Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mail Server.

Published byÖmer Güngör Modified over 5 years ago

Similar presentations

Presentation on theme: "Mail Server."— Presentation transcript:

1 Mail Server

2 DNS Distributed Directory Service
Maps names to values – resource records Major backbone of the internet Makes networks human friendly Defined (primarily) in RFC1034 and 1035

3 Mail Server A mail server (also known as a mail transfer agent or MTA, a mail transport agent, a mail router or an Internet mailer) is an application that receives incoming from local users (people within the same domain) and remote senders and forwards outgoing for delivery. A computer dedicated to running such applications is also called a mail server. Microsoft Exchange, qmail, Exim and sendmail are among the more common mail server programs.

4 Messaging system The mail server works in conjunction with other programs to make up what is sometimes referred to as a messaging system. A messaging system includes all the applications necessary to keep moving as it should. When you send an message, your program, such as Outlook or Eudora, forwards the message to your mail server, which in turn forwards it either to another mail server or to a holding area on the same server called a message store to be forwarded later. As a rule, the system uses SMTP (Simple Mail Transfer Protocol) or ESMTP (extended SMTP) for sending , and either POP3 (Post Office Protocol 3) or IMAP (Internet Message Access Protocol) for receiving .

5 Basics – an electronic message transmitted over a network from one user to another. Can be as simple as a few lines of text, or include attachments such as pictures or documents. made up 75% of network traffic soon after the introduction of the internet.

6 What Makes Up An Email The Header Who sent the email.
To whom the mail is sent. When the was sent. The subject. The size of the .

7 What Makes Up An Email The Body Attachments Contains the message.
May also contain an attachment. Attachments If not embedded within the body, attachments are sent along with the .

8 Electronic Mail: message format
SMTP: protocol for exchanging messages RFC 822: standard for text message format: header lines, e.g., To: Date: From: Subject: Message-ID: different from SMTP commands! Read $MAIL body the “message”, ASCII characters only header blank line body

9 Electronic Mail: MIME types Content-Type: type/subtype; parameters
Text example subtypes: plain, html Image example subtypes: jpeg, gif Audio example subtypes: basic (8-bit mu-law encoded), 32kadpcm (32 kbps coding)‏ Video example subtypes: mpeg, quicktime Application other data that must be processed by reader before “viewable” example subtypes: msword, octet- stream

10 Electronic Mail: MIME (multipurpose Intnet mail extensions)‏
MIME: multimedia mail extension, RFC 2045, 2056 additional lines in msg header declare MIME content type From: To: Subject: Picture of yummy crepe. MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Type: image/jpeg base64 encoded data ..... ......base64 encoded data MIME version method used to encode data multimedia data type, subtype, parameter declaration encoded data

11 How Works The model that works best for is the Client-Server model. Clients carry out user interactions with the server.

12 How Email Works Clients
Forms in which clients appear: Application based - these are installed onto user’s machines and include Microsoft Outlook and the freely available Outlook Express and Eudora. Web based - these appear in a web browser’s window and include Hotmail, Yahoo and Outlook web client.

13 Functionality Clients vary greatly in functionality, but all provide a basic level of functionality that assists the user. Basic functions include: Ability to create new s. Display and store received s. Hold address lists of contacts, a calendar, journal and other extra functions that help organize the user’s working day. The client is also configured with the account information and names or IP addresses of the servers with which it will be communicating.

14 How Email Works Servers
An server is typically a combination of processes running on a server with a large storage capacity – a list of users and rules, and the capability to receive, send and store s and attachments. These servers are designed to operate without constant user intervention. Should process s for months as sending, receiving and maintenance tasks are carried out at scheduled times. The client only has to connect to the server when it sends and checks/receives new . Sometimes it may be permanently connected to the server to allow access to shared address books or calendar information – this is typical of a LAN-based server.

15 How Servers work When the client calls the server to send or check for mail it connects to the server on certain TCP/IP ports: SMTP on port 25 POP3 on port 110.

16 How Servers work systems come in various formats, but the most common rely on a single server that provides both POP3 and SMTP services. Sometimes, in large organizations, these services are separated onto different servers.

17 SMTP SMTP uses persistent connections
SMTP requires message (header & body) to be in 7- bit ASCII SMTP server uses CRLF.CRLF to determine end of message

18 POP (Post Office Protocol)‏
POP is used to retrieve mail for a single user, typically the POP server has access from database messages created by an SMTP server. POPv1 is launched on October It was published in RFC 918. POPv3 is the recently standard POP use port 110

19

20 How POP3 Works The server host starts the POP3 service by listening on TCP port 110. A client establishes a TCP connection with the server host. When the connection is established the server sends a greeting. The client and the server exchange commands and responses until the connection is closed or aborted. The server can respond with a positive status sending "+OK" to the client or with a negative status sending "- ERR" to the client (both in uppercase).

