SMTP / MIME
Florin Zidaru
Outline
1.
What is SMTP?
2.
How does SMTP work?
3.
SMTP Security Issues
4.
MIME
1. What is SMTP?

Simple Mail Transport Protocol (SMTP) is the
network protocol used to send email across
the Internet.

Simple protocol, purely ASCII text-based

uses TCP port 25
1. What is SMTP? Ctd.

a "push" protocol that does not allow one to "pull"
messages from a remote server on demand.

it is limited in its ability to queue messages at the
receiving end so usually used with POP3 or IMAP to
let the user save messages in a server mailbox and
download them periodically from the server.

users typically use a program that uses SMTP for
sending e-mail and either POP3 or IMAP for
receiving e-mail.
2. How does SMTP work?

as the result of a user mail request, the
sender-SMTP establishes a two-way
transmission channel to a receiver-SMTP
(destination or an intermediate)

SMTP commands are generated by the
sender-SMTP and sent to the receiver-SMTP

SMTP replies are sent from the receiverSMTP to the sender-SMTP in response to the
commands.
2. How does SMTP work? Ctd.
2. Example of the SMTP procedure
3. SMTP Security Issues

Fatal flaw: trusts the users
Why? Developed when the Internet was small

lack of a comprehensive way of verifying an e-mail sender's
identity. This makes it easy for people to mask their identities by
forging return addresses and taking over victim machines to
conduct their activities.

Consequences: spam, viruses, trojan horses
3. SMTP Security Issues

Authentication problem solution: SMTP over SSL/TLS
protocol is available at the Internet Engineering Task
Force's Web site

But, how do we establish "trust relationships“?
Problem: design a system that authenticates mail
servers, rather than individuals. A third party would
have to determine whether an e-mail server is
responsible for sending spam. That kind of
responsibility--voluntarily assumed by operators of
various spam blacklists--could be difficult and
expensive if applied to the Internet as a whole.
3. SMTP Security Issues : Enumeration

SMTP enumeration
What is enumeration?
Once an attacker has identified live hosts and running services,
he will turn to probing the identified services more fully for
known weaknesses

SMTP provides 2 built-in commands that
allow for enumeration of users


VRFY – confirms names of valid users
EXPN – reveals the addresses of aliases and mailing
lists
3. SMTP Security Issues : Enumeration

Example:
Enumeration can be done over a telnet connection:
telnet 192.168.202.34 25
Connected to 192.168.202.34
220 mail.bigcorp.com ESMTP 8.8.7/8.8.7
vrfy root
250 root <root@bigcorp.com>
expn adm
250 adm <adm@bigcorp.com>
quit
3. SMTP Enumeration Countermeasures:

oldie-but-goodie service that should be
turned off

newer versions of SMTP server software
sendmail (www.sendmail.org) offer syntax
that can be embedded in the mail.cf file to
disable the discussed commands

Microsoft’s Exchange Server prevents
nonprivileged users from using EXPN and
VRFY by default in recent versions
4. MIME:

Multipurpose Internet Mail Extensions

Internet Standard that extends the format of e-mail
to support:
- text in character sets other than US-ASCII;
- non-text attachments;
- multi-part message bodies;

a fundamental component of communication
protocols such as HTTP, which requires that data be
transmitted in the context of e-mail-like messages,
even though the data might not fit this context.
Resources



SMTP on Wikipedia:
http://en.wikipedia.org/wiki/SMTP
RFC 821 – SMTP
http://www.ietf.org/rfc/rfc0821.txt
SMTP Security:
http://news.com.com/2100-1038_35058610.html