Simple Mail Transport Protocol Essay


-A Case Study Of Simple Mail Transport Protocol ( SMTP )

1.0 Introduction

This essay is on a instance survey of a service company ( Myertor ) that would be constructing a undertaking office ( distant office to its caput office ) on a client site.

It was besides commented in the assignment proposal that, the majority of the services that would be implemented in the undertaking office would be done on a general intent waiter. This in itself should be considered a security hazard and besides a individual point of failure.

We will write a custom essay sample on
Simple Mail Transport Protocol Essay
or any similar topic only for you
Order now

As portion of the application that would be used across the web ( i.e. between the distant office and its caput office and besides between the distant office and the host-client office ) , an email application would be installed on the General intent Server that is within the undertaking office.

E-mail application basically is powered by a service called Simple Mail conveyance Protocol ( SMTP ) , which mail Server usage to direct and have mail from clients. It runs on TCP port 25.

We shall be looking at the attenders failings and strength of this piece of service in an email application as it relates to a given web.

1.1 What is SMTP?

SMTP is an acronym for Simple Mail conveyance Protocol.

This is the agencies by which TCP/IP usage basic protocol to supply a flexible and dependable electronic mail system [ Craig Hunt 2002 ] , the functionality of which is specified by IEFT. SMTP was designed as a mail conveyance and bringing protocol [ rfc5321 ] . RFC 5321 is the latest Request For Comment papers that was released by IETF in October 2008, which covers and updates the earlier RFCs and debut of latest definition and alteration to SMTP operation.RFC are used to specify message construction and protocol to be used in transporting the message on the web.

The Internet Engineering Task Force ( IETF ) is an world-wide community of cyberspace web stakeholders such as sellers, research workers, interior decorators, and operators that concerns itself with the smooth operation of the cyberspace ( RFC 3935 ) . RFC 3935 contains the mission statement of ‘The Internet Engineering Task Force ‘ .

As shown in the diagram below, two ( 2 ) parties are involved in get downing and reasoning a successful mail bringing service. Namely:

1. The Sender SMTP: this initiates connexion with the receiving system

2. The Receiver SMTP: this responds and articulation in reasoning dealing

Though file fond regards are used in electronic mail, they are foremost converted ( a convertor protocol illustration is MIME ( Multipurpose Internet Mail Extensions ) ) into text signifier and are converted back to the original format at bringing, because SMTP public-service corporation called ‘sendmail ‘ can non work with anything other than text format. [ Matt Naugle,1999 ]

The Simple Mail Transfer Protocol ( SMTP ) is has many advantages as it helps in transporting both critical ( e.g. company confidential or commercial informations ) and trivia ( e.g. salutations ) messages across the web, nevertheless, web aggressors have besides found advantage in its versatile and omnipresent nature as they constantly hack the messages it transports with the purpose to gaining control and manipulate or do a denial-of-service ( DoS ) in its usage. [ Susan Young, Dave Aitel, 2003 ]

1.2 E-Mail Storage And Pick-Up Configuration

Mails that are sent to be received by a receiver are first received and stored on the mail waiter [ Basic Computer, 1999 ] after which they are forwarded to the receiver by the mail waiter. However, receivers can entree their mails utilizing either of the two engineerings cond on the Mail Server by the Administrator. They are web-based or Client-based.

Web-based being that, with a web-interface cond on the Web Server, a user can login with his history inside informations into the web-interface and download his mail every bit good as send mail via the mail waiter. Transcripts of user ‘s mails are left on the mail waiter and privateness issues would originate if they mail Server were to be successfully hacked by an aggressor. Such mail waiters are besides prone to varied web application onslaughts e.g. Sql injection.

Client-based, would connote that a package would be installed on user ‘s local workstation and cond with the reference of the Mail waiter to download for reading users ‘ mail every bit good as compose and send mails. User mails are to the full downloaded from the Mail Server to the User workstation, in rule. Hence, no transcript is left on the Server and he can ever entree any of his old mails without interconnectivity or cyberspace as they are locally stored on his local difficult thrust.