21 Authorization state In this state, the client sends identification to the server. This is implemented in two ways (More information on authentication is described in RFC 1734): - Using USER and PASS commands - Using APOP command Transaction state In this state, the client can issue commands for listing, retrieving, and deleting. (the deleting action is not taken in this state). The client must send the QUIT command and then the server goes to the update state. Update state In this state, the server updates the mailbox according to the commands received from the client in the transaction state and the TCP connection ends. If the connection is broken for any reason before the quit command is received from the client, the server does not enter the update state. Thus, the server will not update anything.

22 Difference between POP3 and IMAP
POP3 works by reviewing the inbox on the mail server, and downloading the new messages to your computer.  IMAP downloads the headers of the new messages on the server, then retrieves the message you want to read when you click on it.  When using POP3, your mail is stored on your PC. When using IMAP, the mail is stored on the mail server. Unless you copy a message to a "Local Folder" the messages are never copied to your PC.

23 Threats Threats to the security of e-mail itself
Loss of confidentiality s are sent in clear over open networks s stored on potentially insecure clients and mail servers Loss of integrity No integrity protection on s; body can be altered in transit or on mail server Lack of data origin authentication Lack of non-repudiation Lack of notification of receipt

24 Threats Enabled by E-mail
Disclosure of sensitive information Exposure of systems to malicious code Denial-of-Service (DoS) Unauthorized accesses etc. Story: mailing of patent list to academic mailing list.

25 What are the Options Secure the server to client connections (easy thing first) POP, IMAP over ssh, SSL https access to webmail Protection against insecure wireless access Secure the end-to-end delivery The PGPs of the world Still need to get the other party to be PGP aware Practical in an enterprise intra-network environment

26 Email based Attacks Active content attack Buffer over-flow attack
Clean up at the server (AV, Defang) Buffer over-flow attack Fix the code Shell script attack Scan before send to the shell Trojan Horse Attack Use “do not automatically use the macro” option Web bugs (for tracking) Mangle the image at the mail server

27 Email SPAM Cost to exceed $10 billion
Fastcompany.com is reporting that 107 trillion s were sent in 2010 and that 89% were spam SPAM filtering Content based – required hits White list Black list Defang MIME

28 PGP PGP=“Pretty Good Privacy”
First released in 1991, developed by Phil Zimmerman Freeware: OpenPGP and variants: OpenPGP specified in RFC 2440 and defined by IETF OpenPGP working group. Available as plug-in for popular clients, can also be used as stand-alone software.

29 PGP Functionality Encryption for confidentiality. Signature for non-repudiation/authenticity. Sign before encrypt, so signatures on unencrypted data - can be detached and stored separately. PGP-processed data is base64 encoded In fact PGP-processed data can be used with any transport protocol. PGP-processed message is simply placed Into client edit window.

30 PGP Algorithms Broad range of algorithms supported:
Symmetric encryption: DES, 3DES, AES and others. Public key encryption of session keys: RSA or ElGamal. Hashing: SHA-1, MD-5 and others. Signature: RSA, DSS, ECDSA and others.

31 PGP Message

32 PGP Key Rings PGP supports multiple public/private keys pairs per sender/recipient. Keys stored locally in a PGP Key Ring – essentially a database of keys. Private keys stored in encrypted form; decryption key determined by user-entered pass-phrase.

33 Key Management for PGP Public keys for encrypting session keys / verifying signatures. Private keys for decrypting session keys / creating signatures. Where do these keys come from and on what basis can they be trusted? S/MIME and PGP address these questions in quite different ways. What goes wrong if you use the wrong public key to encrypt or verify?

34 PGP Key Management PGP adopts a trust model called the web of trust.
No centralised authority Individuals sign one another’s public keys, these “certificates” are stored along with keys in key rings. PGP computes a trust level for each public key in key ring. Users interpret trust level for themselves.

35 PGP Trust Levels Trust levels for public keys dependent on:
Number of signatures on the key; Trust level assigned to each of those signatures. Trust levels recomputed from time to time.

36 PGP Key Mgmt Issues Original intention was that all users would contribute to web of trust. Reality is that this web is sparsely populated. How should security-unaware users assign and interpret trust levels? Later versions of PGP support X.509 certs. Another HP story here: academic and HP employee using PGP as guerrilla secure solution.

37 PGP Message Generation

38 PGP Message Generation (cont’d)
The sending PGP entity performs the following steps: Signs the message: PGP gets sender’s private key from key ring using its user id as an index. PGP prompts user for passphrase to decrypt private key. PGP constructs the signature component of the message. Encrypts the message: PGP generates a session key and encrypts the message. PGP retrieves the receiver public key from the key ring using its user id as an index. PGP constructs session component of message

39 PGP Message Reception

40 PGP Message Reception Authenticating the message:
The receiving PGP entity performs the following steps: Decrypting the message: PGP get private key from private-key ring using Key ID field in session key component of message as an index. PGP prompts user for passphrase to decrypt private key. PGP recovers the session key and decrypts the message. Authenticating the message: PGP retrieves the sender’s public key from the public-key ring using the Key ID field in the signature key component as index. PGP recovers the transmitted message digest. PGP computes the message for the received message and compares it to the transmitted version for authentication.

