP server in
the network ô192.5.5.0ö can establish a connection and transfer a
message to the recipient server in the network ô223.8.151.0ö using
the network ô201.100.11.0ö and ô199.6.15.0ö. The routers are able to
set up a virtual route between the two AMTP servers. This virtual
route delivers any packets to the recipient server.
5.3 Firewall
5.3.1Linux
The command IPCHAINS realises a firewall under Linux. The Linux
version is a Red Hat 6.0. The firewall routes any packets with the
port 26 between the two networks and blocks any other requests. The
Linux computer contains two network cards and a route has to be added
to connect these two networks. The configuration of the firewall is
used to let pass the port 26. Authenticated Mail Transfer Protocol is
operational. The senderÆs server can establish a connection to the
recipientÆs server and send an email. The firewall passes the
information to the recipient server [4].
5.3.2Windows
The software ôSolidShare 2.0ö is used as a firewall. The
configuration of the firewall is very simple. It is possible to block
ICMP, UDP or TCP packets, or ports. The firewall accepts TCP
connections and refuses UDP and ICMP. The configuration has to be
studied in detail to obtain a well-protected network. Authenticated
Mail Transfer Protocol is operational. The senderÆs server can
establish a connection to the recipientÆs server and send an email.
The router passes the information to any AMTP servers [13].
Crouzet Expires - October 20033 [Page 17]
Authenticated Mail Transfer Protocol April 20033
5.4 Proxy
5.4.1Linux
The proxy server is ôTCPPROXY 1.1.6ö. It is a proxy for TCP/IP
protocols. AMTP does not work with a proxy server because a proxy
server changes the IP address in the packet and the server inside the
network cannot establish a connection to a recipient server. The
senderÆs or the recipientÆs server has to use the IP address of the
proxy server which will redirect it to the recipientÆs server or to
the senderÆs server. The proxy server is a relay between the two
servers except that it does not work like a relayÆs server. The proxy
server just changes the IP address in the packet and not in the
command SELO. Authenticated Mail Transfer Protocol is not operational
because AMTP servers cannot use the command SELO [14].
5.4.2Windows
The proxy server is ôGateKeeper Pro 4.5ö. Like the operating system
Linux, AMTP does not work with a proxy server. Authenticated Mail
Transfer Protocol is not operational because AMTP servers cannot use
the command SELO [3].
5.4.3Solutions
Two solutions can make Authenticated Mail Transfer Protocol
operational. The first solution is to install the mail server on the
proxy server. The proxy server is not operational on port 26 because
the mail server listens to the port 26 first. The second solution is
to change the command SELO. The proxy server changes the IP address
of the packet but not the IP address in the command SELO. If the
command SELO does not send its IP address as a parameter and if the
recipient server uses the IP address of the packet, Authenticated
Mail Transfer Protocol is operational. This solution should be
considered with caution because it can decrease the security of the
network.
5.5 Proxy and Firewall
To obtain a well-protected network, an administrator installs a
firewall and a proxy server on each machine. The proxy server will be
used to hide any IP address on the network and to route HTTP
requests. The firewall will block or allow some ports to be
accessible from outside and also inside the network. For AMTP, the
port 26 needs to be open on the firewall, which let any packets pass
with the port 26 inside. The proxy server cannot interfere in the
packet because the firewall has already decided what to do with the
packet. Authenticated Mail Transfer Protocol is operational.
5.5.1Linux
The proxy server is ôTCPPROXY 1.1.6ö and the command IPCHAINS creates
a firewall under Linux. Authenticated Mail Transfer Protocol is
operational because the firewall overloads the proxy server. The two
servers can exchange information.
Crouzet Expires - October 20033 [Page 18]
Authenticated Mail Transfer Protocol April 20033
5.5.2Windows
The software ôSolidShare 2.0ö is used as a firewall and ôGateKeeper
Pro 4.5ö as a proxy server. As the operating system Linux,
Authenticated Mail Transfer Protocol is operational.
5.6 Result
A router, a firewall, or a proxy server associated with a firewall
working as a gateway makes Authenticated Mail Transfer Protocol
operational. The sender and the recipient servers can exchange data.
