Mail Working Group Jack De Winter, Director Internet Draft Wildbear Consulting, Inc. SMTP Service Extension for Remote Message Queue Starting June 26, 1995 1. Status of this Memo This document is an Internet-Draft. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." To learn the current status of any Internet-Draft, please check the "1id-abstracts.txt" listing contained in the Internet- Drafts Shadow Directories on ds.internic.net (US East Coast), nic.nordu.net (Europe), ftp.isi.edu (US West Coast), or munnari.oz.au (Pacific Rim). Distribution of this document is unlimited. Please send comments to the proposed HTTP working group at . Discussions of the working group are archived at . General discussions about HTTP and the applications which use HTTP should take place on the mailing list. 2. Abstract This memo defines an extension to the SMTP service whereby an SMTP client and server may interact to give the server an opportunity to start the processing of its queues for messages to go to a given host. This is an attempt to fix the security problems with the TURN by creating a new command ETRN that places the emphasis on the server instead of the connection. This extension is meant to be used in startup conditions as well as for mail nodes that have transient connections to their service providers. 3. Introduction The TURN command was a valid attempt to address the problem of having to start the processing for the mail queue on a remote machine. However, the TURN command presents a lrage security loophole. As there is no verification of the remote host name, the TURN command could be used by a rogue system to download the mail for a site other than itself. Therefore, this memo introduces the ETRN command. This command uses the mechanism defined in [4] to define extensions to the SMTP service whereby a client ("sender-SMTP") may request that the server ("receiver-SMTP") start the processimg of its mail queues for messages that are waiting at the server for the client machine. If any messages are at the server for the client, then the server should create a new SMTP session and send the messages at that time. 4. Framework for the ETRN Extension The following service extension is therefore defined: (1) the name of the SMTP service extension is "Remote Queue Processing Declaration"; (2) the EHLO keyword value associated with this extension is "ETRN"; (3) one additional command, ETRN, with a single parameter that specifies the name of the client to start processing for (4) no additional SMTP verbs are defined by this extension. The remainder of this memo specifies how support for the extension affects the behavior of an SMTP client and server. 5. The Remote Queue Processing Declaration service extension To save money, many small companies want to only maintain transient connections to their service providers. In addition, there are some situations where the client sites depend on their mail arriving quickly, so forcing the queues on the server belonging to their service provider may be more desirable than waiting for the retry timeout to occur. Both of these situations could currently be fixed using the TURN command defined in [1], if it were not for a large security loophole in the TURN command. As it stands, the TURN command will reverse the direction of the SMTP connection and assume that the remote host is being honest about what its name is. The security loophole is that there is no stipulation for checking the authenticity of the remote host name, as given in the HELO or EHLO (for the ESMTP extensions in [4]). This has been addressed in the design of the ETRN command. This extended turn command was written with the points in the first paragraph in mind, yet paying attention to the problems that currently exist with the TURN command. The security loophole is avoided by placing the focus on the server to start a new connection aimed at the specified client. In this manner, the server has a lot more certainty that it is talking to the correct SMTP client. This mechanism can just be seen as a more immediate version of the retry queues that appear in most SMTP implementations. In addition, as this command will take a single parameter, the name of the remote host to start the queues for, the server can make a decision as to whether it wishes to respect the request or deny it for administrative reasons. 6. Definitions The term remote queue processing is meant to reflect the manner in which a server implementation of the SMTP protocol maintains its queue of messages that it currently cannot send to the proper hosts. This method reflects the wishes of that remote host, as reflected by the MX records, and most likely will reflect that the local host is listed in the MX records or that there is no MX record for the remote host. The remote host name is defined to be a plain-text field that specifies a fully qualified domain name for the remote host. This remote host name may also include an alias for the specified remote host. 7. The extended ETRN command The extended ETRN command is issued by a client when it wishes to start the SMTP queue processing of a remote host. The syntax of this command is as follows: ETRN This command may be issued at any time during a SMTP session, except when in the middle of transferring a message using the DATA command. The specified node name must be a fully qualified domain name for the node, but may include an alias for the local node. If an alias is used for the node, multiple ETRN commands may be needed to start the processing for the node as it may be listed at the remote site under multiple names. 