Internet Draft B. Crouzet Document: draft-crouzet-amtp-00.txt Institute of Technology Tallaght Expires: December 2003 June 2003 Authenticated Mail Transfer Protocol Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. Abstract Authenticated Mail Transfer Protocol is a second version of Simple Mail Transfer Protocol. Authenticated Mail Transfer Protocol (AMTP) improves Simple Mail Transfer Protocol (SMTP) and modifies the protocol in order to protect email against anonymous mails. The improvements included in Authenticated Mail Transfer Protocol will be helpful for the Internet community. The purpose of this document is to describe the different states of Authenticated Mail Transfer Protocol to the Internet community. There are five states: => Identified: It is used to identify the user to the server. => Email: It is used to send an email. => Logout: It is used to release any resources in the server when the user closes the connection. => Information: It is used to inform the recipientÆs server that an email is waiting to be retrieved on the senderÆs server. => Retrieved: It is used to instruct the recipientÆs server to retrieve the email from the senderÆs server. Crouzet Expires - October 2003 [Page 1] Authenticated Mail Transfer Protocol April 20033 An open relay server is important to transfer an email without a route to the recipientÆs server. A Authenticated Mail Transfer Protocol server can be located behind different gateways like routers, a proxy server or a firewall that protect the network. This document also presents the new command: HEAD. Furthermore, it explains Authenticated Mail Transfer Protocol commands, reply codes, advantages and disadvantages. A hacker is the most likely person to try and to crack the system, and this solution prevents him/her from doing so. Conventions used in this document SA => SenderÆs Server: SA represents a SMTP server where the sender is known. SB => RecipientÆs Server: SB represents a SMTP server where the recipient is located. In examples, "C:" and "S:" indicate lines sent by the client and server respectively. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC-2119. Table of Contents 1. Introduction...................................................4 2. Presentation of Authenticated Mail Transfer Protocol (AMTP)....5 2.1 Transmission Control Protocol/Internet Protocol (TCP/IP) Model ...............................................................5 2.1.1 Data Link Layer......................................6 2.1.2 Network Layer........................................6 2.1.3 Transport Layer......................................7 2.1.4 Application Layer....................................8 2.2 General View...............................................8 2.3 Explanation................................................8 2.4 Goals.....................................................10 3. Authenticated Mail Transfer Protocol States...................10 3.1 Identified State..........................................10 3.1.1 Presentation........................................10 3.1.2 Command.............................................10 3.2 Email State...............................................11 3.2.1 Presentation........................................11 3.2.2 Command.............................................11 3.3 Logout State..............................................11 Crouzet Expires - October 20033 [Page 2] Authenticated Mail Transfer Protocol April 20033 3.3.1 Presentation........................................11 3.3.2 Command.............................................12 3.4 Information State.........................................12 3.4.1 Presentation........................................12 3.4.2 Command.............................................12 3.5 Retrieved State...........................................13 3.5.1 Presentation........................................13 3.5.2 Command.............................................13 4. Relay.........................................................13 4.1 Presentation..............................................13 4.2 Description...............................................14 4.3 Result....................................................15 5. Protections for the network...................................15 5.1 Presentation..............................................15 5.2 Router....................................................17 5.2.1 1 router............................................17 5.2.2 3 Routers...........................................17 5.3 Firewall..................................................17 5.3.1 Linux...............................................17 5.3.2 Windows.............................................17 5.4 Proxy.....................................................18 5.4.1 Linux...............................................18 5.4.2 Windows.............................................18 5.4.3 Solutions...........................................18 5.5 Proxy and Firewall........................................18 5.5.1 Linux...............................................18 5.5.2 Windows.............................................19 5.6 Result....................................................19 6. Authenticated Mail Transfer Protocol Header...................19 6.1 Presentation..............................................19 6.2 RELAY Tag.................................................19 6.3 HEAD Tag..................................................20 6.4 BODY Tag..................................................20 6.5 Command...................................................21 7. Authenticated Mail Transfer Protocol Commands.................21 7.1 Optional Commands.........................................21 7.2 Obsolete Commands.........................................21 7.3 Order of commands.........................................22 7.4 Authenticated Mail Transfer Protocol Procedures...........23 7.4.1 Simple Procedure....................................23 7.4.2 Procedure using optional commands...................24 7.4.3 Procedure with RSET command.........................26 8. Authenticated Mail Transfer Protocol Reply codes..............27 8.1 New Reply Codes...........................................27 8.2 Reply Codes from Request For Comment 2821.................28 9. Authenticated Mail Transfer Protocol Information..............28 9.1 Advantages................................................28 9.2 Disadvantages.............................................29 9.3 Denial of Service (DoS)...................................29 Crouzet Expires - October 20033 [Page 3] Authenticated Mail Transfer Protocol April 20033 9.4 Hackers...................................................30 9.5 Protections...............................................30 9.6 Trace.....................................................31 9.7 Testing...................................................31 9.8 Communication between AMTP and SMTP.......................31 10. Conclusion...................................................32 Security Considerations..........................................32 References.......................................................32 Appendix.........................................................32 Appendix A: Acronyms..........................................32 Appendix B: Terminology.......................................33 Author's Addresses...............................................34 Copyright Notice.................................................34 1. Introduction Authenticated Mail Transfer Protocol (AMTP) uses the Transmission Control Protocol/Internet Protocol (TCP/IP) model to communicate across the network. AMTP is a five states process that reduces spam mails and stops anonymous mails. There are three Client-to-Server communication states (Identified, Email and Logout State) and two Server-to-Server communication states (Information and Retrieved State). The first user (i.e., Client-to-Server) state is the Identified state. The protocol asks for a username and a password to identify the user. The user has to log in successfully before he/she can use the server. The second user state is the Email state. The user can employ any protocolÆs commands to send an email. Once the user has logged onto the server, he/she does not have to enter his/her email address any more. The server will automatically add the email address to the message header. The last user state is the Logout state. The user is logged onto the system therefore he/she has to be logged out. There is also a new transaction between two servers. There are two states, that the server has, for answering commands: SELO and SEMA. The first Server-to-Server state is the Information state, whereby the senderÆs server informs the recipientÆs server that an email is waiting to be retrieved. The second Server-to-Server state is the Retrieved state, whereby the recipientÆs server retrieves the email from the senderÆs server. A relayÆs server allows a senderÆs server to route any mails without the address of the recipientÆs server. A relayÆs server transmits the mail to the recipientÆs server or another relayÆs server like a normal server-to-server communication. In order to protect a network, it is possible to use a router, a firewall or a proxy server associated with a firewall. Under these protections, AMTP is operational. AMTP does not work behind a proxy server. Crouzet Expires - October 20033 [Page 4] Authenticated Mail Transfer Protocol April 20033 In SMTP, the protocol makes no difference between the header and the data of the message. However when inserting the