The proxy server does not make Authenticated Mail Transfer Protocol
operational without any change in the protocol. Two solutions have
been presented to solve the problem.
6. Authenticated Mail Transfer Protocol Header
6.1 Presentation
The email protocol needs to make a distinction between the header and
the body and also between the relayÆs server information and the
header of the message. When a user writes an email from a telnet
connection, there is a small distinction between the header and the
body. For example, the subject is entered in the body of the message
and not in the header. This option is technical and a user will not
see the difference in the mailÆs software. It is only in the
structure of the message. The header will be entered separately from
the data.
AMTP adds the version of the protocol into the server information. It
is used to specify the version of the protocol that the server used:
Version 1.0 for SMTP and Version 2.0 for AMTP. By adding this
parameter, a recipientÆs server can prevent a user from risks
incurred. AN AMTP server can accept a message from a SMTP server and
assign the version to the protocol into the server information.
The server information is the same content of the header field
ôReceived Fromö in the Simple Mail Transfer Protocol (SMTP).
Using HTML tags into the message, the server will be able to detect
directly the information it needs. The senderÆs server enters these
tags. These HTML tags are:
=> <RELAY>: Contains the relayÆs server information </RELAY>.
=> <HEAD>: Contains the header information of the message </HEAD>.
=> <BODY>: Contains the body information of the message </BODY>.
6.2 RELAY Tag
In the relay tag, the information about the relayÆs server is
specified. The relayÆs server should enter information about the
senderÆs server and the recipientÆs server using the header field
ôRELAY FROM: <senderÆs server information> TO <recipientÆs server
information> BY <relayÆs server information>ö. The recipientÆs server
Crouzet Expires - October 20033 [Page 19]
Authenticated Mail Transfer Protocol April 20033
information or the senderÆs server information could be a relayÆs
server. With this information, it will be possible to identify a
relayÆs server from the senderÆs server and to determine the route of
the message.
6.3 HEAD Tag
In the head tag, the information about the message is specified. A
new header field is introduced in order to distinct the senderÆs
server. The line ôSend to:ö is used to display the senderÆs server
information. To avoid a hacker entering his/her data in the header of
the message, this head tag is reserved to the senderÆs server. To
implement this solution, an order of the line will be specified. This
order will protect the message to be incorrect.
The order is:
=> SenderÆs details: It is the line ôFrom: e-mail address < name >ö.
=> SenderÆs server: It is the line ôSend to:ö with the server
information and the protocolÆs version.
=> Date: When the message has been written.
=> Message Identifier: It is the line ôMessage id: <number>ö.
=> RecipientÆs details: It is the line ôTo: e-mail address < name >ö.
=> Subject: It is the subject of the message.
=> Other header: These lines are used to enter different headers that
are not necessary to deliver an email.
=> MIME details: It is the details for the MIME protocol.
In order to distinct the header information to the body information,
a command HEAD is introduced. The user uses this command to enter
MIME type information. For a simple text message in ASCII characters,
the user can enter the header ôsubjectö into the body of the message
using the command DATA. The header ôsubjectö will be added into the
head tag. If a user does not type the command HEAD, the server
detects a simple message and presents the email header correctly. The
server adds the line ôsubjectö into the message and the content will
be entered into the body tag.
If a user enters the command HEAD, he can type his/her information
about the message. The first lines of the header are reserved for the
server. The server adds the header: ôFromö, ôSend Toö, ôDateö,
ôMessage idö, and ôToö. After these lines, the user inserts his/her
header that can be different information for instance MIME type. A
user inputs the header ôsubjectö in this command. If he/she tries to
add the header ôsubjectö in the message, it will be part of the
message and not the header.
6.4 BODY Tag
The body tag is used to enter the content of the message. Any
information in this tag will be considered as body information.
Crouzet Expires - October 20033 [Page 20]
Authenticated Mail Transfer Protocol April 20033
This information will be displayed to the recipient as the message
part.
6.5 Command
Head
A user types the command HEAD to enter the header details. This
command is like the command DATA. The server replies with the code
354 to enter the header details. To finish entering the data, the
user enters a dot. The server will close the header and wait for the
command DATA. The message header is always in American Standard Code
for Information Interchange (ASCII) character and no code has to be
presented.