41 SPAM & Phishing SMTP has no built-in way to verify the legitimacy of the message Anybody can say they are anybody else SMTP is far too prolific to try to replace it (demonstrate sending an as PayPal)

42 Fighting Spam Greylisting Content Filtering DNS-based Blacklists
This can get to be incredibly CPU intensive DNS-based Blacklists Consider Appliances and Outsourced Services

43 SPF and SenderID Concept is to validate the path the message took
SPF Record published in DNS gives a list of the servers authorized to send for a given domain Fairly Simple to create SPF Record Looks Like: v=spf1 a a:mail.domain.com ~all SPF Wizard at

44 Domain Keys Identified Mail (DKIM)
Cryptographic Hash to sign messages Public Key and policy information is distributed via DNS Private key is used to sign the message, and certain headers (From, To, Subject, etc) Recipients use public key to verify authenticity of the message Verifies a legitimate sender, and is not concerned about the path it took to get there. Fairly complicated to set-up

45 Sample DKIM Header DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=brandonchecketts.com; h= subject:to:message-id:date:from; s=mail; bh=t4KP+oqmtYCr/TS32vUW oYU+80M=; b=E2UmQVoQVm+XMopufIQ6bjnfN9as7R6R7x8ipJpLn/Xm+SM/fvt4 lV81G2Bt1hisa3V2SP+emw2ecpImC27o+olMA1XshTARGdUepTFWermUZ0WAaIt4 rWwqv+hpVd/r3RNkRmS+kNZv5uZYQ5PeulOHMBHvH4Q5R9XDWIe6MiU=

Download ppt "Mail Server."

Similar presentations

Kalpesh Vyas & Seward Khem

Kalpesh Vyas & Seward Khem
Email Protocols and Troubleshooting Brandon Checketts.

Protocols and Troubleshooting Brandon Checketts.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
1 Electronic Mail u Three major components: u user agents u mail servers u simple mail transfer protocol: SMTP u User Agent u a.k.a. “mail reader” u composing,

1 Electronic Mail u Three major components: u user agents u mail servers u simple mail transfer protocol: SMTP u User Agent u a.k.a. “mail reader” u composing,
Lesson 7: Business, , & Personal Information Management

Lesson 7: Business, , & Personal Information Management
CPSC 441: FTP & SMTP1 Application Layer: FTP & Instructor: Carey Williamson Office: ICT 740 Class.

CPSC 441: FTP & SMTP1 Application Layer: FTP & Instructor: Carey Williamson Office: ICT Class.
Electronic Mail and SMTP

Electronic Mail and SMTP
Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 15 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Esimerkki: Sähköposti. Lappeenranta University of Technology / JP, PH, AH Electronic Mail Three major components: user agents mail servers simple mail.

Esimerkki: Sähköposti. Lappeenranta University of Technology / JP, PH, AH Electronic Mail Three major components: user agents mail servers simple mail.
Guide to Operating System Security Chapter 10 E-mail Security.

Guide to Operating System Security Chapter 10 Security.
Simple Mail Transfer Protocol

Simple Mail Transfer Protocol
Introduction 1 Lecture 7 Application Layer (FTP, e-mail) slides are modified from J. Kurose & K. Ross University of Nevada – Reno Computer Science & Engineering.

Introduction 1 Lecture 7 Application Layer (FTP, ) slides are modified from J. Kurose & K. Ross University of Nevada – Reno Computer Science & Engineering.
Mail Server Fitri Setyorini. Content SMTP POP3 How mail server works IMAP.

Mail Server Fitri Setyorini. Content SMTP POP3 How mail server works IMAP.
E-mail-I CS-3505 Wb_e-mail-I.ppt. Email 4 The most useful feature of the internet 4 Lots of different email programs, but most of them can talk to each.

-I CS-3505 Wb_ -I.ppt. 4 The most useful feature of the internet 4 Lots of different programs, but most of them can talk to each.
Electronic Mail Three major components: SMTP user agents mail servers

Electronic Mail Three major components: SMTP user agents mail servers
» Explain the way that electronic mail (e-mail) works » Configure an e-mail client » Identify e-mail message components » Create and send e-mail messages.

» Explain the way that electronic mail ( ) works » Configure an client » Identify message components » Create and send messages.
Lecture 9: Email Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.

Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.
Introduction 1-1 Chapter 2 FTP & Email Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 IC322 Fall.

Introduction 1-1 Chapter 2 FTP & Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 IC322 Fall.
SMUCSE 5349/49 Email Security. SMUCSE 5349/7349 Threats Threats to the security of e-mail itself –Loss of confidentiality E-mails are sent in clear over.

SMUCSE 5349/49 Security. SMUCSE 5349/7349 Threats Threats to the security of itself –Loss of confidentiality s are sent in clear over.
2: Application Layer1 Chapter 2 Application Layer These slides derived from Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross.

2: Application Layer1 Chapter 2 Application Layer These slides derived from Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross.

Similar presentations

Ads by Google