As we shall shortly see, most of what could stand out as an advantage or strength of a email application could ensue in its failing or disadvantages.

2.0 Fitness Of Purpose Of Email Application
2.1 Strengths and Advantages

As noted earlier, SMTP was designed to back up dependable and flexible message bringing, such that, even when it is used over undependable webs, it kept independent of its transporting medium. If this is non so, users and organisations would non be able to trust on email application for mail bringing. [ Prasad Yendluri, August 2003 ] .

Furthermore, because of this ground, persons and organisations have deployed and utilised Email application to transport information whatever they consider critical to them.

Below are some characteristics [ Susan Young, Dave Aitel, 2003 ] of SMTP that can be counted as strength of SMTP:

2.1.1 Client-To-Server Mail Delivery

When a local workstation sends a mail on a web as the SMTP clients, it is routed to a corresponding local mail waiter or a distant one, for onward bringing to the letter box he specified in his petition. So, any mail that would be sent from the undertaking office to person on SteelTec ‘s web or to Myertor ‘s distant caput office, would be delivered into the letter box that it was intended.

2.1.2 Mail Relay Service

This is a positive characteristic of SMTP waiters that could besides be negatively exploited. SMTP makes usage of MTA ( Message Transfer Agent ) . Which is a plan responsible for email message delivery.MTA is charges with the duty of receiving, hive awaying and routing of electronic mails locally or forwarded to a distant MTA ; when message receiver is non on the same web as the transmitter. This procedure continues until message gets forwarded to the receiver ‘s local MTA. Hence, electronic mail is faithfully delivered to its intended finish [ uCertify Articles, 2009. ]

Mail relay is a concatenation of ‘store-and-forward ‘ procedure until electronic mail is successfully and faithfully delivered to finish.

2.1.3 Mail Spooling/Queuing

The above shows UA=User Agent, MTA =Message Transfer Agent, Mail Queue and other constituents that ensures dependable mail bringing.

For some grounds, sometimes, a mail Server is unable to present an electronic mail to its receiver letter box on its Mail Server, such mails are stored in a spool directory of the MTA and a scheduled efforts are mail from at that place to look into when the distant Mail Server is available. This message is said to hold ‘queued ‘ in the mail waiting line for re-sending. If it re-retries bringing for a set period without success, it might return the mail to the transmitter or cancel the message all together.

These installations ( spooling and line uping ) in SMTP ensures that waiter handiness and recourses restraints does non halter mail bringing. In the diagram, UA ( User Agent ) is on the Client side to download user messages from the his letter box.

2.1.4 Delivery Status Notifications ( DSNs )

Is a presentment service, defined by RFC [ RFC 3464 ] , in SMTP Server that can be used to advise a transmitter on varied happenings after directing a message. Some possible things it may advise a transmitter on are:

O delayed bringing

O successful bringing

O failed bringing

This characteristic is basically to do certain that whatever happens to a mail sent is reported back to its transmitter. It gives a step of peace of head to the transmitter.

2.1.5 Protocol-Specific Error Codes

When an SMTP waiter encounters a job while directing out a message in behalf of a User, it returns a 3-digit mistake codification [ RFC 3463 ] to its transmitter, to adumbrate him of the mistake status that is interfering with a successful bringing. Most of the clip, a Mail Server decision maker can utilize the information from this mistake codification to decide the anomalousness. The bulk of the codifications are protocol specific. [ Email Marketing Software,2003 ] [ List of codifications and intending ]

Two ( 2 ) xamples of these mistake codifications are:

O 354 Start mail input ; terminal with a point

O 554 Transaction failed

2.1.6 Effective Message Routing Capability

The heading information of an electronic mail is rich in content that has to make with inside informations about the transmitter, path and receiving system to do the SMTP Server deliver messages with less emphasis.

The heading contains information such as Source and destination-IPs, Message-ID, Return-Path, day of the month and clip and a host of other information that helps in decently routing a message from Sender ‘s to Receiver ‘s workstation

For illustration below is a sample Email heading I received today from East Midland Trains.