7. Authenticated Mail Transfer Protocol Commands
7.1 Optional Commands
RSET
The command RSET allows a user to reset any action that was already
done. It allows a user to restart the transaction from the beginning.
It is the same command described in RFC 2821. The reply codes are
identical.
NOOP
The command NOOP allows a user to reset the time out timer. It is the
same command described in RFC 2821. The reply codes are the same.
HELP [<topic>]
The command HELP gives a user some information about the command it
provides. It gives back useful information to the client. It is the
same command described in RFC 2821. The reply codes are identical. If
a user enters a topic as a parameter, the system provides information
on this topic.
MORE TO: <recipient addresses>
The command MORE TO allows a sender to add more recipientÆs addresses
to the message without changing the first recipient or correcting any
recipientÆs address entered wrong. The command RCPT TO gives the
sender information about the validity of an email but does not
correct the email. Using the command MORE TO, the sender corrects
invalid emails. The parameter <recipient addresses> specifies
multiple recipientÆs addresses separated by a coma (æ,Æ).
HEAD
The command HEAD separates the messageÆs header to the messageÆs
body. This command is like the command DATA and needs no parameters.
The server replies with the code 354 to enter the header details.
When a user has finished entering his/her data, he/she enters a dot.
7.2 Obsolete Commands
Mail From
Crouzet Expires - October 20033 [Page 21]
Authenticated Mail Transfer Protocol April 20033
The sender server manages this command and adds the sender address to
the message. It is a hidden field like the ôreceived fromö field.
EHLO
Since a user has to be identified by the server, there is no point to
keep this command but the result of the command EHLO is important. It
gives helpful information about the serverÆs capabilities to the
user. The result will be displayed after the user has been
identified.
TURN
This command allows a client to become a server and the server to
become the client. For security reasons, this command has been
disabled.
VRFY
A user will be unable to verify an email address for security
reasons. It is important to know and check an email address but today
phone, letter or email communications can transmit email addresses.
EXPN
For security reasons, this command has been removed from the
protocol. This command confirms that the argument is a mailing list.
It is dangerous because a user can know the name of a mailing list
and diffuse it.
HELO
This command comes from RFC 821 [11] and been replaced in RFC 2821 by
the command EHLO. There is no point in keeping this command in the
protocol.
SEND
It is rarely implemented. There is no point in keeping this command
and since the protocol changed, this command is obsolete.
SOML
It is rarely implemented. There is no point in keeping this command
and since the protocol changed, this command is obsolete.
SAML
It is rarely implemented. There is no point in keeping this command
and since the protocol changed, this command is obsolete.
7.3 Order of commands
There are restrictions on the order in which these commands may be
used. A session starts with the command USER. After this, a user
enters his/her username and password. The server accepts the client
if he/she is identified and lets him/her continue the transaction.
The server gives him/her its capabilities. The commands NOOP, HELP
Crouzet Expires - October 20033 [Page 22]
Authenticated Mail Transfer Protocol April 20033
and RSET can be used at any time during a session or without
previously initialising a session.
The command RCPT TO begins the construction of the email. It
specifies the recipientÆs address or multiple recipient addresses. A
user can add more addresses with the command MORE TO. The command
MORE TO permits also a user to correct an email address. If a user
has a complex messageÆs header, he/she enters the command HEAD.
He/she continues in any case with the command DATA to send the email.
The transaction can be aborted by the command RSET. There may be zero
or more emails in the session.
To close the connection, a user types the command QUIT. He/she
requests the end of the session.
7.4 Authenticated Mail Transfer Protocol Procedures
7.4.1Simple Procedure
A simple AMTP procedure for a user is:
S: 220 AMTP >> Connection successful.
S: 250 AMTP >> Received from: postgrad-bc 193.1.124.54.
S: 250 AMTP >>
C: user
S: 250 AMTP >> Server Ready
C: bct 123
S: 250 AMTP >> Welcome Brice CROUZET to the AMTP server.