command HEAD in AMTP, the difference will be noticeable. This protocol both adds and removes commands from SMTP. The Authenticated Mail Transfer Protocol procedures are demonstrated. It also adds new reply codes and uses identical reply codes from SMTP. The Identified state has advantages as well as disadvantages. A hacker will have more difficulties to crack the system and send an anonymous mail. That is to say, that AMTP protects the user from receiving anonymous mails. However, the system will need to perform more tasks. In order to achieve a complete transaction, it would have to connect to the recipient server, send a unique number and close the connection. Then the recipientÆs server would have to establish a connection to the senderÆs server and retrieve the email on the senderÆs server. There are the two transactions, which will make it difficult for a hacker to send an anonymous mail. In the Appendix chapter, acronyms and terminology are defined in Appendix A and B. 2. Presentation of Authenticated Mail Transfer Protocol (AMTP) 2.1 Transmission Control Protocol/Internet Protocol (TCP/IP) Model Figure 1 presents the layered model of TCP/IP. TCP/IP model is used to communicate across any set of interconnected networks. TCP/IP model refers to its two main standards: Internet Protocol (IP) in the Network layer and Transmission Control Protocol (TCP) in the Transport layer. The principle works as follows: any layer (for example, the network layer) uses the services of the layer below it (in this case the Data Link layer) without knowing how that layer provides these services. For instance, the network layer will provide services to the layer located above it (in this case the Transport layer). The goal of this architecture is to allocate tasks to the different layers. Indeed, this work could not be handled by only one protocol, considering the amount of work it requires. A single protocol would be very complex and non-progressive. --------------------------------------------------------------------- Application layer: Telnet, POP3, IMAP4, and SMTP. Transport layer: TCP, UDP Network layer: IP, ICMP Data link layer: HDLC, PPP Crouzet Expires - October 20033 [Page 5] Authenticated Mail Transfer Protocol April 20033 Physical layer: ISO 8802 standard, IEEE 802 --------------------------------------------------------------------- Figure 1: Presentation of the TCP/IP layers --------------------------------------------------------------------- The Physical layer covers the physical interface between a data transmission device and a network. The Network Access layer deals the exchange of data between an end system and the network to which it is attached. The Internet layer provides the routing function across multiple networks. It is where Internet Protocol (IP) is used. The Transport layer or host-to-host layer insures the arrival of all data at their destination application and the order in which packets were sent. Transmission Control Protocol (TCP) is most commonly used to provide this function. The Application layer contains the logic needed to support the various user applications, where Simple Mail Transfer Protocol (SMTP) or Authenticated Mail Transfer Protocol (AMTP) is located. The SMTP or AMTP header manipulates and presents the data to a user. It analyses commands and sends a reply to a user. 2.1.1Data Link Layer The Ethernet header contains the source and destination Ethernet address, and a checksum field. The Ethernet address is known as MAC address. It is a unique number that is used to recognise a network card. The manufacturer is the one that generates this number. The Ethernet header finds any packet addresses to the recipientÆs computer on the network. In the Ethernet header, there is a checksum field located at the end of the packet. The checksum field is used to measure the checksum of the packet. It validates the number of octet in the packetÆs length. This layer is responsible for discovering any packet addresses to its computer on the network. The layer takes a packet from the network wire, strips away any Ethernet header information and passes the packet to the Network layer. This layer is also responsible for comparing the value of the packetÆs length with the checksum field. If the result is incorrect, the layer asks the sender to send back the packet. If it is correct, the packet goes to the Network layer. 2.1.2Network Layer Internet Protocol (IP) is the routing layer datagram service of the TCP/IP model. IP routes frames from host to host. The IP header contains routing and control information to transport the packet successfully. The IP header includes the source and destination Internet address, the protocol number, and another checksum field. Internet address is 32 bits binary number such as ô12.1.1.1ö recognised as a machineÆs address. The protocol number tells IP where to send the packet to the following layer in TCP/IP model. The Crouzet Expires - October 20033 [Page 6] Authenticated Mail Transfer Protocol April 20033 checksum allows IP to verify that the header was not being damage during the transport. IP is the protocol that hides the underlying physical network by creating a virtual network view. It is an unreliable and best-effort connectionless packet delivery protocol. It has no reliability, flow control or error recovery to the underlying network interface protocol. IP is not capable of handling lost, out of order, or even duplicated packets. Higher layers provide these facilities. The maximum length or frame limitation is set to 1500 bytes. Instead of limiting the IP datagram length to a maximum, IP can deal with fragmentation and re-assembly of its datagrams. IP is able to separate the packet on the sender side and to put it together on the recipient side. An important function of the IP layer is IP routing. It provides the basic mechanism for routers to interconnect different physical networks, i.e. an Internet host can simultaneously function as a normal host and a router. The protocol is responsible to locate a route and to transmit a packet to its recipient. 2.1.3Transport Layer Transmission Control Protocol (TCP) provides a reliable stream delivery and virtual connection service to applications throughout the use of sequenced acknowledgement with retransmission of packets when needed. TCP is located at the transport layer in the TCP/IP model. The TCP header contains a source and destination port number, an acknowledgement number, and a sequence number. The port number recognises an application, the acknowledgement number indicates that the recipient receives the packet and the sequence number numbers the octets in the packet and delivers them in the right order. TCP advantages are: => Stream Data Transfer: TCP sets the data into basic blocks or datagrams by grouping the bytes in TCP segments. TCP itself decides how to segment the data. => Reliability: TCP assigns a sequence number to each byte transmitted, and expects a positive acknowledgment (ACK) from the receiving TCP. If the ACK is not received within a timeout interval, the data is retransmitted. The receiving TCP uses the sequence numbers to rearrange the segments as they arrive out of order, and to eliminate duplicate segments. => Full Duplex: TCP provides concurrent data streams in both directions. => Flow Control: The receiving TCP, when sending an ACK back to the sender, also indicates to the sender the number of bytes it can receive beyond the last received TCP segment, without causing overrun and overflow in its internal buffers. Crouzet Expires - October 20033 [Page 7] Authenticated Mail Transfer Protocol April 20033 => Logical Connections: TCP initialises and maintains certain status information for each data stream. The combination of the reliability and flow control mechanisms is called a logical connection. To sum up, TCP provides end-to-end reliable communication. It ensures the retransmission of any lost packets, puts in order the received packets and acknowledges any packets to the sender. TCP is safe; in any case, the packet arrives to the recipient. 2.1.4Application Layer The Authenticated Mail Transfer Protocol (AMTP) header handles and presents the data to the user. It analyses commands and sends an answer to the user. It is located at the Application layer in the TCP/IP model. This is where the implementation of AMTP is located. 