Chapter 1 Operation of Email
1. Basic structure of Internet TCP / IP
Today's Internet (INTERNET) is the APARNET established in 1969. One thing in the history of Internet development is to formally convert to the network of TCP / IP protocols on January 1, 1983. It is the emergence of TCP / IP, which has enabled the Internet to develop rapidly in the world and have today's scale. According to the TCP / IP protocol, the Internet is divided into 4 layers, plus the bottom hardware layer is 5 layers:
Physical layer: Corresponding to the basic hardware of the network, this is also the physical composition of Internet, that is, the hardware devices we can see, such as PC, interconnect servers, network devices, etc., must make a specification for the electrical characteristics of these hardware devices, These devices can be connected to each other and are compatible. Network Interface Layer: It defines the procedures for forming the correct frame and the procedures for transmitting frames in the network, and the frame refers to a string of data, which is the unit transmitted in the network.
Internet layer: This layer defines the "packet" format transmitted in the Internet, and from one or more routers to the final target "packet" forwarding mechanism.
Transport layer: Establish, manage, and demolish reliable and efficient end-to-end connections between two user processes.
Application layer: It defines the procedure for the application using the internet. Email SMTP protocol is built at this layer. The core layer of the Internet is a network layer and a transport layer, and the corresponding core protocol is an IP protocol and TCP protocol. The main functions of the IP protocol include unconnected datagram issued, data report findings, and error processing. The IP protocol is characterized by point-to-point, and communication between IP peers is not passed through the intermediate machine, and the machine where the peer-to-peer entity is located in the same physical network, and there is a direct physical connection between the peer machine. The main function of the IP layer is to block the difference in the physical layer below, and provide a consistent data format up to the upward layer. All data to be transmitted, is transmitted in accordance with a certain format packet package layer IP datagram, and the data report unit is transmitted by a mechanism such as a diameter, and the receiver datagram is reorganized to obtain the data initially transmitted. Since the IP protocol is an unreliable data transfer protocol, data loss occurs due to network congestion, so the Internet must also have certain control retransmission mechanisms, this is the error and control packet protocol (ICMP) . Although the computer ensures that the IP software is installed, it ensures that the computer can send and receive data, but the IP protocol still does not resolve the problem that the data packet may occur during the transmission process. Therefore, to solve the possible problems, the TCP protocol is also required to provide reliable and error-free communication services. The TCP protocol is referred to as a end-to-end protocol. This is because it plays an important role for the connection between the two computers: When a computer is connected to another remote computer connection, the TCP protocol will make them establish a connection, send and receive data, and terminate the connection. The Transmission Control Protocol TCP protocol uses the resend technology and the congestion control mechanism to provide a reliable communication connection to the application so that it can automatically adapt to various changes. Even in the case where the Internet temporarily occurs, TCP can guarantee the reliable communication of communication. Internet is a huge international network. The crowds and idle time on the Internet are always alternate, and the distance between the delivery is also nearly different, so The time used to transmit data will also change. The TCP protocol has the function of automatically adjusting the "timeout value", which can well adapt to a variety of changes on the Internet to ensure the correct transmission value.
The IP protocol only guarantees that the computer can send and receive packet data, and the TCP protocol provides a reliable, flowable, full-duplex information streaming service. While IP and TCP have the same functionality, it can be used separately, but they are designed as an agreement in the same period, and are functionally complementary. Only the combination of both can guarantee that Internet is running normally in a complex environment. Any computer to connect to the Internet must install and use these two protocols, so the two protocols are commonly referred to as TCP / IP protocols. In addition to the TCP protocol and IP protocol, the TCP protocol and IP protocol include the ARP / RARP protocol between the physical interface and the IP layer, the FTP protocol, SMTP protocol, SMTP protocol, and the BootP protocol of the IP layer, and the protocol used to constitute the TCP / IP protocol for INTENET. Family. 2. SMTP's basic structure
The SMTP (Simple Mail Transfer Protocol) protocol is to ensure reliable and efficient transfer of emails. The application layer of the TCP / IP protocol contains the SMTP protocol, but in fact it is independent of the transmission system and mechanism, only one reliable data flow path is required. It can work on TCP or operate on NCP, NITS and other protocols. On TCP, it uses port 25 to transmit. An important feature of SMTP is that you can forward messages in an interactive communication system.
