Ineternet Messaging Protocols:SMTP,IMAP, POP3 and S/MIME

Simple Mail Transfer Protocol(SMTP)

SMTP

standard e-mail protocol on the internet where email data packets are transferred from one networked machine to another.

was originally designed for only plain text (ASCII text), but MIME and other encoding methods enable executable programs and multimedia files to be attached to and transported

mail servers use SMTP for both sending and receiving mails, whereas, user-end clients only use SMTP for submitting mails or sending

SMTP Model

User

File System

Client-SMTP

Server-SMTP File

System

SMTP Client

SMTP Server

and Mail

SMTP

Commands/Replies

sending MUA → MSA → sending MTA → receiving MTA → MDA → Mailstore for retrieval by MUA

Operation

When an SMTP client has a message to transmit, it establishes a two-way transmission channel to an SMTP server. The responsibility of an SMTP client is to transfer mail messages to one or more SMTP servers.

Once the transmission channel is established and initial handshaking completed, the SMTP client normally initiates a mail transaction. Such a transaction consists of a series of commands.

Basic Commands

HELO/EHLO - Initial State Identification MAIL- Mail Sender Reverse Path RCPT - One Recipient’s Forward Path DATA - Mail Message Text State RSET - Abort Transaction and Reset all buffers NOOP - No Operation QUIT- Commit Message and Close Channel

Disadvantages does not require authentication. It is this

characteristic of SMTP that makes junk email or spam possible

One problem relates to message length. Some older implementations cannot handle messages exceeding 64KB.

Another problem relates to timeouts. If the client and server have different timeouts, one of them may give up while the other is still busy, unexpectedly terminating the connection.

ESMTP

provides a mechanism for email clients to specify a security mechanism to a mail server, authenticate the exchange, and negotiate a security profile (Simple Authentication and Security Layer, SASL) for subsequent message transfers.

Modern clients may use the ESMTP extension keyword SIZE to query the server for the

maximum message size that will be accepted

Post Office Protocol(POP)

POP3

standard e-mail protocol used by local e-mail clients to retrieve e-mail from a remote server over a TCP/IP connection

E-mail client using POP3 connect to server, retrieve messages and download them to PC, deletes them from the server and disconnect.

Listens to port 110 by default. POP3 transferred emails are secured by SSL or TLS. Two ways for authorization

Using “USER and PASS” which is not safe as password is sent in plain text

APOP: MD5 hashes are generated on a block of data that contains the password and random data (pid.clock@hostname). It is the hash that is sent to the server to prove that the user knows the password. 

POP3 Telnet

telnet pop3server 110 USER userid PASS password STAT LIST {message number} RETR message-id DELE message-id RSET message-id QUIT

Internet Message Access Protocol (IMAP)

IMAP

standard e-mail protocol used by local e-mail clients to retrieve e-mail from a remote server over a TCP/IP connection.

supports both on-line and off-line modes of operation.

leaves messages on to server while client can store local copies.

more than one client can connect at the same time.

IMAP protocol based on a TCP connection (port 143).

Procedure of the IMAP protocol

All emails are kept on a mail server Functionality:

Treat as local directory work directly on server copy delete different folders

download message headers and later on the full messages

Different states of an IMAP session

Most commands are only valid in special states (otherwise: protocol error)

4 states (initialization is not an own state) Non-Authenticated : when TCP connection is

established. Authenticated : on authenticating Selected : on selecting a mailbox Logout, Closed : on logging out of the IMAP server.

Flags

List of token associated with the message that is sent by the server

Set by addition of message to list and cleared on removal.

Types ( either of them can be permanent or session only)

System flag: predefined in IMAP specification and begin with ‘\’. Eg: \Seen, \Deleted, \Answered…

Keywords: defined by server implementation and don’t begin with ‘\’

IMAP Telnet

telnet imap.server.com 143 1 Login userid pass 2 list “” * 3 delete mailbox1 4 rename mailbox1 mailbox2 5 Fetch 1:* 6 select inbox/mailbox1 7 logout

POP3 v/s IMAP

POP3 IMAP

Downloads all messages during ‘check new mail’ process.

Downloads only headers and when clicked loads full body.

Connects to server once when checking for mails.

Have to remain connected forever.

Only one client can access. Multiple clients can access.Mailboxes can be created only in PC.

Multiple mailboxes can be created on to server.

Outgoing mail stored on to PC. Outgoing mail stored in sent folder of server (optional).

Messages deleted from PC. Messages deleted directly from the server.

Server side searching not possible Server side searching possible

Messages retrieved from the hard drive and hence fast.

Comparatively slower since retrieving from server.

Secure Multipurpose Internet Mail Extension

(S/MIME)

is a security enhancement to the MIME Internet e-mail format standard

is not restricted to mail; it can be used with any transport mechanism that transports MIME data, such as HTTP.

based on technology from RSA Security Uses PKCS7 (Public Key Cryptography Standard) S/MIME provides the following cryptography security services:

Authentication. Message Integrity. (By using digital signing) Non-repudiation of origin. Privacy and data security. (By using encryption)

S/MIME

S/MIME Functions

Enveloped data: This consists of encrypted content of any type and encrypted content

encryption keys for one or more users. This functions provides privacy and data security.

Signed data: standard digital signature (“hash and sign”) content + signature is encoded using base64 encoding

Clear signed data: standard digital signature only the signature is encoded using base64

Signed and enveloped data: signed and encrypted entities may be nested in any order

S/MIME - Certificates

Before S/MIME can be used, one must obtain and install an individual key/certificate either from certificate authority (CA) or from a public

CA. a certificate can only be trusted if:

every certificate in the chain is successfully verified. every CA in the certificate chain is trusted.

The End