Presentation is loading. Please wait.

Presentation is loading. Please wait.

SMTP / MIME Florin Zidaru.

Published byDoreen Bridges Modified over 8 years ago

Similar presentations

Presentation on theme: "SMTP / MIME Florin Zidaru."— Presentation transcript:

1 SMTP / MIME Florin Zidaru

2 Outline What is SMTP? How does SMTP work? SMTP Security Issues MIME

3 1. What is SMTP? Simple Mail Transport Protocol (SMTP) is the network protocol used to send across the Internet. Simple protocol, purely ASCII text-based uses TCP port 25

4 1. What is SMTP? Ctd. a "push" protocol that does not allow one to "pull" messages from a remote server on demand. it is limited in its ability to queue messages at the receiving end so usually used with POP3 or IMAP to let the user save messages in a server mailbox and download them periodically from the server. users typically use a program that uses SMTP for sending and either POP3 or IMAP for receiving .

5 2. How does SMTP work? as the result of a user mail request, the sender-SMTP establishes a two-way transmission channel to a receiver-SMTP (destination or an intermediate) SMTP commands are generated by the sender-SMTP and sent to the receiver-SMTP SMTP replies are sent from the receiver-SMTP to the sender-SMTP in response to the commands.

6 2. How does SMTP work? Ctd.

7 2. Example of the SMTP procedure

8 3. SMTP Security Issues Fatal flaw: trusts the users
Why? Developed when the Internet was small lack of a comprehensive way of verifying an sender's identity. This makes it easy for people to mask their identities by forging return addresses and taking over victim machines to conduct their activities. Consequences: spam, viruses, trojan horses

9 3. SMTP Security Issues Authentication problem solution: SMTP over SSL/TLS protocol is available at the Internet Engineering Task Force's Web site But, how do we establish "trust relationships“? Problem: design a system that authenticates mail servers, rather than individuals. A third party would have to determine whether an server is responsible for sending spam. That kind of responsibility--voluntarily assumed by operators of various spam blacklists--could be difficult and expensive if applied to the Internet as a whole.

10 3. SMTP Security Issues : Enumeration
SMTP enumeration What is enumeration? Once an attacker has identified live hosts and running services, he will turn to probing the identified services more fully for known weaknesses SMTP provides 2 built-in commands that allow for enumeration of users VRFY – confirms names of valid users EXPN – reveals the addresses of aliases and mailing lists

11 3. SMTP Security Issues : Enumeration
Example: Enumeration can be done over a telnet connection: telnet Connected to 220 mail.bigcorp.com ESMTP 8.8.7/8.8.7 vrfy root 250 root expn adm 250 adm quit

12 3. SMTP Enumeration Countermeasures:
oldie-but-goodie service that should be turned off newer versions of SMTP server software sendmail ( offer syntax that can be embedded in the mail.cf file to disable the discussed commands Microsoft’s Exchange Server prevents nonprivileged users from using EXPN and VRFY by default in recent versions

13 4. MIME: Multipurpose Internet Mail Extensions
Internet Standard that extends the format of to support: - text in character sets other than US-ASCII; - non-text attachments; - multi-part message bodies; a fundamental component of communication protocols such as HTTP, which requires that data be transmitted in the context of -like messages, even though the data might not fit this context.

14 Resources SMTP on Wikipedia: http://en.wikipedia.org/wiki/SMTP
RFC 821 – SMTP SMTP Security:

Download ppt "SMTP / MIME Florin Zidaru."

Similar presentations

How Clients and Servers Work Together. Objectives Web Server Protocols Examine how e-mail server and client software work Use FTP to transfer files Initiate.

How Clients and Servers Work Together. Objectives Web Server Protocols Examine how server and client software work Use FTP to transfer files Initiate.
Layer 7- Application Layer

Layer 7- Application Layer
Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security

Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security
CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.

CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.
Remote mailbox access gateway Software lab project.

Remote mailbox access gateway Software lab project.
CPSC 441: FTP & SMTP1 Application Layer: FTP & Instructor: Carey Williamson Office: ICT 740 Class.

CPSC 441: FTP & SMTP1 Application Layer: FTP & Instructor: Carey Williamson Office: ICT Class.
Simple Mail Transfer Protocol (SMTP) CS-328 Dick Steflik.

Simple Mail Transfer Protocol (SMTP) CS-328 Dick Steflik.
Implementing Application Protocols. Overview An application protocol facilitates communication between applications. For example, an email client uses.

Implementing Application Protocols. Overview An application protocol facilitates communication between applications. For example, an client uses.
Technion – Israel Institute of Technology Department of Electrical Engineering Software Lab Remote Mailbox based on.NET technology Michael and Eugene Shamis.

Technion – Israel Institute of Technology Department of Electrical Engineering Software Lab Remote Mailbox based on.NET technology Michael and Eugene Shamis.
SNMP & MIME Rizwan Rehman, CCS, DU. Basic tasks that fall under this category are: What is Network Management? Fault Management Dealing with problems.

SNMP & MIME Rizwan Rehman, CCS, DU. Basic tasks that fall under this category are: What is Network Management? Fault Management Dealing with problems.
Chapter 30 Electronic Mail Representation & Transfer

Chapter 30 Electronic Mail Representation & Transfer
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols Network Fundamentals – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols Network Fundamentals – Chapter.
Architecture of Email SMTP, POP, IMAP, MIME.

Architecture of SMTP, POP, IMAP, MIME.
Introduction 1 Lecture 7 Application Layer (FTP, e-mail) slides are modified from J. Kurose & K. Ross University of Nevada – Reno Computer Science & Engineering.

Introduction 1 Lecture 7 Application Layer (FTP, ) slides are modified from J. Kurose & K. Ross University of Nevada – Reno Computer Science & Engineering.
E-mail-I CS-3505 Wb_e-mail-I.ppt. Email 4 The most useful feature of the internet 4 Lots of different email programs, but most of them can talk to each.

-I CS-3505 Wb_ -I.ppt. 4 The most useful feature of the internet 4 Lots of different programs, but most of them can talk to each.
Introduction 1-1 Chapter 2 FTP & Email Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 IC322 Fall.

Introduction 1-1 Chapter 2 FTP & Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 IC322 Fall.
 ENGR 1110 Introduction to Engineering – Cyber Security Allison Holt, Adam Brown Auburn University.

 ENGR 1110 Introduction to Engineering – Cyber Security Allison Holt, Adam Brown Auburn University.
Electronic Mail (SMTP, POP, IMAP, MIME)

Electronic Mail (SMTP, POP, IMAP, MIME)
INTRODUCTION TO WEB DATABASE PROGRAMMING

INTRODUCTION TO WEB DATABASE PROGRAMMING
SMTP, POP3, IMAP.

SMTP, POP3, IMAP.

Similar presentations

Ads by Google