CS 43: Computer Networks

12:EmailandSMTPSeptember28,2018

Mail servers communicate using…

A.  HTTP

B.  IMAP

C.  POP

D.  SMTP

Lecture12-Slide2

Mail servers typically…

A.  sendmessagesdirectlyfromthesendinguser’sservertothereceiver’sserver.

B.  sendmessagesthroughintermediaryserversonthewayfromsendertoreceiver.

Lecture12-Slide3

Users also use SMTP to retrieve their mail messages…

A.  True

B.  False

Lecture12-Slide4

Electronic mail usermailbox

outgoingmessagequeue

mailserver

mailserver

mailserver

SMTP

SMTP

SMTP

useragent

useragent

useragent

useragent

useragent

useragent

Threemajorcomponents:-  mailuseragent(MUA)-  mailtransferagent(MTA)-  simplemailtransferprotocolMailUserAgenta.k.a“mailreader”-  composing,editing,readingmailmessages

-  e.g.,Outlook,Thunderbird,iPhonemailclient

-  outgoing,incomingmessagesstoredonserver

Lecture12-Slide5

MTAs: Mail Transfer Agent

mailservers:•  mailboxcontainsincoming

messagesforuser•  messagequeueofoutgoing(to

besent)mailmessages•  SMTPprotocolbetweenmail

serverstosendemailmessages(one-way)–  client:sendingmailserver–  “server”:receivingmailserver

usermailbox

outgoingmessagequeue

mailserver

mailserver

mailserver

SMTP

SMTP

useragent

useragent

useragent

useragent

useragent

useragent

Lecture12-Slide6

If you were designing email, what would happen when Alice sends an email to Bob?

A.  Hermailclientsendsamessagetohismailserver

B.  Hermailserversendsamessagetohismailserver

C.  Hermailserversendsamessagetohismailclient

D.  Hermailclientsendsamessagetohismailclient

Lecture12-Slide7

useragent

Scenario: Alice sends message to Bob 1)AliceusesaMUAtocompose

message“to”

bob@swarthmore.edu2)Alice’sMUAsendsmessageto

hermailserver;messageplacedinmessagequeue

3)clientsideofSMTPopensTCPconnectionwithBob’smailserver

4)SMTPclientsendsAlice’smessageovertheTCPconnection

5)Bob’smailserverplacesthemessageinBob’smailbox

6)BobinvokeshisMUAtoreadmessage

1 mailserver

2 3

Alice’smailserver

mailserver

45

Bob’smailserver

6

useragent

Lecture12-Slide8

Mail Servers: Ever Vigilant

•  Alwayson,becausetheyalwaysneedtobereadytoacceptmail.

•  UsuallyownedbyISP–  YouusetheemailserverforeitherSwarthmoreCollege,ortheCSdepartment.

Lecture12-Slide9

Simple Mail Transfer: SMTP [RFC 2821]

•  TCP:reliablytransferemailmessagefromclienttoserver,port25

•  Directtransfer:sendingservertoreceivingserver•  Threephasesoftransfer–  handshaking(greeting)–  transferofmessages–  closure

•  Command/responseinteraction(likeHTTP,FTP)–  commands:ASCIItext–  response:statuscodeandphrase

•  Messagesmustbein7-bitASCII

Lecture12-Slide10

SMTP Message Format

RFC822:standardfortextmessageformat:

•  headerlines,e.g.,–  To:–  From:–  Subject:differentfromSMTPMAILFROM,RCPTTO:commands!

•  Body:the“message”–  ASCIIcharactersonly–  SignalEOMwith“\r\n.\r\n”

header

body

blankline

SMTPProtocol

Lecture12-Slide11

Try SMTP interaction for yourself:

•  telnet allspice.cs.swarthmore.edu 25 •  Youshouldseea220replyfromtheserver.•  enterHELO,MAILFROM,RCPTTO,DATA,QUIT

commands(letsyousendemailwithoutusingemailclient(MUA))

Lecture12-Slide12

Demo

Lecture12-Slide13

Sample SMTP interaction

$telnetallspice.cs.swarthmore.edu25Trying130.58.68.9…Connectedtoallspice.cs.swarthmore.edu220allspice.cs.swarthmore.eduESMTPPostfixHELOcs.swarthmore.edu250allspice.cs.swarthmore.eduMAILFROM:<chaganti@cs.swarthmore.edu>2502.1.0OKRCPTTO:<chaganti@cs.swarthmore.edu>2502.1.5OKDATA354Enddatawith<CR><LF>.<CR><LF>To:VasantaChaganti<chaganti@cs.swarthmore.edu>From:VasantaChaganti<chaganti@cs.swarthmore.edu>Subject:TelnettestmessageThisisatestmessage,viatelnet,tomyself.. Lecture12-Slide14

Sample SMTP interaction

Endofmessage:Dot

$telnetallspice.cs.swarthmore.edu25Trying130.58.68.9…Connectedtoallspice.cs.swarthmore.edu220allspice.cs.swarthmore.eduESMTPPostfixHELOcs.swarthmore.edu250allspice.cs.swarthmore.eduMAILFROM:<chaganti@cs.swarthmore.edu>2502.1.0OKRCPTTO:<chaganti@cs.swarthmore.edu>2502.1.5OKDATA354Enddatawith<CR><LF>.<CR><LF>To:VasantaChaganti<chaganti@cs.swarthmore.edu>From:VasantaChaganti<chaganti@cs.swarthmore.edu>Subject:TelnettestmessageThisisatestmessage,viatelnet,tomyself.

Lecture12-Slide15

What keeps us from entering a fake information (e.g., FROM address)?