2.2 General View The following figure describes the States of Authenticated Mail Transfer Protocol in a general view. In the Identified state, the user has to be identified before he/she sends the email. The user writes his/her email in the Email state. At the end of the message, the server delivers the email to the recipient. If the recipient is internal, the email is immediately delivered to the recipientÆs mailbox. If the recipient is external, the sender server uses the Information state. The recipientÆs server executes the Retrieved state to retrieve the email from the senderÆs server. These two states are reserved to the server and are the result of the solution to recognise a user, reduce spam mails and stop anonymous mails. --------------------------------------------------------------------- User -> Identified State -> Email State Logout State Sender server -> Information State -> Logout State Recipient server -> Retrieved State -> Logout State --------------------------------------------------------------------- Figure 2: General View of Mail Transfer Protocol --------------------------------------------------------------------- 2.3 Explanation The server host starts the Authenticated Mail Transfer Protocol service by listening to the port 26. The client establishes a TCP connection with the server. He/she can use the command telnet 26. If the server accepts the connection, it sends back a reply code 220. Now the server and the client can exchange commands and responses. The server or the client can close or abort the connection at any time. The Authenticated Mail Transfer Protocol session progresses through a number of steps during its lifetime. Once the TCP connection has been Crouzet Expires - October 20033 [Page 8] Authenticated Mail Transfer Protocol April 20033 opened and the AMTP server has accepted the transaction, the session enters into the Identified State. In this state, the user must identify himself to the server. Once the user has successfully done this, the session enters into the Email State. In this state, the user will be allowed to request an action from the server. He/she can send an email to a random user. When the user has finished his/her session, he/she has to enter the command QUIT and the session enters into the Logout State. Therefore, the server releases no more information and closes the network connection (TCP), database connection or files. Authenticated Mail Transfer Protocol contains two serverÆs states: Information and Retrieved states. These states are reserved to the mail server only and occur in cases where the server has to send an external email. A user will be able to call the command but the transaction will be aborted after the server recognises the parameters are incorrect. Only one server knows the user, it is the senderÆs server. The recipientÆs server accepts information coming from the senderÆs server or a user. The only thing mailÆs servers have in common is the port 25. It is the only piece of information that a server can recognise another mailÆs server. The port 25 makes sure that the transaction takes place between two mail servers and not between a user and a server. The first state is the Information State. In this state, the senderÆs server informs the recipientÆs server that an email is waiting to be delivered. The senderÆs server gives the recipientÆs server a number that refers to the email, the recipient's address and its IP address or domain name. The IP address or domain name is required to allow the recipientÆs server to connect into the senderÆs server. The second state is the Retrieved State. In this state, the recipientÆs server connects to the senderÆs server to retrieve an email. It gives the number and the recipient address that has been passed in the Information State. When these states are completed, the transaction enters in to the Logout State to close the connection and stop releasing information. These two states are automatic and fast. It is only two computers that are exchanging data. A timeout can be created when the server is waiting for a command. The two functions of these servers are to send and read information. They do not perform tasks that require time, resource or memory. A graphical representation of Authenticated Mail Transfer Protocol can be found in the Appendix C. The flowchart describes some actions and events of the protocol. It also gives a descriptive view of the protocol. Crouzet Expires - October 20033 [Page 9] Authenticated Mail Transfer Protocol April 20033 2.4 Goals This solution solves the problem of anonymous email. Therefore, everyone knows where the email comes from. The sender exists and the senderÆs server recognises him/her. It does not stop spam mails but a user has the possibility to avoid it and locate the sender. The solution still has to be tested to see if a hacker can crack it and if this solution is feasible on the network. 3. Authenticated Mail Transfer Protocol States 3.1 Identified State 3.1.1Presentation This state is important because it protects the user from anonymous email. Two new commands have been added to realise this state. The user connects to the server and receives the reply code 220 that means that the connection is successful and allows the user enters into the Identified State. In this state, the user types the command USER that means he/she wants to be identified by the server. The server answers by the reply code 250 when it is ready to recognise the user. The user can also quit the connection at any time by typing the command QUIT. In this case, the server will close any resources. The user types his/her username and password. Any user can be identified with these parameters. There are three types of answers for the server. In the case the username and password correspond to one user, the server replies with the code 250 and sends him/her a welcome message and the serverÆs capabilities that give some helpful information about serverÆs capabilities to the user. The server now knows the user who can use now any AMTP commands. In the case the username and password are incorrect, the server replies with the code 401. After the third try from the user, the server closes the connection and replies with the code 555. 3.1.2Command USER The user enters the command USER to inform the server that he/she wants to be identified by the server. It is the first step for a user: Before he/she can send any email, he/she has to be identified by the server. The command USER does not need any parameters. The user has entered the command USER. Now he/she needs to enter his/her username and password. In order to protect the user, the username has to be different from his/her email address and make sure that there is no space between words. Also, the username and password are entered after the command USER in order to protect these data. It will be difficult for a hacker to find these parameters. If the hacker listens to the network, he/she has to catch the command USER and the packet with the username and password data. Crouzet Expires - October 20033 [Page 10] Authenticated Mail Transfer Protocol April 20033 3.2 Email State 3.2.1Presentation In this state, the user can send an email. Once the user is logged into the server, he/she does not have to enter his/her email address any more. The server will add his/her email address to the header of the message. The command MAIL FROM has been removed from the protocol. The header ôFromö is still needed in the message. The user enters the recipientÆs address. He/she types the command RCPT TO: . The server validates the email address and acknowledges if the recipientÆs email is internal or external to the system. If it is internal, the server checks if the user exists or not. If the user does not belong to the server, the server sends back an error. If the email is external, the server continues the process. The user will be able to enter a complete header with the command HEAD. This command separates the header of the message from its body. This command is describes in section 6: ôAuthenticated Mail Transfer Protocol Headerö in this document. After this, the user enters the command DATA to specify the messageÆs body. The user writes the data. The server saves these data into an email. If the recipientÆs email is internal, the AMTP server transports the message to the recipientÆs mailbox directly. If the recipient email is external, the AMTP server starts the Information State. 3.2.2Command RCPT TO: [, ] This command is used to identify an individual recipient of the mail data. It is the same command described in RFC 2821 [5], therefore reply codes are the same. The parameter for this command can be a list of recipientÆs addresses separated by a coma (æ,Æ). The command returns information about the validity of the recipientÆs address. DATA The user uses this command to enter the data of the message. When the server accepts the command DATA, it has to send a message to the recipient. The server keeps a trace of it, either for relaying or for final delivery, by using the line ôReceived Fromö in the header of the message. This trace indicates the identity of the host. It is the same command described in RFC 2821. Reply codes are the same. 3.3 Logout State 3.3.1Presentation The Logout State is what closes the connection between the server and the client when the user has finished with his/her email and wants to leave the server. The server will stop releasing any of the resources used like the database, the TCP channel, files and the thread. The Crouzet Expires - October 20033 [Page 11] Authenticated Mail Transfer Protocol April 20033 user uses the command QUIT to close the connection. In this process, it is important that the server closes every resource. 3.3.2Command QUIT The command QUIT does not need any parameter. The server replies with the code 221. It is only after this reply code that the transaction is finished. 