2.1 SMTP model SMTP provides a mechanism for mail transmission. When the recipience and sender are on a network, you can pass the email directly to the other party; when both parties are not in the same network, they need to pass one or Several intermediate servers forward. The SMTP first applies by the sender, requiring two-way communication channels with the receiver SMTP, and the recipient can be the final recipient or a server that is intermediate forwarded. After the recipient server confirms that the connection can be established, the double hair can start communication. The following is a model diagram of SMTP.
The sender SMTP is the mail command to the recipient, telling the identity of the sender; if the recipient accepts, it will answer OK. The sender then issues the RCPT command to inform the recipient's identity, the recipient SMTP confirms whether to receive or forward, if the consent will answer OK; then you can transfer data. During the communication, the sender SMTP and the recipient SMTP uses a conversational interaction mode, the sender's request, the recipient is confirmed, and the next action will be performed after confirmation. The entire process is controlled by the sender, sometimes it is necessary to confirm a few times.
In order to ensure the valid of the reply command, the SMTP requires the sender to provide the receiver server and email. The command and reply of the message have a strict syntax definition, and reply has the corresponding digital code. All commands consist of the ASCII code. Command code is case sensitive, such as Mail and Mail, Mail are equivalent.
2.2 SMTP's basic command SMTP defines 14 commands, they are:
Helo
Mail - This command is used to start sending the email, which follows the sender email address (return to the email address). It is also used to send failed notifications when mail cannot be delivered. To ensure the successful delivery of the mail, the address of the sender should be accepted by the other party or the intermediate forwarding party. This command will empty the relevant buffer and prepare for the new email.
RCPT - This command tells the recipient's mailbox. When there are multiple recipients, you need to use this command multiple times, you can only specify one person at a time. If the recipient server does not agree to forward the message of this address, it must report the 550 error code to notify the sender. If the server agrees forward, it wants to change the mail transmission path and replace the first destination (the server) to the next server.
DATA - The recipient uses the data after the command as the transmitted data. Data is added to the data buffer to end the data in the row of "
REST - This command is used to notify the recipient reset, all the recipient data of the buffer, the sender data, and the data to be transmitted must be cleared, and the reception must answer OK.
NOOP - This command does not affect any parameters, just requires reception to reply OK, and does not affect the data of the buffer.
Quit - SMTP requires reception to answer OK, then interrupt transmission; before receiving this command and answer OK, the recipient shall not interrupt the connection, even if the transmission is incorrect. The sender shall not interrupt the connection before issuing this command and receives the OK answer.
Below is the code and meaning used in SMTP replies:
500 Syntax error, command unrecognized [This may include errors such as command line too long] 501 Syntax error in parameters or arguments502 Command not implemented503 Bad sequence of commands504 Command parameter not implemented211 System status, or system help reply214 Help message [Information on how to use the receiver or the meaning of aparticular non-standard command; this reply is useful only to the human user] 220
S: Mail from:
Email has a similar place to ordinary mail, sending the sender to the recipient's name and address (ie, the email address), the sender server transmits the message to the recipient server, the recipient server will send the message to the recipient People's mailbox. As shown below:
Further explanation involves the following concepts:
MUA - Mail User Agent, Mail User Agent, help users read and write messages;
MTA - Mail Transport Agent, Mail Transport Agent, is responsible for transmitting mail from a server to another
Mail or email delivery agent;
MDA - Mail Delivery Agent, email delivery agent, put the email in the user's mailbox.
The entire mail transfer process is as follows:
The SMTP protocol currently used is to store forward protocols that means that it allows emails to be sent to the final destination through a series of servers. The server stores the mail arrives in a queue and waits to the next destination. The next destination can be a local user, or another mail server, as shown below.
If the downstream server is temporarily unavailable, the MTA is temporarily saved in the queue and attempts to send later.