S: 250 AMTP >> SERVER CAPABILITIES.
S: 250 AMTP >>
C: rcpt to:jimmy.doody@master.com
S: 250 Recipient accepted for "jimmy.doody@master.com"
To add or correct a recipient address, please use the command MORE TO
S: 250 AMTP >>
C: data
S: 354 Enter the data of the message. End with "." on a line by
itself.
C: Subject: AMTP Procedure 1
C: It is a simple AMTP procedure.
C: .
S: 250 Mail delivery successful for "jimmy.doody@master.com"
S: 250 AMTP >>
C: quit
S: 221 Disconnection
The email has been received:
<HEAD>
Crouzet Expires - October 20033 [Page 23]
Authenticated Mail Transfer Protocol April 20033
From: brice.crouzet@master.com
Send To: master.com (193.1.124.54); 09 April 2003 08:56:50 o'clock
IST; Version: 2.0
Date: 09 April 2003 08:56:50 o'clock IST
Message id: 1049998467218
To: jimmy.doody@master.com
Subject: AMTP Procedure 1
</HEAD>
<BODY>
It is a simple AMTP procedure.
</BODY>
7.4.2Procedure using optional commands
An AMTP procedure using optional commands is:
S: 220 AMTP >> Connection successful.
S: 250 AMTP >> Received from: postgrad-bc 193.1.124.54.
S: 250 AMTP >>
C: user
S: 250 AMTP >> Server Ready
C: bct 123
S: 250 AMTP >> Welcome Brice CROUZET to the AMTP server.
S: 250 AMTP >> SERVER CAPABILITIES.
S: 250 AMTP >>
C: help
S: 214 This is an AMTP Server.
214 Topics:
214 QUIT HELP RCPT HEAD DATA RSET
NOOP
S: 250 AMTP >>
C: help data
S: help for DATA
S:
S: 250 AMTP >>
C: noop
S: 250 AMTP >> Noop OK
S: 250 AMTP >>
C: rcpt to:jimmy.doody@master.com
S: 250 Recipient accepted for "jimmy.doody@master.com"
To add or correct a recipient address, please use the command MORE TO
S: 250 AMTP >>
C: more to:brice.crouzet@master.com
S: 250 Recipient accepted for "brice.crouzet@master.com"
To add or correct a recipient address, please use the command MORE TO
S: 250 AMTP >>
Crouzet Expires - October 20033 [Page 24]
Authenticated Mail Transfer Protocol April 20033
C: head
S: 354 Enter the header of the message. End with "." on a line by
itself.
C: Subject: AMTP Procedure 2
C: .
S: 250 Head Command Accepted
S: 250 AMTP >>
C: data
S: 354 Enter the data of the message. End with "." on a line by
itself.
C: Subject: Test
C: It is an AMTP procedure using optional commands.
C: .
S: 250 Mail delivery successful for "jimmy.doody@master.com",
"brice.crouzet@master.com"
S: 250 AMTP >>
C: quit
S: 221 Disconnection
The email has been received:
Email 1:
<HEAD>
From: brice.crouzet@master.com
Send To: master.com (193.1.124.54); 09 April 2003 09:00:17 o'clock
IST; Version: 2.0
Date: 09 April 2003 09:00:17 o'clock IST
Message id: 1049998673855
To: jimmy.doody@master.com
Subject: AMTP Procedure 2
</HEAD>
<BODY>
Subject: Test
It is an AMTP procedure using optional commands.
</BODY>
Email 2:
<HEAD>
From: brice.crouzet@master.com
Send To: master.com (193.1.124.54); 09 April 2003 09:00:17 o'clock
IST; Version: 2.0
Date: 09 April 2003 09:00:17 o'clock IST
Message id: 1049998673895
To: brice.crouzet@master.com
Subject: AMTP Procedure 2
Crouzet Expires - October 20033 [Page 25]
Authenticated Mail Transfer Protocol April 20033
</HEAD>
<BODY>
Subject: Test
It is an AMTP procedure using optional commands.
</BODY>
7.4.3Procedure with RSET command
AN AMTP procedure using the RSET command is:
S: 220 AMTP >> Connection successful.