3.4 Information State 3.4.1Presentation In this state, the senderÆs server (SA) contacts the recipientÆs server (SB). This state is reserved for the server only. SA connects to SB and receives the reply code 220. Then, SA sends the command SELO with three parameters. The three parameters are the domain name of SA, a unique number created by SA and the recipient address. SB verifies if the domain name or IP address corresponds to the parameters found in the network packet. SB checks if the recipient exists or not in its server. If the recipient is unknown, SB sends the error back to SA, SA sends it back to the user and deletes the message. If the process is handled successfully, SB continues with the Retrieved state. In case the server is a relay to distribute the email, the senderÆs server proceeds normally. The relayÆs server will retrieve the email and send the number to the recipientÆs server. The senderÆs server will only proceed with the relayÆs server, which is a useful tool for sending emails to everyone everywhere. The senderÆs server will use it to send email around the world without knowing some of the mail servers. The relayÆs server needs the ability to answer the command SELO and to provide the action for the Retrieved State. The relayÆs server does not require to check the recipient. In a relayÆs server, the domain name is the only barrier that could stop an email from being sent. 3.4.2Command SELO The command SELO needs three parameters: DOMAIN, NUMBER and RECIPIENT. The parameter DOMAIN can be the IP address or the domain name of SA. It allows SB to establish a connection with the server. The parameter NUMBER is the identifier of the message. This parameter allows SA to recognise the message. The parameter RECIPIENT is the recipient's address. SA saves these parameters and the address of the recipientÆs server. The parameter RECIPIENT is used to identify an individual recipient of the mail data. If the server knows the recipient or if the domain name is in the relay table, SB answers by the reply code 250. If the user is not recognised by the server or if the domain name is not on Crouzet Expires - October 20033 [Page 12] Authenticated Mail Transfer Protocol April 20033 the relay table, SB sends back the reply code 550. The relay table is a list of domain names where the server relays emails to another server. In case of success, SB enters into the Retrieved State. 3.5 Retrieved State 3.5.1Presentation In the Retrieved State, the recipientÆs server (SB) establishes a connection with the senderÆs server (SA) to retrieve the email with the number given in the Information state. If the connection is successful, SA answers by the reply code 220. Then, SB sends the command SEMA with two parameters separated by colon (æ:Æ). These two parameters are the recipient address and the unique number. SA checks if these parameters exist or not in its mail queue. If the number, the address of SB and recipientÆs address are correct, the message will be given to SB. SB saves the message and the email appears in the recipientÆs mailbox. In case the number and the recipient address are incorrect, SA sends an error message to SB. The relayÆs server proceeds through this state. The difference between a relayÆs server and a recipientÆs server is that the relayÆs server will start the Information State to inform another relayÆs server or the recipientÆs server. The relayÆs server will save the email and create a number to use the command SELO. It implements a relay queue to keep sending the email. 3.5.2Command SEMA : This command is reserved to the server. It needs two parameters: RECIPIENT and NUMBER. The parameter RECIPIENT is the recipient address. The parameter NUMBER is a number used to recognise the email on SA. If the number exists, SA will send the data together. If the number is wrong, the connection will be closed. If the message has not been retrieved and the lifetime of the email has expired, the AMTP server will inform the sender about it. The sender can resend the message. The AMTP server will keep a trace of this message and inform the administrator about the fact that the message has not been retrieved. The administrator can think about the reason why the message was not delivered. 4. Relay 4.1 Presentation An open relay is an AMTP server that allows people to relay emails. By processing mail that is not for or from a local user, an open relay makes it possible for an unscrupulous sender to route large volumes of spam. A user can send an email to his/her server and use the open relay server to transfer a mail to other servers. Crouzet Expires - October 20033 [Page 13] Authenticated Mail Transfer Protocol April 20033 With this solution, the open relay server will do exactly the same transaction as a recipient server. It receives the notification for an email and retrieves the email. After this transaction, it will inform the recipient server that a mail has to be retrieved on the relayÆs server. It is more work for the open relay server. The email will arrive to the sender even if the mail passes by an open relay server. The transaction between the sender and the recipient within an open relay will be longer than if there were a direct link between the two servers. The advantages are that the spammer cannot use the open relay to send anonymous mail and the senderÆs server does not have to know each recipientÆs server to transfer an email. 4.2 Description --------------------------------------------------------------------- Sender <- AMTP -> Sender Server <- AMTP -> Relay Server <- AMTP -> Recipient Server <- POP or IMAP -> Recipient --------------------------------------------------------------------- Figure 3: Presentation of transaction with a relay server --------------------------------------------------------------------- The senderÆs server transfers an external email to the relayÆs server. When the route to send a mail to the recipient is not known by the senderÆs server, it goes through a relayÆs server to accomplish the transaction. The senderÆs server enters into the Information State and informs the relayÆs server that an email is waiting to be retrieved. The relayÆs server accepts the email if it knows the recipientÆs server or another relayÆs server that it can send the email to by checking its route table. It goes into the Retrieved State. The relayÆs server retrieves the email from the senderÆs server. Instead of saving the email in the userÆs mailbox, it saves the email as an external email and informs the recipientÆs server or another relayÆs server about it. The email is saved into the relayÆs server and the senderÆs server has sent this email. The relayÆs server is in the Information State and waits for an answer from the recipientÆs server. The recipientÆs server checks the recipientÆs address and validates the mailÆs address. If the user does not exist, it sends back an error message to the relayÆs server that sends a mail to the sender to informs him/her about the fact that the recipientÆs address is incorrect. If the mail address is correct, the recipientÆs server enters into the Retrieved State. It retrieves the email from the relayÆs server and saves the email into the userÆs mailbox. The transaction between a senderÆs server and a relayÆs server is identical to a transaction between a senderÆs server and a recipientÆs server. The same transaction is also used between a relayÆs server and a recipientÆs server. The difference in a relayÆs Crouzet Expires - October 20033 [Page 14] Authenticated Mail Transfer Protocol April 20033 server is that the email has to be sent to another server. The relayÆs server will change the parameter NUMBER in the command SELO, by creating a new one to avoid a copy of the message. 4.3 Result The procedure is: --------------------------------------------------------------------- Step1: Sender MailÆs client --> SenderÆs server Using AMTP logout state, AMTP identified state and AMTP mail state --------------------------------------------------------------------- Step 2: SenderÆs server --> RelayÆs server Using AMTP information state SenderÆs server <-- RelayÆs server Using AMTP Retrieved state --------------------------------------------------------------------- Step 3: RelayÆs server --> RelayÆs server Using AMTP information state RelayÆs server <-- RelayÆs server Using AMTP Retrieved state --------------------------------------------------------------------- Step 4: RelayÆs server --> RecipientÆs server Using AMTP information state RelayÆs server <-- RecipientÆs server Using AMTP Retrieved state --------------------------------------------------------------------- Step5: RecipientÆs server <-- Recipient MailÆs client Using POP3 or IMAP transaction --------------------------------------------------------------------- Authenticated Mail Transfer Protocol is operational as a relay server. The relayÆs server is used to transfer mails to a recipientÆs server. Authenticated Mail Transfer Protocol is therefore protected against anonymous mails. A user can send an email to his/her server and use the relayÆs server to transfer the mail to other server. 5. Protections for the network 5.1 Presentation In order to protect a network, it is possible to use a router, a firewall, a proxy server or a firewall associated with a proxy server. It is important to accept or refuse requests coming from Crouzet Expires - October 20033 [Page 15] Authenticated Mail Transfer Protocol April 20033 outside the network or going out of the network. A network has to be protected in order to increase the security of the userÆs data. Figure 4 represents one possibility of protection of a network. The network 1 is outside the network 2. The router, the firewall or the proxy server can be used as a gateway. It would allow the network 2 to establish a route to the network 1. When an administrator combines these protections, the diagram of the network is different. In any case, an administrator needs a gateway to connect the network 1 with the network 2. The design of the network 2 can be different. It is possible to have a firewall, a proxy server and a router separately or working together. --------------------------------------------------------------------- Sender <- AMTP -> Sender Server on network 1 <- AMTP -> Firewall, Router or proxy server <- AMTP -> Recipient Server --------------------------------------------------------------------- Figure 3: Presentation of protections for the network --------------------------------------------------------------------- The first protection is a router. It connects a network to