This paper discusses Simple Mail Transfer Protocol (SMTPD), which is one of the most popular mail protocol daemons for sending email across networks. Highlights its purpose and usefulness to the network system, limitations in terms of security flaws and capability, and explores the necessary steps taken to reduce such imperfections.

The layers in the OSI or network model in the networking system use different protocols to communicate with their counterpart services on the receiving node of the network. For example, transferring files across the Internet is mostly done using the File Transfer protocol (FTP); Network drives use Network File System (NFS) protocol; the World Wide Web on the Internet uses hypertext transfer protocol (HTTP); and sending email across the network is done using the simple mail transfer protocol (SMTP), which operates at the session layer will be explored further in the following paragraphs (Arregoces & Portolani, 2004, Rosen et al 2007). 

Simple Mail Transfer Protocol (SMTPD) is a protocol in the TCP/IP suite that is used to send and receive e-mail over a network and the Internet. Windows-based, Unix/Linux, NetWare, and Mac operating systems exchange email over TCP/IP through SMTP. SMTP is a client and server process aiming at providing reliable message transport. Mail systems that use SMTP as a default included in the in operating systems are Microsoft Express on Windows, Ximian Evolution Mail in Red Hat Linux 9.x, and Mail in Mac OS X. And the many servers used for processing SMTP mail messages include SuSE Linux Open Exchange Server, Eudora, Mailtraq, among others. While the Canadian and European equivalent to SMTP is the X.400 protocol.

Pioneered by Jonathan B. Postel in 1982 as an alternative to FTP for sending a file from one computer system to another, SMTP does not require the use of a logon ID and password for the remote system but an e-mail address for the source and destination (Palmer, 2004). Other merits of SMTP are its popularity, therefore, its highly supported on many platforms by many vendors, low implementation and administrative costs, and has a fairly simple addressing scheme. However, it lacks some of the capabilities its counterpart X.400 has, such as high-level security specifications, and its simplicity makes it vulnerable to attacks (Siyan, 2002).

SMTP follows TCP/IP standards for e-mail systems. SMTP is sent within TCP, which provides basic connection oriented reliability (Garfinkel & Spafford, 2002, Palmer, 2004). For example, if the sending device is transmitting a SMTP mail communication via its TCP port 25, the destination device uses the same port to receive the communication. Therefore, the deployment of SMTP requires an SMTP-compatible e-mail application at the sending and receiving nodes (Garfinkel & Spafford, 2002, Palmer, 2004). SMTP applications designate a server as a central mail gateway for connecting workstation and processing e-mail distribution through a queue in a file directory or print spooler. The queue serves as a ‘post office’, or domain, for users that connect to the server. Users can log on to the server to obtain their messages, or the server can forward messages to its clients.

A client starts SMTP session by issuing the either HELO or EHLO command for the older and newer client SMTP systems respectively. If the SMTP server supports the SMTP service extensions it will give a successful response, a failure response, or an error   response (Klensin, 2001, Postel, 1982). When a client has an email to send, it uses the TCP port 25. The message is sent to an SMTP server that must have the TCP port 25 open. When a connection is established, a request/response exchange develops.  Once the SMTP server accepts the information exchange, the client sends the message content. The e-mail daemon watching port 25, accepts the incoming connections, and copies the messages to the appropriate mailbox.

Messages sent through SMTP have two parts: an address header and the message text. Both are encoded in 7-bit ASCII format. The address header can be very long because it contains the address of every SMTP node through which the email has traveled and a date stamp for every transfer point. If the receiving node is unavailable, SMTP can wait for a period of time and resend the message again, then sends it back to the sender if it completely fails to establish connection (Palmer, 2004). Further, an SMTP connection is terminated when the client sends a QUIT command.  The server responds with a positive reply code, after which it closes the connection (Postel, 1982).

This points to some of the weaknesses of SMTP. That is, although it is reliable in facilitating email messages to be sent over a network as its ultimate function, it remotely provides the means of storing and retrieving email. Therefore, SMTP enlists the services of Post Office Protocol (POP) and Internet Message Access Protocol (IMAP) to enable emails to be received and stored on SMTP server, as a result, allowing clients to obtain their messages (Rosen et al, 2007).

Furthermore, as mentioned earlier, the simplicity of SMTP and lack of security makes it susceptible to email attacks by altering the DNS server information and direct use of its and-line email tools against it. An attacker gaining access locally or remotely to the DNS server can modify the DNS server records created for the server, enabling him/her to disrupt information flow, and /or screen all mail in transit. This is a form of man-in-the-middle attack. Since the command-line options are built into the system in Unix/Linux, the attacker can use Unix vi and Emacs editors to create malicious code and format it as he/she wishes and then use the mail user agent, message transfer agent, and local delivery agent mail programs deliver the attack. Spam (unsolicited email) is common too. This is worse when open SMTP relay servers are used, because it not only accepts the emails but also resends them to servers without restrictions.

Some of the above security flaws have been addressed and some are a working progress. E-mail encryption and certification are some of the most effective ways of ensuring privacy of messages as they are being transmitted. This can be done through secure multipurpose Internet mail extensions (S/MIME) and pretty good privacy (PGP) tools (Garfinkel & Spafford, 2002). Ximian Evolution Mail in Red Hat Linux 9.x can be configured to use PGP security or GnuPG (GPG)  (Palmer 2004); however, PGP does not use IDEA encryption but rather Twofish, Blowfish, Tiger etc. Other ways include, scanning emails using antivirus software, and deleting attachments from unknown users, and training users about the importance of e-mail security i.e. filtering and deleting unsolicited emails.



References:

Arregoces, M. & Portolani, M. (2004). Data Center Fundamentals Cisco Press.

Garfinkel, S. & Spafford, G (2002). Web Security, Privacy, & Commerce: 2nd Ed. O'Reilly

Palmer, M. (2004). Guide to Operating Systems Security.  Massachusetts: Thomson Course Tech

Rosen, K., Host, D., Farber, J., and Rosinski, R. (2007). UNIX: The complete Reference. 2nd Edition. McGraw-Hill, (Rosen et al, 2007).

Stair R., Reynolds, G. (2006). “Principles of Information Systems, 7th Ed.” Massachusetts: Thomson Course Tech

Postel, Jonathan B
Retrieved January 28, 2007
http://www.freesoft.org/CIE/RFC/821/index.htm

Klensin, J. Editor, 2001. Simple Mail Transfer Protocol. AT&T Laboratories, April 2001
Retrieved January 29, 2007 from http://www.ietf.org/rfc/rfc2821.txt

Karanjit S. Siyan, 2002. The SMTP, POP, and IMAP Protocols
Retrieved Feb 1, 2007 from http://www.informit.com/articles/article.asp?p=25759&rl=1