CT320: Network and System Administration

Fall 2019

Email

Show Lecture.Email as a slide show.

CT320 Email

📧 Thanks to:

for contents of these slides

Topics

  1. Terminology
  2. Anatomy of a Mail Message
  3. Components of an E-mail System
  4. SMTP
  5. IMAP & POP
  6. E-mail Addresses
  7. Mail Policies

Nomenclature

Terminology

AcronymExpansionDescription
MUAMail User AgentInteracts with the end user
MSAMail Submission Agent Submits the mail to an MTA
MTAMail Transfer AgentTransfers mail between hosts
MDAMail Delivery AgentPuts the email in a mailbox
MRAMail Retrieval AgentRetrieves the email from an MTA

MUA

MTA

MSA

MDA

Why might this be a separate program? What was the benefit?

MRA

Overview

Traditional path
MUA → MTA → … → MTA → MUA
Expanded path
MUA → MSA → MTA → … → MTA → MDA ⇒ MRA ⇒ MUA
(where → is a push step and ⇒ is a pull step)

The difference between push and pull concerns exactly who initiates the transfer.

Multiple MTAs

Internet E-mail System

    ┌──────────────┐                 ┌───────────────┐
    │ GMail server │ ◁····HTTPS····▷ │ Todd’s laptop │
    └──────────────┘                 │ using Chrome  │
            △                        └───────────────┘
            :
           SMTP
            :
            ▽
    ┌────────────────┐ ····IMAP····▷ ┌───────────────────┐
    │ Comcast server │               │ Jack’s laptop     │
    └────────────────┘ ◁····SMTP···· │ using Thunderbird │
            △                        └───────────────────┘
            :
           SMTP
            :
            ▽
      ┌───────────┐ ····POP3····▷ ┌───────────────────────┐
      │ HP server │               │ Mary Jo’s workstation │
      └───────────┘ ◁····SMTP···· │ using Outlook         │
                                  └───────────────────────┘

Message Store

Mail Access Agents

POP3

IMAP

Mail User Agents

Mail Addressing

UUCP Routing

Ports

Aliases

$ cat ~/.forward
Applin@ColoState.Edu

Common Headers

HeaderPurpose
From: whoWho sent the message
To: who, whoWho receives the message
Cc: who, whoWho else receives the message
Bcc: who, whoWho else receives the message
Reply-To: whoWho you should reply to
Date: whenWhen the message was created
Message-ID: id-stringA unique ID for the message
Subject: whateverThe topic
Received: infoIdentify each way-station

Body

MIME

Multipurpose Internet Mail Extensions

Multipart Message

Here’s how to have multiple representations of the same message. This way, we have a plain text version for a primitive mail reader, and an HTML representation for a mail reader that can handle HTML.

    Content-Type: multipart/alternative; boundary=zot

    This is a message with multiple parts in MIME format.
    --zot
    Content-Type: text/plain

    I really like comic books.
    --zot
    Content-Type: text/html

    I <em>really</em> like
    <font color=red>comic books</font>.
    --zot--

Envelope

MTAs

An example

👴💻
Jack
👧💻
Janelle

Example

👴💻
Jack
🏢
Comcast
🏢
U of M
👧💻
Janelle

Jack sends message to Janelle, part one

👴💻
Jack
🏢
Comcast
🏢
U of M
👧💻
Janelle
  1. Jack composes email message; provides Janelle’s email address to his MUA.
  2. Jack’s MUA (Thunderbird) creates a TCP SMTP connection to Jack’s mail server at Comcast.
  3. Jack’s MUA pushes message to Comcast.
  4. Comcast queues up message for a suitable time to deliver.

Jack sends message to Janelle, part two

👴💻
Jack
🏢
Comcast
🏢
U of M
👧💻
Janelle
  1. Comcast creates a TCP SMTP connection to U of M.
  2. Comcast pushes the message to the U of M mail server..
  3. Janelle’s MUA uses a client POP3/IMAP/HTTP connection to the U of M mail server.
  4. Janelle uses her MUA to retrieve the email message.
  5. To reply, reverse the process.