another network. Many routers connected to each other create the World Wild Web. The Access List is used to ban or to authorise some packets to enter the network. The Access list has to be configured in the router configuration. The second protection is a firewall, which is used to filter IP packets going into, or coming out of the network. A firewall can block, forward or pass the packet to the final recipient. The firewall can be setup to filter a protocol (TCP, UDP or ICMP), a port, an IP address or a range of IP address. A firewall is the most powerful tool to filter the packets from the network but not to protect the IP address of the network. The last protection is a proxy server, which is used to filter the packet going into, or coming out of the network. It is similar to a firewall but the proxy server will keep the network completely inaccessible from outside the network. The proxy server redirects any queries (HTTP, SMTP or FTP) to the server in charge of the protocol whether it is inside or outside the network. From an outside point of view, the user believes the proxy server is the server in charge of the protocol. He/she cannot establish a connection to any server inside the network except for the proxy server. In order to establish a transaction going out of the network, the user establishes a connection to the proxy server and then the proxy server request the userÆs queries. The proxy server changes the user IP address in the packet and replaces it by its IP address. An administrator can combine these protections and obtain a well- protected and secured network. The challenge for him/her is to find Crouzet Expires - October 20033 [Page 16] Authenticated Mail Transfer Protocol April 20033 the right configuration that protects every server and computer, and allows the user to have access to every data authorised outside and also inside the network. 5.2 Router 5.2.11 router A router type CISCO 2600 has been used to establish the connection between two networks. The router allows the network ô192.5.5.0ö to be connected to the network ô205.7.5.0ö. These two networks can transfer data to one another. Without configuring the Access List, Authenticated Mail Transfer Protocol is operational. The senderÆs server can establish a connection to the recipientÆs server and send an email. The router passes the information to any AMTP servers. It is a gateway between these two networks. 5.2.23 Routers A router type CISCO 2600 and two routers type CISCO 2504 has been used to establish the connection between two networks through two other networks. Again, AMTP is working perfectly. The AMTP server in the network ô192.5.5.0ö can establish a connection and transfer a message to the recipient server in the network ô223.8.151.0ö using the network ô201.100.11.0ö and ô199.6.15.0ö. The routers are able to set up a virtual route between the two AMTP servers. This virtual route delivers any packets to the recipient server. 5.3 Firewall 5.3.1Linux The command IPCHAINS realises a firewall under Linux. The Linux version is a Red Hat 6.0. The firewall routes any packets with the port 26 between the two networks and blocks any other requests. The Linux computer contains two network cards and a route has to be added to connect these two networks. The configuration of the firewall is used to let pass the port 26. Authenticated Mail Transfer Protocol is operational. The senderÆs server can establish a connection to the recipientÆs server and send an email. The firewall passes the information to the recipient server [4]. 5.3.2Windows The software ôSolidShare 2.0ö is used as a firewall. The configuration of the firewall is very simple. It is possible to block ICMP, UDP or TCP packets, or ports. The firewall accepts TCP connections and refuses UDP and ICMP. The configuration has to be studied in detail to obtain a well-protected network. Authenticated Mail Transfer Protocol is operational. The senderÆs server can establish a connection to the recipientÆs server and send an email. The router passes the information to any AMTP servers [13]. Crouzet Expires - October 20033 [Page 17] Authenticated Mail Transfer Protocol April 20033 5.4 Proxy 5.4.1Linux The proxy server is ôTCPPROXY 1.1.6ö. It is a proxy for TCP/IP protocols. AMTP does not work with a proxy server because a proxy server changes the IP address in the packet and the server inside the network cannot establish a connection to a recipient server. The senderÆs or the recipientÆs server has to use the IP address of the proxy server which will redirect it to the recipientÆs server or to the senderÆs server. The proxy server is a relay between the two servers except that it does not work like a relayÆs server. The proxy server just changes the IP address in the packet and not in the command SELO. Authenticated Mail Transfer Protocol is not operational because AMTP servers cannot use the command SELO [14]. 5.4.2Windows The proxy server is ôGateKeeper Pro 4.5ö. Like the operating system Linux, AMTP does not work with a proxy server. Authenticated Mail Transfer Protocol is not operational because AMTP servers cannot use the command SELO [3]. 5.4.3Solutions Two solutions can make Authenticated Mail Transfer Protocol operational. The first solution is to install the mail server on the proxy server. The proxy server is not operational on port 26 because the mail server listens to the port 26 first. The second solution is to change the command SELO. The proxy server changes the IP address of the packet but not the IP address in the command SELO. If the command SELO does not send its IP address as a parameter and if the recipient server uses the IP address of the packet, Authenticated Mail Transfer Protocol is operational. This solution should be considered with caution because it can decrease the security of the network. 5.5 Proxy and Firewall To obtain a well-protected network, an administrator installs a firewall and a proxy server on each machine. The proxy server will be used to hide any IP address on the network and to route HTTP requests. The firewall will block or allow some ports to be accessible from outside and also inside the network. For AMTP, the port 26 needs to be open on the firewall, which let any packets pass with the port 26 inside. The proxy server cannot interfere in the packet because the firewall has already decided what to do with the packet. Authenticated Mail Transfer Protocol is operational. 5.5.1Linux The proxy server is ôTCPPROXY 1.1.6ö and the command IPCHAINS creates a firewall under Linux. Authenticated Mail Transfer Protocol is operational because the firewall overloads the proxy server. The two servers can exchange information. Crouzet Expires - October 20033 [Page 18] Authenticated Mail Transfer Protocol April 20033 5.5.2Windows The software ôSolidShare 2.0ö is used as a firewall and ôGateKeeper Pro 4.5ö as a proxy server. As the operating system Linux, Authenticated Mail Transfer Protocol is operational. 5.6 Result A router, a firewall, or a proxy server associated with a firewall working as a gateway makes Authenticated Mail Transfer Protocol operational. The sender and the recipient servers can exchange data. The proxy server does not make Authenticated Mail Transfer Protocol operational without any change in the protocol. Two solutions have been presented to solve the problem. 6. Authenticated Mail Transfer Protocol Header 6.1 Presentation The email protocol needs to make a distinction between the header and the body and also between the relayÆs server information and the header of the message. When a user writes an email from a telnet connection, there is a small distinction between the header and the body. For example, the subject is entered in the body of the message and not in the header. This option is technical and a user will not see the difference in the mailÆs software. It is only in the structure of the message. The header will be entered separately from the data. AMTP adds the version of the protocol into the server information. It is used to specify the version of the protocol that the server used: Version 1.0 for SMTP and Version 2.0 for AMTP. By adding this parameter, a recipientÆs server can prevent a user from risks incurred. AN AMTP server can accept a message from a SMTP server and assign the version to the protocol into the server information. The server information is the same content of the header field ôReceived Fromö in the Simple Mail Transfer Protocol (SMTP). Using HTML tags into the message, the server will be able to detect directly the information it needs. The senderÆs server enters these tags. These HTML tags are: => : Contains the relayÆs server information . => : Contains the header information of the message . => : Contains the body information of the message . 6.2 RELAY Tag In the relay tag, the information about the relayÆs server is specified. The relayÆs server should enter information about the senderÆs server and the recipientÆs server using the header field ôRELAY FROM: TO BY ö. The recipientÆs server Crouzet Expires - October 20033 [Page 19] Authenticated Mail Transfer Protocol April 20033 information or the senderÆs server information could be a relayÆs server. With this information, it will be possible to identify a relayÆs server from the senderÆs server and to determine the route of the message. 