A.  Nothing.

B.  TheMTAchecksthattheFROMisvalid.

C.  Weenteraname/passwordloggingintotheMTA.

Lecture12-Slide16

Fun Demo

Lecture12-Slide17

Wait, this seems too horrible to be true. Surely we can prevent header forging?

(How or why not?)

A.  Yes

B.  No

Lecture12-Slide18

Message Signing

1.  Sendercreatescryptographicpublic/privatekeypair,publishespublickeytotheworld.

2.  Senderusesprivatekeytosignmessages.

3.  Receivercanverify*,usingpublishedpublickey,thatonlytheholderofthecorrespondingprivatekeycouldhavesentthemessage.

*Withveryhighprobability.

Lecture12-Slide19

Message Signing: Challenges

•  Disseminatingpublickeys– Howdoyoutrustthatthepublishedpublickeyisn’talsoalie?

•  It’smorework,can’tbebothered…– Adoptionisverylow

Lecture12-Slide20

useragent

Logging In / Passwords

mailserver

mailserver

Alice’smailserver Bob’smailserver

useragent

LoggedIn LoggedIn?

Lecture12-Slide21

Logging In / Passwords

mailserver

mailserver

Bob’smailserver

useragent

mailservermail

server

AnymailservermayneedtosendamessagetoBob’s.Toughforthemalltosharecredentials…

Lecture12-Slide22

SMTP versus HTTP

•  HTTP:pull•  SMTP:push

•  BothhaveASCIIcommand/responseinteraction,statuscodes

•  HTTP:eachobjectencapsulatedinitsownresponsemessage

•  SMTP:multipleobjectssentinmultipartmessage

Lecture12-Slide23

SMTP: final words

•  SMTPusespersistentconnections– Cansendmultipleemailsinonesession

•  SMTPrequiresmessage(header&body)tobein7-bitASCII

•  SMTPserverusesCRLF.CRLFtodetermineendofmessage

Lecture12-Slide24

If SMTP only allows 7-bit ASCII, how do we send pictures/videos/files via email?

A.  Weencodetheseobjectsas7-bitASCII

B.  WeuseadifferentprotocolinsteadofSMTP

C.  We’rereallysendinglinkstotheobjects,ratherthantheobjectsthemselves

Lecture12-Slide25

Base 64

•  Designedtobeanefficientwaytosendbinarydataasastring

•  UsesA-Z,a-z,0-9,“+”and“/”asdigits

•  Anumberwithdigitsdndn-1…..d1d0=64n*dn+64n-1*dn-1+...+64*d1+d0

•  RecallfromCS31:Othernon-base-10numbersystems(binary,octal,hex).

Lecture12-Slide26

Multipurpose Internet Mail Extensions (MIME)

•  Specialformattinginstructions

•  Indicatedintheheaderportionofmessage(notSMTP)–  SMTPdoesnotcare,justlookslikemessagedata

•  Supports–  TextincharactersetsotherthanASCII–  Non-textattachments– Messagebodieswithmultipleparts–  Headerinformationinnon-ASCIIcharactersets

Lecture12-Slide27

MIME

•  Addsoptionalheaders–  Designedtobecompatiblewithnon-MIMEemailclients–  Bothclientsmustunderstandittomakesenseofit

•  Specifiescontenttype,othernecessaryinformation

•  Designatesaboundarybetweenemailtextandattachments

Lecture12-Slide28

Mail access protocols

•  SMTP:delivery/storagetoreceiver’sserver•  mailaccessprotocol:retrievalfromserver

–  POP:PostOfficeProtocol:authorization,download–  IMAP:InternetMailAccessProtocol:morefeatures,includingmanipulationofstoredmessagesonserver

–  HTTP:gmail,Hotmail,Yahoo!Mail,etc.

sender’smailserver

SMTP SMTPmailaccessprotocol

receiver’smailserver

(e.g.,POP,IMAP)

useragent

useragent

Lecture12-Slide29

POP3 protocol authorizationphase•  clientcommands:–  user:declareusername–  pass:password

•  serverresponses–  +OK–  -ERR

transactionphase,client:•  list:listmessagenumbers•  retr:retrievemessageby

number•  dele:delete•  quit

C: list S: 1 498 S: 2 912 S: . C: retr 1 S: <message 1 contents> S: . C: dele 1 C: retr 2 S: <message 1 contents> S: . C: dele 2 C: quit S: +OK POP3 server signing off

S: +OK POP3 server ready C: user bob S: +OK C: pass hungry S: +OK user successfully logged on

Lecture12-Slide30

More about POP3

•  Previousexampleuses“downloadanddelete”mode–  Bobcannotre-reade-mailifhechangesclient

•  POP3“download-and-keep”:copiesofmessagesondifferentclients

•  POP3isstatelessacrosssessions

•  Limitations:–  Can’tretrievejusttheheaders–  Can’timposestructureonmessages

Lecture12-Slide31

IMAP

•  Keepsallmessagesinoneplace:atserver

•  Allowsusertoorganizemessagesinfolders

•  Keepsuserstateacrosssessions:–  namesoffoldersandmappingsbetweenmessageIDsandfoldername

•  Canrequestpiecesofamessage(e.g.,textpartswithoutlargeattachments)

Lecture12-Slide32

Webmail

•  Usesawebbrowser

•  SendsemailsusingHTTPratherthanPOP3orIMAP

•  Mailisstoredonthe3rdpartywebmailcompany’sservers

Lecture12-Slide33

Summary

•  Threemainpartstoemail:– MailUserAgent(mailclient):read/writeforhumans– MailTransferAgent:serverthataccepts/sendsmessages–  SMTPprotocolusedtonegotiatetransfers

•  NoSMTPsupportforfrauddetection

•  Extensions(MIME)andencodings(Base64)forsendingnon-textdata

Lecture12-Slide34