S: 250 AMTP >> Received from: postgrad-bc 193.1.124.54.
S: 250 AMTP >>
C: user
S: 250 AMTP >> Server Ready
C: bct 123
S: 250 AMTP >> Welcome Brice CROUZET to the AMTP server.
S: 250 AMTP >> SERVER CAPABILITIES.
S: 250 AMTP >>
C: rcpt to:jimmy.doody@master.com
S: 250 Recipient accepted for "jimmy.doody@master.com"
To add or correct a recipient address, please use the command MORE TO
S: 250 AMTP >>
C: rset
S: 250 AMTP >> Reset OK
S: 250 AMTP >>
C: data
S: 503 Need RCPT before DATA "data".
S: 250 AMTP >>
C: rcpt to:brice.crouzet@master.com
S: 250 Recipient accepted for "brice.crouzet@master.com"
To add or correct a recipient address, please use the command MORE TO
S: 250 AMTP >>
C: data
S: 354 Enter the data of the message. End with "." on a line by
itself.
C: Subject: AMTP Procedure 3
C: It is an AMTP procedure using RSET command.
C: .
S: 250 Mail delivery successful for "brice.crouzet@master.com"
S: 250 AMTP >>
C: quit
S: 221 Disconnection
The email has been received:
Crouzet Expires - October 20033 [Page 26]
Authenticated Mail Transfer Protocol April 20033
<HEAD>
From: brice.crouzet@master.com
Send To: master.com (193.1.124.54); 09 April 2003 09:02:13 o'clock
IST; Version: 2.0
Date: 09 April 2003 09:02:13 o'clock IST
Message id: 1049998790603
To: brice.crouzet@master.com
Subject: AMTP Procedure 3
</HEAD>
<BODY>
It is an AMTP procedure using RSET command.
</BODY>
8. Authenticated Mail Transfer Protocol Reply codes
8.1 New Reply Codes
Reply codes are important for a server and a user because it permits
them to know if the transaction is correct or not. The reply code 555
informs the server for any errors that occur between two servers. The
error permits the server to take action of it. There are four types
of error: during the Identified state, during the transaction to send
an email (Email State) and during the transaction between two servers
for the commands SELO and SEMA.
For the Identified state, the reply codes are:
=> 503 Use the Command USER before other commands.
=> 401 User unknown û Enter the user information again - only 3
times.
=> 505 User does not exist û Connection close.
=> 250 User Accepted.
When the user sends an email, the reply codes are:
=> 501 The email is wrong.
=> 551 User not local.
=> 250 Server Ready.
When the server uses the command SELO, the reply codes are:
=> 555 Selo command error û Recipient Unknown, Argument missing,
Command Unknown or Result Unknown.
=> 250 Selo Accepted.
=> 250 Mail accepted for delivery.
When the server uses the command SEMA, the reply codes are:
=> 555 Sema command error û Argument missing, Mail does not exist,
Command Unknown or Result Unknown.
=> 555 Mail error.
=> 250 Sema Accepted.
=> 250 Mail delivered.
Crouzet Expires - October 20033 [Page 27]
Authenticated Mail Transfer Protocol April 20033
8.2 Reply Codes from Request For Comment 2821
Positive Completion replies are:
=> 211 System status or system help reply.
=> 214 Help message.
=> 220 Service ready.
=> 221 Service closing transmission channel.
=> 250 Requested mail action okay, completed.
=> 251 User not local.
=> 252 Cannot VRFY user, but will accept message and attempt
delivery.
Positive Intermediate reply is:
=> 354 Start mail input; end with.
Transient Negative Completion replies are:
=> 421 Service not available, closing transmission channel.
=> 450 Requested mail action not taken: mailbox unavailable.
=> 451 Requested action aborted: local error in processing.
=> 452 Requested action not taken: insufficient system storage.
Permanent Negative Completion replies are:
=> 500 Syntax error, command unrecognized.
=> 501 Syntax error in parameters or arguments.
=> 502 Command not implemented.
=> 503 Bad sequence of commands.
=> 504 Command parameter not implemented.
=> 550 Requested action not taken: mailbox unavailable.
