SMTP / MIME

Florin Zidaru

Outline

1. What is SMTP?

2. How does SMTP work?

3. SMTP Security Issues

4. MIME

1. What is SMTP? Simple Mail Transport Protocol (SMTP) is the

network protocol used to send email across the Internet.

Simple protocol, purely ASCII text-based

uses TCP port 25

1. What is SMTP? Ctd.

a "push" protocol that does not allow one to "pull" messages from a remote server on demand.

it is limited in its ability to queue messages at the receiving end so usually used with POP3 or IMAP to let the user save messages in a server mailbox and download them periodically from the server.

users typically use a program that uses SMTP for

sending e-mail and either POP3 or IMAP for receiving e-mail.

2. How does SMTP work? as the result of a user mail request, the

sender-SMTP establishes a two-way transmission channel to a receiver-SMTP (destination or an intermediate)

SMTP commands are generated by the sender-SMTP and sent to the receiver-SMTP

SMTP replies are sent from the receiver-SMTP to the sender-SMTP in response to the commands.

2. How does SMTP work? Ctd.

2. Example of the SMTP procedure

3. SMTP Security Issues Fatal flaw: trusts the users Why? Developed when the Internet was small

lack of a comprehensive way of verifying an e-mail sender's identity. This makes it easy for people to mask their identities by forging return addresses and taking over victim machines to conduct their activities.

Consequences: spam, viruses, trojan horses

3. SMTP Security Issues Authentication problem solution: SMTP over SSL/TLS

protocol is available at the Internet Engineering Task Force's Web site

But, how do we establish "trust relationships“? Problem: design a system that authenticates mail

servers, rather than individuals. A third party would have to determine whether an e-mail server is responsible for sending spam. That kind of responsibility--voluntarily assumed by operators of various spam blacklists--could be difficult and expensive if applied to the Internet as a whole.

3. SMTP Security Issues : Enumeration SMTP enumeration

What is enumeration? Once an attacker has identified live hosts and running

services, he will turn to probing the identified services more fully for known weaknesses

SMTP provides 2 built-in commands that allow for enumeration of users

VRFY – confirms names of valid users EXPN – reveals the addresses of aliases and mailing

lists

3. SMTP Security Issues : Enumeration Example: Enumeration can be done over a telnet connection:

telnet 192.168.202.34 25 Connected to 192.168.202.34 220 mail.bigcorp.com ESMTP 8.8.7/8.8.7 vrfy root 250 root <root@bigcorp.com> expn adm 250 adm <adm@bigcorp.com> quit

3. SMTP Enumeration Countermeasures: oldie-but-goodie service that should be

turned off

newer versions of SMTP server software sendmail (www.sendmail.org) offer syntax that can be embedded in the mail.cf file to disable the discussed commands

Microsoft’s Exchange Server prevents nonprivileged users from using EXPN and VRFY by default in recent versions

4. MIME: Multipurpose Internet Mail Extensions

Internet Standard that extends the format of e-mail to support:

- text in character sets other than US-ASCII; - non-text attachments; - multi-part message bodies;

a fundamental component of communication protocols such as HTTP, which requires that data be transmitted in the context of e-mail-like messages, even though the data might not fit this context.

Resources

SMTP on Wikipedia:

http://en.wikipedia.org/wiki/SMTP RFC 821 – SMTP

http://www.ietf.org/rfc/rfc0821.txt SMTP Security:

http://news.com.com/2100-1038_3-5058610.html