smtp / mime florin zidaru. outline 1. what is smtp? 2. how does smtp work? 3. smtp security issues...
TRANSCRIPT
SMTP / MIME
Florin Zidaru
Outline
1. What is SMTP?
2. How does SMTP work?
3. SMTP Security Issues
4. MIME
1. What is SMTP? Simple Mail Transport Protocol (SMTP) is the
network protocol used to send email across the Internet.
Simple protocol, purely ASCII text-based
uses TCP port 25
1. What is SMTP? Ctd.
a "push" protocol that does not allow one to "pull" messages from a remote server on demand.
it is limited in its ability to queue messages at the receiving end so usually used with POP3 or IMAP to let the user save messages in a server mailbox and download them periodically from the server.
users typically use a program that uses SMTP for
sending e-mail and either POP3 or IMAP for receiving e-mail.
2. How does SMTP work? as the result of a user mail request, the
sender-SMTP establishes a two-way transmission channel to a receiver-SMTP (destination or an intermediate)
SMTP commands are generated by the sender-SMTP and sent to the receiver-SMTP
SMTP replies are sent from the receiver-SMTP to the sender-SMTP in response to the commands.
2. How does SMTP work? Ctd.
2. Example of the SMTP procedure
3. SMTP Security Issues Fatal flaw: trusts the users Why? Developed when the Internet was small
lack of a comprehensive way of verifying an e-mail sender's identity. This makes it easy for people to mask their identities by forging return addresses and taking over victim machines to conduct their activities.
Consequences: spam, viruses, trojan horses
3. SMTP Security Issues Authentication problem solution: SMTP over SSL/TLS
protocol is available at the Internet Engineering Task Force's Web site
But, how do we establish "trust relationships“? Problem: design a system that authenticates mail
servers, rather than individuals. A third party would have to determine whether an e-mail server is responsible for sending spam. That kind of responsibility--voluntarily assumed by operators of various spam blacklists--could be difficult and expensive if applied to the Internet as a whole.
3. SMTP Security Issues : Enumeration SMTP enumeration
What is enumeration? Once an attacker has identified live hosts and running
services, he will turn to probing the identified services more fully for known weaknesses
SMTP provides 2 built-in commands that allow for enumeration of users
VRFY – confirms names of valid users EXPN – reveals the addresses of aliases and mailing
lists
3. SMTP Security Issues : Enumeration Example: Enumeration can be done over a telnet connection:
telnet 192.168.202.34 25 Connected to 192.168.202.34 220 mail.bigcorp.com ESMTP 8.8.7/8.8.7 vrfy root 250 root <[email protected]> expn adm 250 adm <[email protected]> quit
3. SMTP Enumeration Countermeasures: oldie-but-goodie service that should be
turned off
newer versions of SMTP server software sendmail (www.sendmail.org) offer syntax that can be embedded in the mail.cf file to disable the discussed commands
Microsoft’s Exchange Server prevents nonprivileged users from using EXPN and VRFY by default in recent versions
4. MIME: Multipurpose Internet Mail Extensions
Internet Standard that extends the format of e-mail to support:
- text in character sets other than US-ASCII; - non-text attachments; - multi-part message bodies;
a fundamental component of communication protocols such as HTTP, which requires that data be transmitted in the context of e-mail-like messages, even though the data might not fit this context.
Resources
SMTP on Wikipedia:
http://en.wikipedia.org/wiki/SMTP RFC 821 – SMTP
http://www.ietf.org/rfc/rfc0821.txt SMTP Security:
http://news.com.com/2100-1038_3-5058610.html