6.3 HEAD Tag In the head tag, the information about the message is specified. A new header field is introduced in order to distinct the senderÆs server. The line ôSend to:ö is used to display the senderÆs server information. To avoid a hacker entering his/her data in the header of the message, this head tag is reserved to the senderÆs server. To implement this solution, an order of the line will be specified. This order will protect the message to be incorrect. The order is: => SenderÆs details: It is the line ôFrom: e-mail address < name >ö. => SenderÆs server: It is the line ôSend to:ö with the server information and the protocolÆs version. => Date: When the message has been written. => Message Identifier: It is the line ôMessage id: ö. => RecipientÆs details: It is the line ôTo: e-mail address < name >ö. => Subject: It is the subject of the message. => Other header: These lines are used to enter different headers that are not necessary to deliver an email. => MIME details: It is the details for the MIME protocol. In order to distinct the header information to the body information, a command HEAD is introduced. The user uses this command to enter MIME type information. For a simple text message in ASCII characters, the user can enter the header ôsubjectö into the body of the message using the command DATA. The header ôsubjectö will be added into the head tag. If a user does not type the command HEAD, the server detects a simple message and presents the email header correctly. The server adds the line ôsubjectö into the message and the content will be entered into the body tag. If a user enters the command HEAD, he can type his/her information about the message. The first lines of the header are reserved for the server. The server adds the header: ôFromö, ôSend Toö, ôDateö, ôMessage idö, and ôToö. After these lines, the user inserts his/her header that can be different information for instance MIME type. A user inputs the header ôsubjectö in this command. If he/she tries to add the header ôsubjectö in the message, it will be part of the message and not the header. 6.4 BODY Tag The body tag is used to enter the content of the message. Any information in this tag will be considered as body information. Crouzet Expires - October 20033 [Page 20] Authenticated Mail Transfer Protocol April 20033 This information will be displayed to the recipient as the message part. 6.5 Command Head A user types the command HEAD to enter the header details. This command is like the command DATA. The server replies with the code 354 to enter the header details. To finish entering the data, the user enters a dot. The server will close the header and wait for the command DATA. The message header is always in American Standard Code for Information Interchange (ASCII) character and no code has to be presented. 7. Authenticated Mail Transfer Protocol Commands 7.1 Optional Commands RSET The command RSET allows a user to reset any action that was already done. It allows a user to restart the transaction from the beginning. It is the same command described in RFC 2821. The reply codes are identical. NOOP The command NOOP allows a user to reset the time out timer. It is the same command described in RFC 2821. The reply codes are the same. HELP [] The command HELP gives a user some information about the command it provides. It gives back useful information to the client. It is the same command described in RFC 2821. The reply codes are identical. If a user enters a topic as a parameter, the system provides information on this topic. MORE TO: The command MORE TO allows a sender to add more recipientÆs addresses to the message without changing the first recipient or correcting any recipientÆs address entered wrong. The command RCPT TO gives the sender information about the validity of an email but does not correct the email. Using the command MORE TO, the sender corrects invalid emails. The parameter specifies multiple recipientÆs addresses separated by a coma (æ,Æ). HEAD The command HEAD separates the messageÆs header to the messageÆs body. This command is like the command DATA and needs no parameters. The server replies with the code 354 to enter the header details. When a user has finished entering his/her data, he/she enters a dot. 7.2 Obsolete Commands Mail From Crouzet Expires - October 20033 [Page 21] Authenticated Mail Transfer Protocol April 20033 The sender server manages this command and adds the sender address to the message. It is a hidden field like the ôreceived fromö field. EHLO Since a user has to be identified by the server, there is no point to keep this command but the result of the command EHLO is important. It gives helpful information about the serverÆs capabilities to the user. The result will be displayed after the user has been identified. TURN This command allows a client to become a server and the server to become the client. For security reasons, this command has been disabled. VRFY A user will be unable to verify an email address for security reasons. It is important to know and check an email address but today phone, letter or email communications can transmit email addresses. EXPN For security reasons, this command has been removed from the protocol. This command confirms that the argument is a mailing list. It is dangerous because a user can know the name of a mailing list and diffuse it. HELO This command comes from RFC 821 [11] and been replaced in RFC 2821 by the command EHLO. There is no point in keeping this command in the protocol. SEND It is rarely implemented. There is no point in keeping this command and since the protocol changed, this command is obsolete. SOML It is rarely implemented. There is no point in keeping this command and since the protocol changed, this command is obsolete. SAML It is rarely implemented. There is no point in keeping this command and since the protocol changed, this command is obsolete. 7.3 Order of commands There are restrictions on the order in which these commands may be used. A session starts with the command USER. After this, a user enters his/her username and password. The server accepts the client if he/she is identified and lets him/her continue the transaction. The server gives him/her its capabilities. The commands NOOP, HELP Crouzet Expires - October 20033 [Page 22] Authenticated Mail Transfer Protocol April 20033 and RSET can be used at any time during a session or without previously initialising a session. The command RCPT TO begins the construction of the email. It specifies the recipientÆs address or multiple recipient addresses. A user can add more addresses with the command MORE TO. The command MORE TO permits also a user to correct an email address. If a user has a complex messageÆs header, he/she enters the command HEAD. He/she continues in any case with the command DATA to send the email. The transaction can be aborted by the command RSET. There may be zero or more emails in the session. To close the connection, a user types the command QUIT. He/she requests the end of the session. 7.4 Authenticated Mail Transfer Protocol Procedures 7.4.1Simple Procedure A simple AMTP procedure for a user is: S: 220 AMTP >> Connection successful. S: 250 AMTP >> Received from: postgrad-bc 193.1.124.54. S: 250 AMTP >> C: user S: 250 AMTP >> Server Ready C: bct 123 S: 250 AMTP >> Welcome Brice CROUZET to the AMTP server. S: 250 AMTP >> SERVER CAPABILITIES. S: 250 AMTP >> C: rcpt to:jimmy.doody@master.com S: 250 Recipient accepted for "jimmy.doody@master.com" To add or correct a recipient address, please use the command MORE TO S: 250 AMTP >> C: data S: 354 Enter the data of the message. End with "." on a line by itself. C: Subject: AMTP Procedure 1 C: It is a simple AMTP procedure. C: . S: 250 Mail delivery successful for "jimmy.doody@master.com" S: 250 AMTP >> C: quit S: 221 Disconnection The email has been received: Crouzet Expires - October 20033 [Page 23] Authenticated Mail Transfer Protocol April 20033 From: brice.crouzet@master.com Send To: master.com (193.1.124.54); 09 April 2003 08:56:50 o'clock IST; Version: 2.0 Date: 09 April 2003 08:56:50 o'clock IST Message id: 1049998467218 To: jimmy.doody@master.com Subject: AMTP Procedure 1 It is a simple AMTP procedure. 7.4.2Procedure using optional commands An AMTP procedure using optional commands is: S: 220 AMTP >> Connection successful. S: 250 AMTP >> Received from: postgrad-bc 193.1.124.54. S: 250 AMTP >> C: user S: 250 AMTP >> Server Ready C: bct 123 S: 250 AMTP >> Welcome Brice CROUZET to the AMTP server. S: 250 AMTP >> SERVER CAPABILITIES. S: 250 AMTP >> C: help S: 214 This is an AMTP Server. 214 Topics: 214 QUIT HELP RCPT HEAD DATA RSET NOOP S: 250 AMTP >> C: help data S: help for DATA S: S: 250 AMTP >> C: noop S: 250 AMTP >> Noop OK S: 250 AMTP >> C: rcpt to:jimmy.doody@master.com S: 250 Recipient accepted for "jimmy.doody@master.com" To add or correct a recipient address, please use the command MORE TO S: 250 AMTP >> C: more to:brice.crouzet@master.com S: 250 Recipient accepted for "brice.crouzet@master.com" To add or correct a recipient address, please use the command MORE TO S: 250 AMTP >> Crouzet Expires - October 20033 [Page 24] Authenticated Mail Transfer Protocol April 20033 C: head S: 354 Enter the header of the message. End with "." on a line by itself. C: Subject: AMTP Procedure 2 C: . S: 250 Head Command Accepted S: 250 AMTP >> C: data S: 354 Enter the data of the message. End with "." on a line by itself. C: Subject: Test C: It is an AMTP procedure using optional commands. C: . S: 250 Mail delivery successful for "jimmy.doody@master.com", "brice.crouzet@master.com" S: 250 AMTP >> C: quit S: 221 Disconnection The email has been received: Email 1: From: brice.crouzet@master.com Send To: master.com (193.1.124.54); 09 April 2003 09:00:17 o'clock IST; Version: 2.0 Date: 09 April 2003 09:00:17 o'clock IST Message id: 1049998673855 To: jimmy.doody@master.com Subject: AMTP Procedure 2 Subject: Test It is an AMTP procedure using optional commands. Email 2: From: brice.crouzet@master.com Send To: master.com (193.1.124.54); 09 April 2003 09:00:17 o'clock IST; Version: 2.0 Date: 09 April 2003 09:00:17 o'clock IST Message id: 1049998673895 To: brice.crouzet@master.com Subject: AMTP Procedure 2 Crouzet Expires - October 20033 [Page 25] Authenticated Mail Transfer Protocol April 20033 Subject: Test It is an AMTP procedure using optional commands. 