From East Midlands Trains Tue Jan 5 10:04:25 2010

X-Apparently-To: dayorain @ via ; Tue, 05 Jan 2010 03:38:18 -0800

Return-Path: & lt ; bounce-1816618-24172897 @ & gt ;


XYMailISG: { I OMITTED this delibrately }

X-Originating-IP: [ ]

Authentication-Results: ; domainkeys=neutral ( no sig ) ; ; dkim=neutral ( no sig )

Received: from ( HELO ) ( )

by with SMTP ; Tue, 05 Jan 2010 03:38:17 -0800

From: “ East Midlands Trains ” & lt ; eastmidlandstrains @ & gt ;


Capable: Important intelligence from East Midlands Trains

Date: Tue, 05 Jan 2010 10:04:25 +0000

MIME-Version: 1.0

24172897.90e954a2f25cbfe8aab7e42583bcd0f7 @ & gt ;

Message-ID: & lt ; LYRIS-24172897-1816618-2010.01.05-10.05.21 — DAYORAIN # YAHOO.COM @ & gt ;

Content-Length: 4463

Message heading above indicate the followers:

A message was sent from, East Midland Train sphere ( Return-Path: & lt ; bounce-1816618-24172897 @ ) which resolves into IP reference ( Source reference )

Yahoo Mail Server hosting my history received [ Received: from ( HELO ) ( ) by with SMTP ; Tue, 05 Jan 2010 03:38:17 -0800 ] the mail in my behalf. ( Destination IP )

Message was successfully delivered into my letter box at Date: Tue, 05 Jan 2010 10:04:25 +0000.

So, with the Source IP, finish IP and email history, as contained in the message heading, my mail was successfully routed into my mail box. If the message had failed, it would hold sent an mistake message to the transmitter.

3.0 Failings and Disadvantages

As said by Bruce Schneier, ‘Complexity is the worst enemy of security ‘ [ James Maguire, November 2008 ] .

Software are going composite is design and unluckily, most of the package developed today are non but with security in head [ Neil Daswani, Christoph Kern, Anita Kesavan, 2007 ] , and this had made them inherently insecure. Email application has had its ain just portion in this.

As versatile, dependable and flexible as SMTP had made Email applications to go, some of its strengths has besides led to some serious defects. Overtime as SMTP evolves from its simple nature to Extended version ( ESMTP ) to provide for flexibleness, security and hardiness, some exposures crept in. Indeed, complexness had worked against heightening SMTP service.

Today, there are figure of bureaus that are dedicated to exposure direction and monitoring, and besides maintains a public database of exposures that besides reports on varied exposures and feats on SMTP.

Examples of these bureaus are ;

O US-CERT [ CERT, 2010 ] : United State Computer Emergency Readiness Team

O NIST-NVD [ NVD, 2010 ] : National Institute Of Technology-National Vulnerability Database

O Bugtraq: Moderated by Security Focus

O R. Kinney:

Below are Screenshots of a list of exposures returned on web sites ( CERT and NVD severally ) after at seeking for exposure peculiar to SMTP service in Email application.

hypertext transfer protocol: //

hypertext transfer protocol: // cid=4
Each of these exposure coverage bureaus have a immense database of exposures that are curious to SMTP as a service on email application. Once, I search on NIST-NVD, I got a return of 200 exposures on SMTP entirely. [ NVD, 2010 ]

3.1 Some SMTP exposures or failings.
3.1.1 Delivery Status Notification ( DSN ) Vulnerability

As highlighted in subdivision 2.1.4 above, DSN is one of the tools used by SMTP protocol to present electronic mail faithfully, while describing on bringing position of a sent mail. It notifies on both reception and non-receipt Delivery ( NRD ) to and from a local or distant receiver. Some experts have reported a exposure [ Susan Young, Dave Aitel, 2003 ] in DSN that has been exploited in some SMTP waiters. For case, if the electronic mail reference of person on a web has been spoofed, it can be used to direct mail to a non-existing reference ‘ His mail waiter would return a non-delivery study ( NDR ) to his letter box. If an aggressor automates this, a denial of service can be caused on the mail waiter. However, if this effort yields a positive DSN, it may uncover recipient information, to the aggressor, thereby bridging user confidentiality.