Email header

Email header (envelope)

Date: Wed, 16 Jun 2004 12:34:49 +0200
From: Marta Oliva <oliva@eps.udl.es>
To: Dr. Indrajit Ray <indrajit@CS.ColoState.EDU>
Subject: Re: Registration to the 18th Annual IFIP WG
    11.3 WC on Data and Application Security, 2004

Email header (full)

Received: from mailr3.udl.es (mailr3.udl.es [193.144.10.36])
	by chico.cs.colostate.edu (8.12.10/8.12.9) with ESMTP id i5GAYmvN008288
	for <indrajit@CS.ColoState.EDU>; Wed, 16 Jun 2004 04:34:50 -0600 (MDT)
Received: from eps.udl.es (fermat.udl.net [10.50.54.28])
	by mailr3.udl.es (8.11.6/8.11.6) with ESMTP id i5GAYga31371
	for <indrajit@CS.ColoState.EDU>; Wed, 16 Jun 2004 12:34:42 +0200
Received: from eps.udl.es by eps.udl.es (8.8.8+Sun/SMI-SVR4)
	id MAA22736; Wed, 16 Jun 2004 12:34:40 +0200 (MET DST)
Message-ID: <40D02249.6090105@eps.udl.es>
Date: Wed, 16 Jun 2004 12:34:49 +0200
From: Marta Oliva <oliva@eps.udl.es>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.4)
	Gecko/20030624 Netscape/7.1 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "Dr. Indrajit Ray" <indrajit@CS.ColoState.EDU>
Subject: Re: Registration to the 18th Annual IFIP WG 11.3 WC on Data and
	Application Security, 2004
References: <40CDD679.3060008@eps.udl.es>
	<Pine.GSO.4.58.0406151344360.18975@salieri.cs.colostate.edu>
In-Reply-To: <Pine.GSO.4.58.0406151344360.18975@salieri.cs.colostate.edu>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Displaying email headers

Generation of email headers (1)

Let’s consider email sent from Alice to Bob.

Here are the initial headers, as created by Alice’s MUA running on salieri.cs.colostate.edu:

    From: alice@cs.colostate.edu (Alice The Great)
    To: bob@isse.gmu.edu
    Date: Fri, 18 Jun 2004 10:22:55 -0600 (MDT)
    X-Mailer: Pine v2.32
    Subject: Conference call today?

Now, the message is handed off to an MTA on chico.cs.colostate.edu

Generation of email headers (2)

The MTA on salieri adds some headers:

    Received: from salieri.cs.colostate.edu (salieri.cs.colostate.edu [129.82.45.76] by
        chico.cs.colostate.edu (8.12.10/8.12.9) id i5IGMtv0004345
    From: alice@cs.colostate.edu (Alice The Great)
    To: bob@isse.gmu.edu
    Date: Fri, 18 Jun 2004 10:22:55 -0600 (MDT)
    Message-ID: <Pine.GS0.4.58.0406181022460@salieri.cs.colostate.edu>
    X-Mailer: Pine v2.32
    Subject: Conference call today?

The message is then transmitted from chico.cs.colostate.edu to the MTA at mailhost.isse.gmu.edu.

Generation of email

More headers are added by mailhost.isse.gmu.edu:

    Received: from chico.cs.colostate.edu (chico.cs.colostate.edu
        [129.82.45.30]) by mailhost.isse.gmu.edu (8.8.5/8.7.2) with
        ESMTP id LAA20869 for <bob@isse.gmu.edu>; Fri, 18 Jun 2004
        12:24:24 -0400 (EDT)
    Received: from salieri.cs.colostate.edu (salieri.cs.colostate.edu
        [129.82.45.76] by chico.cs.colostate.edu (8.12.10/8.12.9)
        id i5IGMtv0004345
    From: alice@cs.colostate.edu (Alice The Great)
    To: bob@isse.gmu.edu
    Date: Fri, 18 Jun 2004 10:22:55 -0600 (MDT)
    Message-ID: <Pine.GS0.4.58.0406181022460@salieri.cs.colostate.edu>
    X-Mailer: Pine v2.32
    Subject: Conference call today?

Examining email headers

Examining ‘Received’ header

Received: from chico.cs.colostate.edu (chico.cs.colostate.edu [129.82.45.30]) by mailhost.isse.gmu.edu (8.8.5/8.7.2) with ESMTP id LAA20869 for <bob@isse.gmu.edu>; Fri, 18 Jun 2004 12:24:24 -0400 (EDT)
Received:
    from chico.cs.colostate.edu (chico.cs.colostate.edu [129.82.45.30])
    by mailhost.isse.gmu.edu (8.8.5/8.7.2)
    with ESMTP
    id LAA20869
    for <bob@isse.gmu.edu>;
    Fri, 18 Jun 2004 12:24:24 -0400 (EDT)

Examining ‘Received’ header (2)

    Received: from chico.cs.colostate.edu
        (chico.cs.colostate.edu [129.82.45.30])

This piece of mail was received from a machine calling itself chico.cs.colostate.edu which is really named chico.cs.colostate.edu and has the IP address 129.82.45.30.

Single most important piece of information for tracing email.