7.4.3Procedure with RSET command AN AMTP procedure using the RSET command is: S: 220 AMTP >> Connection successful. S: 250 AMTP >> Received from: postgrad-bc 193.1.124.54. S: 250 AMTP >> C: user S: 250 AMTP >> Server Ready C: bct 123 S: 250 AMTP >> Welcome Brice CROUZET to the AMTP server. S: 250 AMTP >> SERVER CAPABILITIES. S: 250 AMTP >> C: rcpt to:jimmy.doody@master.com S: 250 Recipient accepted for "jimmy.doody@master.com" To add or correct a recipient address, please use the command MORE TO S: 250 AMTP >> C: rset S: 250 AMTP >> Reset OK S: 250 AMTP >> C: data S: 503 Need RCPT before DATA "data". S: 250 AMTP >> C: rcpt to:brice.crouzet@master.com S: 250 Recipient accepted for "brice.crouzet@master.com" To add or correct a recipient address, please use the command MORE TO S: 250 AMTP >> C: data S: 354 Enter the data of the message. End with "." on a line by itself. C: Subject: AMTP Procedure 3 C: It is an AMTP procedure using RSET command. C: . S: 250 Mail delivery successful for "brice.crouzet@master.com" S: 250 AMTP >> C: quit S: 221 Disconnection The email has been received: Crouzet Expires - October 20033 [Page 26] Authenticated Mail Transfer Protocol April 20033 From: brice.crouzet@master.com Send To: master.com (193.1.124.54); 09 April 2003 09:02:13 o'clock IST; Version: 2.0 Date: 09 April 2003 09:02:13 o'clock IST Message id: 1049998790603 To: brice.crouzet@master.com Subject: AMTP Procedure 3 It is an AMTP procedure using RSET command. 8. Authenticated Mail Transfer Protocol Reply codes 8.1 New Reply Codes Reply codes are important for a server and a user because it permits them to know if the transaction is correct or not. The reply code 555 informs the server for any errors that occur between two servers. The error permits the server to take action of it. There are four types of error: during the Identified state, during the transaction to send an email (Email State) and during the transaction between two servers for the commands SELO and SEMA. For the Identified state, the reply codes are: => 503 Use the Command USER before other commands. => 401 User unknown û Enter the user information again - only 3 times. => 505 User does not exist û Connection close. => 250 User Accepted. When the user sends an email, the reply codes are: => 501 The email is wrong. => 551 User not local. => 250 Server Ready. When the server uses the command SELO, the reply codes are: => 555 Selo command error û Recipient Unknown, Argument missing, Command Unknown or Result Unknown. => 250 Selo Accepted. => 250 Mail accepted for delivery. When the server uses the command SEMA, the reply codes are: => 555 Sema command error û Argument missing, Mail does not exist, Command Unknown or Result Unknown. => 555 Mail error. => 250 Sema Accepted. => 250 Mail delivered. Crouzet Expires - October 20033 [Page 27] Authenticated Mail Transfer Protocol April 20033 8.2 Reply Codes from Request For Comment 2821 Positive Completion replies are: => 211 System status or system help reply. => 214 Help message. => 220 Service ready. => 221 Service closing transmission channel. => 250 Requested mail action okay, completed. => 251 User not local. => 252 Cannot VRFY user, but will accept message and attempt delivery. Positive Intermediate reply is: => 354 Start mail input; end with. Transient Negative Completion replies are: => 421 Service not available, closing transmission channel. => 450 Requested mail action not taken: mailbox unavailable. => 451 Requested action aborted: local error in processing. => 452 Requested action not taken: insufficient system storage. Permanent Negative Completion replies are: => 500 Syntax error, command unrecognized. => 501 Syntax error in parameters or arguments. => 502 Command not implemented. => 503 Bad sequence of commands. => 504 Command parameter not implemented. => 550 Requested action not taken: mailbox unavailable. => 551 User not local; please try. => 552 Requested mail action aborted: exceeded storage allocation. => 553 Requested action not taken: mailbox name not allowed. => 554 Transaction failed. 9. Authenticated Mail Transfer Protocol Information 9.1 Advantages The main advantage is that the AMTP server knows the user. It allows a server to identify and trust a sender. The two servers listen to the port 26 and are able to answer any commands. The difference that exists with the old protocol is that the recipient server has be working to receive the email. The recipient server needs to establish a connection with the sender server in order to retrieve the message. This transaction allows the senderÆs server to validate the senderÆs address. The other advantage is that a user is not concerned about the danger. The result of an attack will concern only the AMTP server. In order to deliver an email, the transaction has to go through every step of process. If the transaction detects any error in the process, the Crouzet Expires - October 20033 [Page 28] Authenticated Mail Transfer Protocol April 20033 server will stop the transaction with the client. It is important to ensure the security for the user. To find the number and the recipient address is a very high difficult task. These two parameters depend on the sender server and the user. It is possible to find the algorithm that produced the number but it will be difficult to find the recipient address and the number together. The recipient address depends on the sender and the number will depend on the number of messages sent. These numbers are stored in the server, where it is difficult to crack the database. 9.2 Disadvantages To send an external email takes longer and needs two connections. The two servers concerned have to establish a connection between each other. It takes more time to do this than SMTP. The big inconvenient is the time taken. It does not take longer than with Simple Mail Transfer Protocol but to transfer an email is a complete and secure transaction. The main problem is the number of connections between the two servers. The result of a high number of connections can be a Denial of Service attack. The server has to respond to two different types of connection: a user and a server. The server needs more resources to complete the transaction. There are three server queues. The first queue is to inform the recipient server. The second queue is to retrieve the message with the number. The third queue is to write the email in the recipient mailbox. The AMTP server will be busy and need more resources. Today, the resource allows computers to do this. The problem comes from the bandwidth of the network. 9.3 Denial of Service (DoS) The Denial of Service attack is characterised by an explicit attempt by attackers to prevent legitimate users of a service from using that service. Attackers: => Attempt to overflow a network, => Attempt to disrupt connections between 2 computers, => Attempt to prevent a particular individual from accessing a service or => Attempt to disrupt service to a specific system. In the case of Authenticated Mail Transfer Protocol, the result of the attack is that the server should be unable to transfer a mail. To increase the number of connections to the server can attack the server. In order to prevent this type of attack, the server has to analyse connections to the server, especially when they have failed. With the connection, the server can find the sender and block him/her. It is possible to implement a firewall to block the incorrect packet, for example, when IP address is incorrect or when the result of Crouzet Expires - October 20033 [Page 29] Authenticated Mail Transfer Protocol April 20033 commands SEMA and SELO have failed. The administrator has to observe the serverÆs performance and to establish an ordinary level. The Denial of Service attack can be terrible for everybody. In any case, the server needs a backup server in order to still be able to work when a DoS attack occurs. The service will keep on transferring the message. The administrator determines the origin of the attack and kills the attackerÆs connections. 9.4 Hackers A hacker has to run an AMTP server on port 26. It is more difficult for him/her because only one programme can listen to the port 26. A hacker cannot implement a programme on an AMTP server. Moreover, he/she cannot use a telnet connection to send an anonymous email or create a fake AMTP server on a computer without a port 26. A hacker can use a Denial of Service attack. Then, the AMTP server will be allowed to answer any transaction, which is dangerous. A hacker will use the command used by the server to attack the server. This will be impossible to do because the hacker has to know the number of the message and the recipient address, which he/she does not. It is impossible to determine these parameters. If the hacker tries too many times, the server will discover the attack and close the connection. It is impossible for the user to be attacked. If a hacker tries to use the command SELO, it will result in an error or in a connection to a server without an email to retrieve. An error appears if a hacker does not use an AMTP server. The recipientÆs server will be unable to connect to any userÆs computer. In case a hacker uses an AMTP server, the recipientÆs server cannot retrieve an email except if the hacker has his/her own mail server. In this case, the administrator knows exactly where a hacker is and what computer he/she is using. If a hacker tries to use the command SEMA, it will result in an error. A hacker has to know two arguments: the recipientÆs address and the number. If these two arguments are correct and save into the database of the senderÆs server, the email will be given. If not, an error will occur and a hacker gets nothing. 