=> 551 User not local; please try.
=> 552 Requested mail action aborted: exceeded storage allocation.
=> 553 Requested action not taken: mailbox name not allowed.
=> 554 Transaction failed.
9. Authenticated Mail Transfer Protocol Information
9.1 Advantages
The main advantage is that the AMTP server knows the user. It allows
a server to identify and trust a sender. The two servers listen to
the port 26 and are able to answer any commands. The difference that
exists with the old protocol is that the recipient server has be
working to receive the email. The recipient server needs to establish
a connection with the sender server in order to retrieve the message.
This transaction allows the senderÆs server to validate the senderÆs
address.
The other advantage is that a user is not concerned about the danger.
The result of an attack will concern only the AMTP server. In order
to deliver an email, the transaction has to go through every step of
process. If the transaction detects any error in the process, the
Crouzet Expires - October 20033 [Page 28]
Authenticated Mail Transfer Protocol April 20033
server will stop the transaction with the client. It is important to
ensure the security for the user.
To find the number and the recipient address is a very high difficult
task. These two parameters depend on the sender server and the user.
It is possible to find the algorithm that produced the number but it
will be difficult to find the recipient address and the number
together. The recipient address depends on the sender and the number
will depend on the number of messages sent. These numbers are stored
in the server, where it is difficult to crack the database.
9.2 Disadvantages
To send an external email takes longer and needs two connections. The
two servers concerned have to establish a connection between each
other. It takes more time to do this than SMTP. The big inconvenient
is the time taken. It does not take longer than with Simple Mail
Transfer Protocol but to transfer an email is a complete and secure
transaction.
The main problem is the number of connections between the two
servers. The result of a high number of connections can be a Denial
of Service attack. The server has to respond to two different types
of connection: a user and a server. The server needs more resources
to complete the transaction. There are three server queues. The first
queue is to inform the recipient server. The second queue is to
retrieve the message with the number. The third queue is to write the
email in the recipient mailbox.
The AMTP server will be busy and need more resources. Today, the
resource allows computers to do this. The problem comes from the
bandwidth of the network.
9.3 Denial of Service (DoS)
The Denial of Service attack is characterised by an explicit attempt
by attackers to prevent legitimate users of a service from using that
service. Attackers:
=> Attempt to overflow a network,
=> Attempt to disrupt connections between 2 computers,
=> Attempt to prevent a particular individual from accessing a
service or
=> Attempt to disrupt service to a specific system.
In the case of Authenticated Mail Transfer Protocol, the result of
the attack is that the server should be unable to transfer a mail.
To increase the number of connections to the server can attack the
server. In order to prevent this type of attack, the server has to
analyse connections to the server, especially when they have failed.
With the connection, the server can find the sender and block him/her.
It is possible to implement a firewall to block the incorrect packet,
for example, when IP address is incorrect or when the result of
Crouzet Expires - October 20033 [Page 29]
Authenticated Mail Transfer Protocol April 20033
commands SEMA and SELO have failed. The administrator has to observe
the serverÆs performance and to establish an ordinary level.
The Denial of Service attack can be terrible for everybody. In any
case, the server needs a backup server in order to still be able to
work when a DoS attack occurs. The service will keep on transferring
the message. The administrator determines the origin of the attack
and kills the attackerÆs connections.
9.4 Hackers
A hacker has to run an AMTP server on port 26. It is more difficult
for him/her because only one programme can listen to the port 26. A
hacker cannot implement a programme on an AMTP server. Moreover,
he/she cannot use a telnet connection to send an anonymous email or
create a fake AMTP server on a computer without a port 26.
A hacker can use a Denial of Service attack. Then, the AMTP server
will be allowed to answer any transaction, which is dangerous. A
hacker will use the command used by the server to attack the server.
This will be impossible to do because the hacker has to know the
number of the message and the recipient address, which he/she does
not. It is impossible to determine these parameters. If the hacker
tries too many times, the server will discover the attack and close
the connection. It is impossible for the user to be attacked.