4. The header structure and analysis of emails
4.1 The structure of the message is very simple in the highest level, and the structure of the message is very simple. The user sees the mail format seen from the terminal:
1. from: user1@domain1.com
2. TO: user2@domain2.com
3. Subject: Explaination of Mail Format
4. Date: THU, 1 APR 1999. 10:00:00 GMT
5. Hi, Jack
7. This Mail is to explain you the mail format
8. - - - -
9. THANKS
10. Bob 10
Among them, 1 to ~ 4 lines are called the letter header 6 to 10 lines to describe the contents of the letter to express, called the MersSage Body. The 5th line is a space line, and an empty line must be added between the RFC822, the letterhead and the letter must be added. [i] Letter typically contains fields from, to, subject, and date, and some mail also contains fields such as CC, BCC.
4.2 mail letter
In fact, the mail is in the transmission process, the server is packaged into a data object, including the above letters and an envelope. The delivery of the message is the address or envelope header (Envelop Address or Envelop Header) on the envelope, not the address on the letters mentioned above.
From the surface, an email is directly transferred from the sender's machine to the recipient's machine, but it is usually not correct, and an email is transmitted and accepted at least four computers. Refer to the following figure. Users often write a reading email before their computer, and we call it client (Client 1 ~~ 4). Most organizations are used in a special machine, called a mail server (SMTP1, SMTP2). If the user is dialing from the home, then the mail server is ISP. When a user writes a message before his computer client1, then send it to his ISP's mail server SMTP1. At this point, her machine has completed all the work, but the mail server SMTP1 must also think of the email to the destination. SMTP1 is found by reading the address on the letterhead or envelope, finds the recipient to recognize the mail server SMTP2, then connect to the server, send mail to the recipient's server, and wait for the recipient to read.
Below we will explain the entire mail transfer process and the message change of the message through an example. Assuming the name of the sender called Sender, the email address is the computer name used by sender@domain1.com called Client1, the IP address is [111.11.1.1] (assuming address). The name of the recipient called Receipt, the email address is receipt@domain2.com, the name of the computer used by the computer called Client2, the IP address is [222.22.2.2] (assuming address). When the mail editing is sent to its mail server mail.domain1.com, the message's letter format is:
From: sender@domain1.com
To: receipt@domain2.com
Date: Tue, Mar 18 1998 15:36:24 GMT
X-MAILER: Sendmail 8.9.0
Subject: greetings
When the mail server mail.domain1.com transmits the message to the receiver server mail.domain2.com, the recipient server will record the relevant computer information on the letterhead, the message of the message is turned to:
Received: from client1.domain1.com (client1.domain1.com [111.11.1.1]) by mail.domain1.com (8.8.5) ID 004A21; Tue, Mar 18 1998 15: 3 7:24 GMT
From: sender@domain1.com
To: receipt@domain2.com
Date: Tue, Mar 18 1998 15:36:24 GMT
Message-id:
X-MAILER: Sendmail 8.9.0
Subject: greetings
When the recipient server mail.domain2.com receives the email, the message of the message will join the message when the recipient is read.
Received: from mail.domain1.com (mail.domain1.com [111.11.1.0]) by mail.domain2.com (8.8.5 / 8.7.2) with esmtp ID laa20869; tue, mar 18 1998 15:39:44 GMT
Received: from client1.domain1.com (client1.domain1.com [111.1.1.1]) by mail.domain1.com (8.8.5) ID 004A21; Tue, Mar 18 1998 15:37:24 GMT
From: sender@domain1.comto: receipt@domain2.com
Date: Tue, Mar 18 1998 15:36:24 GMT
Message-id:
X-MAILER: Sendmail 8.9.0
Subject: greetings
The entire record will be the full mail letterhead that the recipient sees. Let us take a line into the meaning of each line in the letter:
Received: from mail.domain1.com (mail.domain1.com [111.11.1.0]) by mail.domain2.com (8.8.5 / 8.7.2) with esmtp ID laa20869; tue, mar 18 1998 15:39:44 GMT
This letter is received from a machine that claims to be mail.domain1.com; the IP address of this machine is [111.11.1.0], the real name is the nominal name mail.domain1.com; the receiver machine name Is mail.domain2.com, running the mail server is Sendmail, version (8.8.5 / 8.7.2). The number of the recipient machine to mail is ESMTP ID LAA20869, the received time is Tue, Mar 18 1998 15:39:44 GMT.