7.1 Server action on receipt of the extended ETRN command When the server receives the ETRN command, it should have a look at the node name that is specified in the command and make a local decision if it should respect the node name. If not, the appropriate error codes should be returned to the client. Otherwise, the server should start force its retry queues to start sending messages to that remote site, using another SMTP connection. At the moment, there is no definition that a connection must occur, even in the case of there being no messages for the client at the server site. Seeing as the processing of the queues may take an indeterminate amount of time, this command should return immediately with a response to the client side. The valid return codes for this command are: 250 OK, queuing for node started 458 Unable to queue messages for node 459 Node not allowed: 550 Syntax Error 551 Syntax Error in Parameters 7.2 Client action on receiving response to extended ETRN command If one of the 500 level error codes (550 or 551) are sent, the client should assume that the protocol is not supported in the remote site or that the protocol has not been implemented correctly on either the client or server site. In this case, multiple ETRN commands (dealing with the aliases for the system) should not be sent. If the 250 response is received, then the client can assume that the server found its request to be satisfactory and it will send any queued messages. This process may involve going through a very large retry queue, and may take some time. If the 400 level response is received, then the client can assume that the server supports the command, but for some local reason does not want to accept the ETRN command as is. In most cases, it will mean that there is a list of nodes that it will accept the command from and the current client is not on that list. The 459 response code is presented to allow for a more indepth reason as to why the remote queuing cannot be started. 8. Minimal usage A "minimal" client may use this extension to simply force its empirical name to be used to start the queues on the remote host. This minimal usage will not handle cases where mail for 'x.y' is sent to 's.x.y' which is aliased through a firewall or simple for local site management reasons. A minimal server may use this extensions to start the processing of the queues for all remote sites. In this case, the 458 error response will not be seen, and it should always return the 250 response as it will always try and start the processing for any request. 9. Example The following example illustrates the use of remote queue processing with some permanent and temporary failures. S: C: S: 220 sigurd.innosoft.com -- Server SMTP (PMDF V4.2-6 #1992) C: EHLO ymir.claremont.edu S: 250-sigurd.innosoft.com S: 250-EXPN S: 250-HELP S: 250 ETRN C: ETRN S: 550 Syntax Error C: ETRN localname S: 551 Syntax Error in Parameters C: ETRN uu.net S: 458 Unable to queue messages for node uu.net ... C: ETRN sigurd.innosoft.com S: 250 OK, queuing for node sigurd.innosoft.com started C: ETRN innosoft.com S: 250 OK, queuing for node innosoft.com started ... C: ETRN foo.bar S: 459 Node foo.bar not allowed: Unable to resolve name. ... C: QUIT S: 250 Goodbye 10. Security considerations This command does not compromise any security considerations of any existing SMTP or ESMTP protocols as it merely shortens the time that a client needs to wait before their messages are retried. 11. Acknowledgements This document was created with lots of support from the users of our products, who have given some input to the functionality that they would like to see in the software that they bought. 11. References [1] J. B. Postel. Simple Mail Transfer Protocol. Request for Comments 821, August 1982. [2] D. H. Crocker. Standard for the Format of ARPA Internet Text Messages. Request for Comments 822, August 1982. [3] K. Moore. Representation of Non-ASCII Text in Internet Message Headers. Request for Comments 1522, September 1993. [4] M. T. Rose, E. A. Stefferud, D. H. Crocker, John C. Klensin, Ned Freed. SMTP Service Extensions. Internet-draft, April 1995. [5] C. Partridge. Mail Routing and the Domain System. Request for Comments 974, January 1986. 12. Chair, editor, and author addresses John Klensin, WG Chair MCI 2100 Reston Parkway Reston, VA 22091 tel: +1 703 715-7361 fax: +1 703 715-7436 email: klensin@mci.net Ned Freed, Editor Innosoft International, Inc. 1050 East Garvey Avenue South West Covina, CA 91790 USA tel: +1 818 919 3600 fax: +1 818 919 3614 email: ned@innosoft.com Jack De Winter Wildbear Consulting, Inc. 8-589 Beechwood Drive Waterloo, Ontario, Canada N2T 2K9 tel: +1 519 886 3683 email: jack@wildside.kwnet.on.ca