If a hacker tries to use the command SELO, it will result in an error
or in a connection to a server without an email to retrieve. An error
appears if a hacker does not use an AMTP server. The recipientÆs
server will be unable to connect to any userÆs computer. In case a
hacker uses an AMTP server, the recipientÆs server cannot retrieve an
email except if the hacker has his/her own mail server. In this case,
the administrator knows exactly where a hacker is and what computer
he/she is using.
If a hacker tries to use the command SEMA, it will result in an
error. A hacker has to know two arguments: the recipientÆs address
and the number. If these two arguments are correct and save into the
database of the senderÆs server, the email will be given. If not, an
error will occur and a hacker gets nothing.
9.5 Protections
A server is protected when it pays attention to the number of failed
connections. The programme provided by a hacker will result an error.
It is impossible for a server to be wrong except if the connection
fails which is a different error. The user is protected because
he/she cannot receive anonymous email. This means the end of
anonymous emails and the frustration that a user can have, because
he/she does not know what to do about it.
Crouzet Expires - October 20033 [Page 30]
Authenticated Mail Transfer Protocol April 20033
9.6 Trace
When a mail is sent, the AMTP server will keep a trace of the message
into its database. It uses the ômessage idö field to identify the
message. The sender database contains a table with the sender
address, the IP address of the sender and the ômessage idö field.
This information helps an administrator to recognise the original
sender of a message. It also keeps the IP address of the sender
secret.
9.7 Testing
To make sure a hacker cannot send an email to the server, the server
has been tested. A user has to be identified to the server if he/she
wants to send or to read an email. A hacker has to know a username
and a password from the server. Except through this door, a hacker
cannot send an email.
If a hacker uses the command SELO, he/she has two choices. The first
choice is to run the command from a computer without any AMTP server.
The AMTP server will never go into the next step. It never runs the
command SEMA. If a hacker is connected to the AMTP server and tries
to run the command SELO, the transaction will be aborted because
there is no message waiting in the AMTP server for the hacker. Again,
a hacker has to find these two parameters (number and recipient
address), which is not an easy task.
If a hacker uses the command SEMA, he/she can run the command from an
AMTP server or from a telnet connection. Nothing will happen. The
transaction will be disconnected because no message exists. The
transaction occurs correctly if an email is waiting to be retrieved.
It means that the number and recipient are correct and that the email
exists in the server. It is a very secured transaction.
9.8 Communication between AMTP and SMTP
The communication between the new protocol (AMTP) and the existing
protocol (SMTP) is impossible since the commands and procedures
changed. The user to server communication is operational because a
user establishes a connection to AMTP or SMTP. The server-to-server
is non operational because the AMTP server cannot answer any SMTP
commands. It is possible to implement SMTP commands inside an AMTP
server but it will obsolete AMTP.
A solution can be to allocate a new port to AMTP like the port 26. If
the port 26 is opened on the recipientÆs server, the AMTP server
establishes a connection to the server using AMTP. If the port 26 is
closed and the port 25 is opened on the recipientÆs server, the AMTP
server establishes a connection to the server using SMTP. The port 26
can be used as a transition step to replace SMTP. AMTP can create a
local network for the transfer of mail between researcher,
institutes, college or companies who cares about security.
Crouzet Expires - October 20033 [Page 31]
Authenticated Mail Transfer Protocol April 20033
10. Conclusion
There is one solution to identify a user by a server. The
Authenticated Mail Transfer Protocol server needs to know the user
before it can proceed a transaction with him/her. The transaction
between two servers takes time and needs more resources. The solution
offers the guarantee that the sender exists and avoids anonymous
email, which is the goal reached. It is a major step to proceed to
the success of the masters thesis.
Authenticated Mail Transport Protocol contains three client-to-server
states (Identified, Email and Logout States) and two server-to-server
(Information and Retrieved States). It is important to have all these
states because it allows a server to identify a user.
The header of the email is completely different from the data of the
message. With the separation of the header from the data and the
command HEAD, Authenticated Mail Transfer Protocol is able to make a
difference between the header and the body of an email. Authenticated
Mail Transfer Protocol adds and removes commands from Simple Mail
Transfer Protocol. It can also add reply codes.