Received: from client1.domain1.com (client1.domain1.com [111.1.1.1]) by mail.domain1.com (8.8.5) ID 004A21; Tue, Mar 18 1998 15:37:24 GMT
This record indicates that the letter is handed by the machine client1.domain1.com (IP address is [111.11.1.1]) in Tue, Mar 18 1998 15:37:24 GMT to mail.domain1.com, and assign the number ID 004a21.
From, To, Date and Subject are easy to understand, indicate the sender, recipient, letters editing date and letter theme.
Message-id:
This is the number of the email by the sender mail server. Unlike other numbers, this number will follow the message from start.
Chapter II Open Relay Principles and Tests
1. The principle of ipen relays
Due to technical reasons, the network is not very sound before the 1980s, and there is little way to send emails between machines. People must find a valid connection path, then letters along the path step by step to the destination. . In the SMTP protocol, it is clearly indicated that when the message is transmitted between different networks, it is necessary to use the intermediate server's relay.
The email will have a unhappy third-party server between the recipient and the sender, which is the mail forwarding (RELAY). As shown in the figure below: Mail Server in the figure is to limit messages requiring forward, such as messages from a domain or from some IP messages. If the forwarding does not have any restriction, it is called Open Relay or Third Party Relay. In history, Relay has played an important role. Moreover, these work mainly depends on manual, just like we send a letter through the post office. If I want to send a letter from Shenyang to Shenzhen, I will write a good address of the information in Shenzhen. The post office needs to find the defined delivery route: Shenyang, Beijing, Zhengzhou, Changsha, Guangzhou, Shenzhen. Even still longer. It is very important to understand that every relay station can understand this letter will be sent, who is the next receiving station. In an email, this is equivalent to each relay server, which is the next service, this is the forwarding of the mail. At present, normal mail forwarding is no longer necessary. Instead, unrestricted forwarding people are often used by people who have been sent to spam, hidden real email sources, let others think that they are issued from additional ISP; at the same time, a lot of processing work Transfer to the other machine. Because of the history of the previously mentioned history, most of the mail servers allow Open relays. Today, most of the mail server upgrades have closed Open relays in the default setting, such as startMail from version 8.9.3, and Exchange Server starts to turn off Open relays from version 5.5. Although there is no corresponding upgrade version, there is also a way to turn off the Open recomlay, such as adding a line in the Notes Server profile notes.ini: SMTPMTA_REJECT_RELAYS = 1. However, because many server administrators have no negligence, they are not allowed to repair these security vulnerabilities, they are used to forward spam.
2 How to confirm if the mail server is relay
Suppose IPs to be tested are 202.112.0.0. You can use the following commands to test, the green shave of the article is the feedback of the test mail server:
#telnet 202.112.0.0 25 Trying 202.112.0.0 ... Connected to 202.112.0.0.0.escape character is '^]'. 220 DNS.ccert.edu.cn ESMTP Sendmail 8.11.1 / 8.11.1; Sat, 30 Jun 2001 21:07:10 0800 Helo Mydomain 250 dns.ccert.edu.cn Hello Point.ccert.edu.cn [202.112.50.3], pleased to meet you mail from: Nobody@yahoo.com 250 2.1.0 Nobody @ # Yahoo.com ... sender ok rcpt to: nobody@hotmail.com 550 5.7.1 nobody@hotmail.com ... relaying Denied
The last relaying denied indicates that the server has been safely set, and it will not be reflected again. If the result is displayed below, this indicates that the server can forward anyone's email.
rcpt to: "." nobody@hotmail.com250 nobody@hotmail.com ... Recipient okdata354 Enter mail, end with on a line by itselfthis is a test of the relay.250 VAA00289 Message accepted for delivery, except that the above command line Outside the method, the following link provides a test tool, just enter IP. http://www.abuse.net/relay.html