3.1.2 SMTP Server Buffer Overflow Vulnerability [ ISS, 2010 ]

SMTP waiter has a impermanent infinite allotment for storage of petition in its memory. This infinite is called a buffer. It is expected that during Mail waiter set up, an decision maker would specify the boundary or bound of what it could suit at any given clip. The kind of allowable input into the infinite should besides be validated.

However, if this was non done at the SMTP waiter constellation, an aggressor might derive cognition of this after carry oning an numbering / scan on the waiter. He would therefore direct an overflowing information into this buffer, with the purpose over-whelming it. For a starting motor, this could do the SMTP waiter unstable. After this he could farther plan a good crafted malicious codification to derive full control over the Server or close it down wholly. An illustration of SMTP buffer overflow feat is at: [ Security Focus Bugtraq. 2003 ] .

3.1.3 Denial of Service ( DoS ) Vulnerability

The SMTP protocol is vulnerable to denial-of-service.

There is a defect in SMTP service that could let an aggressor connect remote to assorted system resources on its SMTP Server, such as email histories, waiting lines, web hearer, and Mail server file system. Leveraging on this defect, the aggressor can really hold the operation of the Mail waiter, by doing a denial of service ( DoS ) onslaught. Obviously, the scheme of DoS onslaught is the choking up of available system resources e.g. memory, bandwidth, processor e.t.c.

He may take to assail the Server straight or indirectly. Direct DoS Attack

An aggressor automates the sending of malicious mails with deformed Mail FROM and RCPT TO Fieldss, to a peculiar mail waiter, in inundations. The figure of bytes/each of this malicious mails would besides be larger than normal. While the Mail waiter is busy seeking to go to to the aggressor ‘s mail, legitimate users are denied entree and finally, the waiter is forced to close down or it resets wholly. [ Marcelo, 2006 ] Indirect DoS Attack

Mail bombardment is a good illustration of this.

The aggressor, through the Mail Server, directs a inundation of electronic mail messages to one of its user ‘s mail history. This mails gets to an extent that the user ‘s mailbox gets filled up and can no longer have mails because the set quota for him on the Mail waiter has been wholly consumed. Therefore, the legitimate user is denied entree to having his echt electronic mails. Hence, a denial of service. [ Marcelo, 2006 ]

3.1.4 Email Spoofing or Forgery [ Carnegie, 2002 ]

Email spoofing is a method of onslaught that exploits the exposure in SMTP hallmark defect, whereby an aggressor efforts to misdirect or flim-flam his victim with a bad electronic mail reference of a familiar or trusted party. Thereby sends a petition or message to his victim with the purpose of fraudulence. An unsuspicious victim might unwrap sensitive information to the aggressor in this onslaught. This is because he was mislead by the bad electronic mail reference that he had gotten the mail from a sure spouse.

SMTP service on the mail waiter allows anyone to connected to its unfastened TCP port 25 to direct electronic mail with any reference, whatsoever ( valid or invalid ) , that matches the reference form or format of the sphere.

Therefore, email application that would be taking on the Myertor undertaking office LAN would besides be vulnerable to e-mail counterfeit or spoofing and the consequence could be grave. Ranging from users acquiring bad mail petition to transport out a minor and fiddling to major and sensitive action.

3.1.5 Mail Relaying SMTP Vulnerability

Mail relay installations on an SMTP waiter on the cyberspace is prone to spamming and relaying feats.

This installation was ab initio utile before email engineering evolved to what is it today. Used by email systems and web decision maker for everyday care between site that are disparate and closed. However, it is unfastened to mistreat by aggressors now a yearss.

[ Definitions, 2004 ] .