9.5 Protections A server is protected when it pays attention to the number of failed connections. The programme provided by a hacker will result an error. It is impossible for a server to be wrong except if the connection fails which is a different error. The user is protected because he/she cannot receive anonymous email. This means the end of anonymous emails and the frustration that a user can have, because he/she does not know what to do about it. Crouzet Expires - October 20033 [Page 30] Authenticated Mail Transfer Protocol April 20033 9.6 Trace When a mail is sent, the AMTP server will keep a trace of the message into its database. It uses the ômessage idö field to identify the message. The sender database contains a table with the sender address, the IP address of the sender and the ômessage idö field. This information helps an administrator to recognise the original sender of a message. It also keeps the IP address of the sender secret. 9.7 Testing To make sure a hacker cannot send an email to the server, the server has been tested. A user has to be identified to the server if he/she wants to send or to read an email. A hacker has to know a username and a password from the server. Except through this door, a hacker cannot send an email. If a hacker uses the command SELO, he/she has two choices. The first choice is to run the command from a computer without any AMTP server. The AMTP server will never go into the next step. It never runs the command SEMA. If a hacker is connected to the AMTP server and tries to run the command SELO, the transaction will be aborted because there is no message waiting in the AMTP server for the hacker. Again, a hacker has to find these two parameters (number and recipient address), which is not an easy task. If a hacker uses the command SEMA, he/she can run the command from an AMTP server or from a telnet connection. Nothing will happen. The transaction will be disconnected because no message exists. The transaction occurs correctly if an email is waiting to be retrieved. It means that the number and recipient are correct and that the email exists in the server. It is a very secured transaction. 9.8 Communication between AMTP and SMTP The communication between the new protocol (AMTP) and the existing protocol (SMTP) is impossible since the commands and procedures changed. The user to server communication is operational because a user establishes a connection to AMTP or SMTP. The server-to-server is non operational because the AMTP server cannot answer any SMTP commands. It is possible to implement SMTP commands inside an AMTP server but it will obsolete AMTP. A solution can be to allocate a new port to AMTP like the port 26. If the port 26 is opened on the recipientÆs server, the AMTP server establishes a connection to the server using AMTP. If the port 26 is closed and the port 25 is opened on the recipientÆs server, the AMTP server establishes a connection to the server using SMTP. The port 26 can be used as a transition step to replace SMTP. AMTP can create a local network for the transfer of mail between researcher, institutes, college or companies who cares about security. Crouzet Expires - October 20033 [Page 31] Authenticated Mail Transfer Protocol April 20033 10. Conclusion There is one solution to identify a user by a server. The Authenticated Mail Transfer Protocol server needs to know the user before it can proceed a transaction with him/her. The transaction between two servers takes time and needs more resources. The solution offers the guarantee that the sender exists and avoids anonymous email, which is the goal reached. It is a major step to proceed to the success of the masters thesis. Authenticated Mail Transport Protocol contains three client-to-server states (Identified, Email and Logout States) and two server-to-server (Information and Retrieved States). It is important to have all these states because it allows a server to identify a user. The header of the email is completely different from the data of the message. With the separation of the header from the data and the command HEAD, Authenticated Mail Transfer Protocol is able to make a difference between the header and the body of an email. Authenticated Mail Transfer Protocol adds and removes commands from Simple Mail Transfer Protocol. It can also add reply codes. There are some advantages and disadvantages to this solution. The hacker will find it more difficult to crack Authenticated Mail Transfer Protocol with these new states. The user is more protected compared to Simple Mail Transfer Protocol, but the server is more exposed. Far from being the only solution, it has the merit of stopping anonymous mail. Security Considerations Security Considerations has been described during this document. References Appendix Appendix A: Acronyms ASCII=> American Standard Code for Information Interchange (ASCII) is the most common format for text files in computers and on the Internet. In an ASCII file, each alphabetic, numeric, or special character is represented with a 7-bit binary number (a string of seven 0s or 1s). 128 possible characters are defined [15]. DNS => Domain Name System (DNS) is a distributed system of having the data at different locations and is effectively a database of mappings between the names that computer are known as and their IP addresses. Crouzet Expires - October 20033 [Page 32] Authenticated Mail Transfer Protocol April 20033 In order to communicate with a system one's computer must get the IP address of the computer it wants to talk to from the DNS first. These are stored in the DNS in what are known as A records [16]. IP => Internet Protocol (IP) is designed for use in interconnected systems of packet-switched computer communication networks. The IP provides for transmitting blocks of data called datagramÆs from sources to destinations, where sources and destinations are hosts identified by fixed length addresses. The IP also provides for fragmentation and reassemble of long datagramÆs, if necessary, for transmission through "small packet" networks [9]. MIME => Multipurpose Internet Mail Extensions (MIME) is an extension of the original Internet email protocol that lets people use the protocol to exchange different kinds of data files on the Internet. The type of data can be audio, video, images, application programs, and other kinds, as well as the ASCII handled in the original protocol (SMTP). [2] and [6]. RFC => Request For Comment (RFC) forms a series of notes, started in 1969, about the Internet. The notes discuss many aspects of computer communication, focusing on networking protocols, procedures, programmes, and concepts but also including meeting notes, opinion, and sometimes humour [12]. SMTP => Simple Mail Transfer Protocol (SMTP) is to transfer any mail from a client to a server and is defining in RFC 0821 [11] and RFC 2821 [5]. The protocol used the port 25 to receive the data and the TCP/IP protocol to transport the data in the network. TCP => Transmission Control Protocol (TCP) is intended for use as a highly reliable host-to-host protocol between hosts in packet- switched computer communication networks, and in interconnected systems of such networks [10]. Appendix B: Terminology => A mail, email, message or electronic mail represents a message sent across the network from one person to another. => Anonymous email is email that has been directed to a recipient through a third-party server that does not identify the originator of the message. => Client refers to the user software. => Command represents a specific order from a user to an application to perform a service. => Hacker is a person who tries to break into the computer system. => Mail Agent System represents a system to manage the mail (write, read, delete and send). => Authenticated Mail Transfer Protocol characterises the Simple Mail Transfer Protocol version 2. Crouzet Expires - October 20033 [Page 33] Authenticated Mail Transfer Protocol April 20033 => Protocol or standard represents a set of rules for a subject. => Recipient represents the user who receives a mail and is in the server side. => SA represents a SMTP server where the sender is known. => SB represents a SMTP server where the recipient is located. => Sender represents the user who sends a mail and is in the client side. => Server represents the application running from the server side. => Spam is unsolicited email on the Internet. => Transaction is an exchange of information between 2 servers or a server and a user. => User is used to refer to a human user. => Workstation represents a userÆs computer. Author's Addresses Brice Crouzet (PK4) Institute of Technology Tallaght Tallaght Dublin 24 Ireland Phone: + 353 (0) 14 04 23 45 Fax: + 353 (0) 14 04 20 00 E-mail: brice.crouzet@it-tallaght.ie Copyright Notice Copyright (C) The Internet Society (date). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION Crouzet Expires - October 20033 [Page 34] Authenticated Mail Transfer Protocol April 20033 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE." Crouzet Expires - October 20033 [Page 35]