There are some advantages and disadvantages to this solution. The
hacker will find it more difficult to crack Authenticated Mail
Transfer Protocol with these new states. The user is more protected
compared to Simple Mail Transfer Protocol, but the server is more
exposed. Far from being the only solution, it has the merit of
stopping anonymous mail.
Security Considerations
Security Considerations has been described during this document.
References
Appendix
Appendix A: Acronyms
ASCII=> American Standard Code for Information Interchange (ASCII) is
the most common format for text files in computers and on the
Internet. In an ASCII file, each alphabetic, numeric, or special
character is represented with a 7-bit binary number (a string of
seven 0s or 1s). 128 possible characters are defined [15].
DNS => Domain Name System (DNS) is a distributed system of having the
data at different locations and is effectively a database of mappings
between the names that computer are known as and their IP addresses.
Crouzet Expires - October 20033 [Page 32]
Authenticated Mail Transfer Protocol April 20033
In order to communicate with a system one's computer must get the IP
address of the computer it wants to talk to from the DNS first. These
are stored in the DNS in what are known as A records [16].
IP => Internet Protocol (IP) is designed for use in interconnected
systems of packet-switched computer communication networks. The IP
provides for transmitting blocks of data called datagramÆs from
sources to destinations, where sources and destinations are hosts
identified by fixed length addresses. The IP also provides for
fragmentation and reassemble of long datagramÆs, if necessary, for
transmission through "small packet" networks [9].
MIME => Multipurpose Internet Mail Extensions (MIME) is an extension
of the original Internet email protocol that lets people use the
protocol to exchange different kinds of data files on the Internet.
The type of data can be audio, video, images, application programs,
and other kinds, as well as the ASCII handled in the original
protocol (SMTP). [2] and [6].
RFC => Request For Comment (RFC) forms a series of notes, started in
1969, about the Internet. The notes discuss many aspects of computer
communication, focusing on networking protocols, procedures,
programmes, and concepts but also including meeting notes, opinion,
and sometimes humour [12].
SMTP => Simple Mail Transfer Protocol (SMTP) is to transfer any mail
from a client to a server and is defining in RFC 0821 [11] and RFC
2821 [5]. The protocol used the port 25 to receive the data and the
TCP/IP protocol to transport the data in the network.
TCP => Transmission Control Protocol (TCP) is intended for use as a
highly reliable host-to-host protocol between hosts in packet-
switched computer communication networks, and in interconnected
systems of such networks [10].
Appendix B: Terminology
=> A mail, email, message or electronic mail represents a message
sent across the network from one person to another.
=> Anonymous email is email that has been directed to a recipient
through a third-party server that does not identify the originator of
the message.
=> Client refers to the user software.
=> Command represents a specific order from a user to an application
to perform a service.
=> Hacker is a person who tries to break into the computer system.
=> Mail Agent System represents a system to manage the mail (write,
read, delete and send).
=> Authenticated Mail Transfer Protocol characterises the Simple Mail
Transfer Protocol version 2.
Crouzet Expires - October 20033 [Page 33]
Authenticated Mail Transfer Protocol April 20033
=> Protocol or standard represents a set of rules for a subject.
=> Recipient represents the user who receives a mail and is in the
server side.
=> SA represents a SMTP server where the sender is known.
=> SB represents a SMTP server where the recipient is located.
=> Sender represents the user who sends a mail and is in the client
side.
=> Server represents the application running from the server side.
=> Spam is unsolicited email on the Internet.
=> Transaction is an exchange of information between 2 servers or a
server and a user.
=> User is used to refer to a human user.
=> Workstation represents a userÆs computer.
Author's Addresses
Brice Crouzet (PK4)
Institute of Technology Tallaght
Tallaght
Dublin 24
Ireland
Phone: + 353 (0) 14 04 23 45
Fax: + 353 (0) 14 04 20 00
E-mail: brice.crouzet@it-tallaght.ie
Copyright Notice
Copyright (C) The Internet Society (date). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
Crouzet Expires - October 20033 [Page 34]
Authenticated Mail Transfer Protocol April 20033
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE."
Crouzet Expires - October 20033 [Page 35]