When it is enabled on an SMTP waiter, anyone ( including an aggressor ) could utilize such waiter to route mail to any other internet mail user ; even when they are non located on the same sphere nor solicited for such mails. The purpose of a Spammer is to utilize activated unfastened relay on SMTP waiter to hide his individuality and location. So, he catches on the defect that the waiters does non hold proper restriction on relaying ( e.g. from which IP reference can you have, from what sphere and hallmark security defined ) , and they would accept electronic mails from everyone and present to everyone. [ Peter Karsai, 2003 ]

The 3 below shows how to disenable unfastened relay in Exchange 2007 electronic mail application.

It is recommended to disenable unfastened relay, because an unfastened relay opens an e-mail Server for Spammer and other malicious activities.

Email decision makers should besides guarantee that complex watchword policy is implemented on his web even though he has defined an IP-based relay limitations. This because, some aggressors besides authenticate with weak history on a sphere if they notice this limitation. [ Peter Karsai, 2003 ]

3.1.6 Multiple Mail Copy Vulnerability

SMTP is endowed with the capableness to enable a user send transcripts of a individual message to several receiver, by doing usage of the TO: , Cc: , Bcc: Fieldss, in the electronic mail composing interface. Thereby magnifying a individual message. This was supposed to be an advantage as a user that has to direct the same message to several people, for case 50, would non necessitate to direct the one message, 50times.

However, an aggressor could besides see this as a regular tool for his villainous activities. He could utilize this characteristic, for case, to deluge a nexus that is capable of transporting a throughput of 1.544Mbits per second. All this from one electronic mail sent. Thereby mistreating this characteristic of SMTP waiter.

3.1.7 SMTP Service Prone To Virus Propagation

Because SMTP does non hold a native mechanism of look intoing the content of an email message, aggressors have made it a convenient vector for Virus and worm extension. Viruss and Worms are appended to an electronic mail like an fond regard and sent to an unsuspicious receiver and true to the nature of SMTP service, the content of this fond regard is non queried.

When the receiver accesses the fond regard, the Virus is activated and do injury to his workstation e.g. destruct local files, from where other connected machines could be infected.

4.0 Other Security Considerations

Having touched on all these exposures merely for a individual service ( SMTP ) , uniting this exposures to others that might be on other services such as DNS, HTTP and the host of others, the program to host other services on a individual general intent Server should be jettisoned. This might unwittingly take to easy via media for an aggressor and what more, a individual point of failure

5.0 Countermeasures

From the list of Weaknesses of SMTP, one can reason that, its defects were either due to software/protocol development issues or the manner the SMTP waiter was cond, which is strictly operational.

In an extended work presented at the 8th International Symposium on System and Information Security ( SSI?2006, Paper 23262 ) [ [ Marcelo, 2006 ] ] , where the writers described all defects in SMTP as mistakes and farther subdivided the mistakes into design defects and interaction defects [ Pg 3 ] . I believe, a careful survey of this piece of work would assist Myertor in puting up the electronic mail waiter for the undertaking office.

They further built matrixes of mistakes based on the Avizienis Taxonomy [ APPENDIX 1 ] . This Taxonomy yielded a matching of these two classification of mistake with appropriate defence mechanism, to extenuate or halt assorted feats that can be perpetrated on an SMTP waiter. The information therein would besides be good for consideration by Myertor towards the execution.

6.0 Decision

It is really clear that SMTP is inherently flawed, despite its many advantages and strength. An unluckily, effectual modern communicating today is uncomplete without doing usage of an email application ; Myertor undertaking office staff are non excluded in this. If that is the instance, so consider effort should be made to procure the SMTP Server in every environment.
One major manner is menace patterning [ Bruce Schneier, December 1999 ] . Administrators must, as a affair of necessity simulate or theoretical account different onslaught methods and motive that aggressors might utilize in working the web they protect. Subsequently, they can develop an effectual defence machinist to extenuate this feats.