Examining ‘Received’ headers (3) by

receiving-host-name (software version number)

    by mailhost.isse.gmu.edu (8.8.5/8.7.2)

The machine that received the email was mailhost.isse.gmu.edu It’s running software with version. 8.8.5/8.7.2

Examining ‘Received’ headers (4)

with (protocol) ID (server-assigned-id)

    with ESMTP ID LAA20869

The machine that received the mail was running ESMTP The machine assigned the identifier number LAA20869. The system administrator needs to have this ID number to look up the message in the machine’s log files — no other use for this ID number.

Examining ‘Received’ headers (5)

for (<recipient’s email address>);

    for <bob@isse.gmu.edu>;

The email was addressed to bob@isse.gmu.edu.

Note — This header is not related to the email address provided in the To: header line

date-time

    Fri, 18 Jun 2004 12:24:24 -0400 (EDT)

This mail transfer occurred on Friday, 18 June, 2004 at 12:24:24 Eastern Daylight Time which is 4 hours behind Greenwich Mean Time.

Examining Received headers (6)

    Received: from chico.cs.colostate.edu (chico.cs.colostate.edu
        [129.82.45.30]) by mailhost.isse.gmu.edu (8.8.5/8.7.2)
        with ESMTP id LAA20869 for <bob@isse.gmu.edu>;
        Fri, 18 Jun 2004 12:24:24 -0400 (EDT)
    Received: from salieri.cs.colostate.edu (salieri.cs.colostate.edu
        [129.82.45.76] by chico.cs.colostate.edu (8.12.10/8.12.9)
        id i5IGMtv0004345
    From: alice@cs.colostate.edu (Alice The Great)
    To: bob@isse.gmu.edu
    Date: Fri, 18 Jun 2004 10:22:55 -0600 (MDT)
    Message-ID: <Pine.GS0.4.58.0406181022460@salieri.cs.colostate.edu>
    X-Mailer: Loris v2.32
    Subject: Conference call today?

Examining other portions of email header

    From: alice@cs.colostate.edu (Alice The Great)
    To: bob@isse.gmu.edu
    Date: Fri, 18 Jun 2004 10:22:55 -0600 (MDT)

Addresses

Addresses have several forms:

FormExample
addressbbag@shire.example
name <address>Bilbo Baggins <bbag@shire.example>
address (name)bbag@shire.example (Bilbo Baggins)

Examining other portions of email header

    Message-ID: <Pine.GS0.4.58.0406181022460@salieri.cs.colostate.edu>
  • The email was provided with this number by chico.cs.colostate.edu to identify it.
    • This ID is different from the ESMTP / SMTP ID numbers in the Received: headers
    • It is attached to the message for life
    • Sometimes this ID may provide a valuable clue, but most of the time it is unintelligible
      • information about sender’s email address
      • information about the machine on which the email was composed
      • Email program used to compose email

Examining other portions of email header

    X-Mailer: Pine v2.32
  • The message was sent using a program called Pine, version 2.32
    Subject: Conference Call Today?
  • Subject matter for the email

There can be many other header fields in the email header, like Bcc, Cc etc. For the most part these do not contribute for email tracing purposes. For complete list of header fields, see RFC 2076.

Simple Mail Transfer Protocol

Transcript of SMTP connection between Alice’s mail server and Bob’s

S: 220 mailhost.isse.gmu.edu ESMTP Sendmail 8.8.5/1.4/8.7.2/1.13; Fri, 18 Jun 2004 12:24:24 -0400 (EDT)
C: HELO mailhost.isse.gmu.edu
S: 250 Hello chico.cs.colostate.edu, pleased to meet you
C: MAIL FROM: <alice@cs.colostate.edu>
S: 250 alice@cs.colostate.edu … Sender ok
C: RCPT TO: bob@isse.gmu.edu
S: 250 bob@isse.gmu.edu … Recipient ok
C: DATA
S: 354 Enter mail, end with “.” on a line by itself
C: Received: from salieri.cs.colostate.edu (salieri.cs.colostate.edu [129.82.45.76] by ….
C: …
C: Subject: Conference Call Today?
C:
C: Are we having the conference call today?
C: .
S: 250 LAA20869 Message accepted for delivery
C: QUIT
S: 221 hamburger.edu closing connection

SMTP Commands

Understanding SMTP commands

HELO hostname

Understanding SMTP commands

MAIL FROM: addr

Understanding SMTP commands

RCPT TO: addr

Understanding SMTP commands

DATA

Understanding SMTP commands

QUIT

POP3 / IMAP / HTTP Protocols

Email relays

Things to be aware of

Things to be aware of

Things to be aware of

Mail Policies

  1. Privacy Policy
  2. Namespaces
  3. Reliability
  4. Scaling
  5. Security

Privacy Policy

Namespaces

Reliability

Scalability

Security

Intercepting e-mail

How will you respond, when …

Policies!

😱