7.0 Mentions

1. The Internet Engineering Task Force functionary web site: hypertext transfer protocol: //

2. Craig Hunt 2002. ‘TCP/IP Network Administration, Third Edition ‘

3. Basic Computer, 1999. ‘Web Mail V Email Clients ‘ from: hypertext transfer protocol: //

4. Matt Naugle,1999. ‘Illustrated Transmission control protocol/internet protocol: A Graphic Guide to the Protocol Suite ‘

5. Susan Young, Dave Aitel, 2003. ‘The Hackers Handbook The Strategy Behind Breaking into and Defending Networks ‘ pg 438, 447

6. Prasad Yendluri, August 2003. “ Web Services Reliable Messaging. ” In WebProNews Online

7. uCertify Articles, July 24th, 2009. What is MTA? At: hypertext transfer protocol: //

8. Vladimir V. Riabov, Rivier College, May 12, 2005. ‘SMTP ( Simplle Mail Transfer Protocol ) ‘

9. RFC 3464 at hypertext transfer protocol: //

10. Email Marketing Software, April 30, 2003. ‘Understanding SMTP mistake codifications ‘ . hypertext transfer protocol: //

11. RFC 3463, January 2003. hypertext transfer protocol: //

12. R. Kinney Williams Yennik, Inc, 2009. ‘Vulnerability list: SMTP AND MAIL SERVER ‘ from: hypertext transfer protocol: // # SMTP % 20AND % 20MAIL % 20SERVER

13. CERT Computer Emergency Readiness Team. ( 2010 ) . Vulnerability Database. Retrieved March 21, 2005. Fetched: Jan 5, 2009. From: hypertext transfer protocol: //

14. National institute of criterions and engineering, ( 2010 ) . ‘National Vulnerability Database ‘ . Fetched: Jan 5, 2009.. At: hypertext transfer protocol: // cid=4

15. Bugtraq: Moderated by Security Focus. Fetched: Jan 6, 2009. hypertext transfer protocol: //

16. James Maguire, November 12, Online Magazine.‘Bruce Schneier: Procuring Your Personal computer and Your Privacy ‘ . From: hypertext transfer protocol: // +Securing+Your+PC+and+Your+Privacy.htm

17. Neil Daswani, Christoph Kern, Anita Kesavan, 2007. ‘Foundations of Security: What every coder needs to Know ‘ . pg 93

18. IBM Internet Security System ( ISS ) , Fetched January 6, 2010.‘SMTP EXPN buffer flood can crash or obtain entree ‘ . From: hypertext transfer protocol: //

19. SecurityFocus Bugtraq, October 5, 2003. ‘SecurityFocus Bugtraq: Multiple Buffer Overflow Vulnerabilities Found in CMailServer 4.0′.At: hypertext transfer protocol: // a=v & A ; q=cache: L0krv09ENXUJ: & A ; hl=en & A ; gl=uk & A ; pid=bl & A ; srcid=ADGEEShN7SqCGQ3IAiHURA2mjqnuNm7x2Ga08V32pnwbs9nDiNX6-O0r9WA9lSX1P68Q4FcfL0r32QygCl3Wd4IfqC6UC4feV0hIT8zt43_ABpfhU8eADkAmFAh7Sl5ATNgYEJQur_jz & A ; sig=AHIEtbTuMFbqF0lr9iYo4sSBlHYFB5XQUw

20. Marcelo Maraboli, Reinaldo Vallejos, Jan 2006. ‘Dependability and Secure Computing Taxonomy of the Internet E-mail Service ‘ . Fetched December 2, 2009. From: hypertext transfer protocol: //

21. Carnegie Mellon University, 2002. ‘Spoofed/Forged Email ‘ . Fetched: December 2, 2009. From: ‘http: // Definitions, July 19, 2004. ‘Open Relay ‘ . Retrieved: December 20, 2009. From: hypertext transfer protocol: //, ,sid7_gci782509,00.html

23. Peter Karsai, July 2003.‘SMTP Auth Relay Attacks ‘ . Retrieved on December 5, 2009. From: hypertext transfer protocol: //

24. Bruce Schneier in Dr. Dobb ‘s Journal ‘Modeling security menaces ‘ December 2009


Appendix I: Avizienis Taxonomy

Appendix II: Consequence Of Defence Mechanisms

Appendix III: SMTP Fault Classification Matrix

Appendix IV: SMTP Failure Classification Matrix


Hi there, would you like to get such a paper? How about receiving a customized one? Check it out