Course: CISC856: TCP/IP and Upper Layer Protocols

SMTP - CISC856: TCP/IP and Upper Layer Protocols

Ezra Kissel [

Due: Tuesday, Nov. 8, 2005

Note: As in previous homework, replace tcpdump with Ethereal where desired. Ethereal will nicely decode the SMTP commands in its output making annotation much easier.

1.  Read chapter 20 in Farouzan and complete the on-line quiz. Submit results to Prof. Amer.

Turn in answers to exercises 1-8 and 10-12 at the end of the chapter.

2.  Telnet into a SMTP server

In this exercise we connect directly to an MTA to send a message using SMTP and see what happens in such a transfer.

1.  Open two X-terms on your terminal.

2.  One of them is your client machine and the other will be your data collection machine and your server will be the host you are sending the mail to.

3.  Start a script in both the client x-term and the data collection machine x-term.

4.  Run tcpdump on the data collection machine x-term by making it listen to connections between your machine (e.g.: stimpy.cis.udel.edu) and the SMTP server mail.udel.edu you are connecting to over port 25.

5.  In the client window: telnet mail.udel.edu 25

6.  A TCP connection is established and the SMTP server responds with the first message of the ‘application handshake’ once the connection is established.

7.  Type

HELO [your host name]

8.  After the response from the server type

MAIL FROM: [your cis email address]

9.  The next step is to identify the recipient of the email with

RCPT TO: [recipient email address]

Send a carbon copy of the email to Ezra.

RCPT TO:

10.  Once all of your recipients have been specified, type

DATA

to begin sending the body of your email. Be sure to add appropriate message headers so the receiver will get a meaningful message.

11.  To complete the message, type a ‘.’ on a line by itself.

12.  Type QUIT to end your SMTP session.

13.  Exit both your client and the data collection machine scripts.

In your client output, show the server responses and the client responses distinctly. Can you follow how the handshaking is taking place and the meaning of the server responses?

In the tcpdump output, write next to each line of output, the corresponding server or client output that data represents. For example: write next to the line in the trace whether it belongs to a 250 response from the server or belongs to a HELO message from the client.

Also make a note of the number of bytes that are being sent as part of the body of the message on your tcpdump output.

Deliverables:

Neatly annotated client script, tcpdump or Ethereal output.

1.1 What do you think will happen if in step 8, instead of typing your address, you entered someone else’s address? Give it a try and make sure that the recipient address is your cis address and that a carbon copy goes to Ezra.

Now, read your cis email using the mail command and find the locally stored copy.

1.  Type mail at the prompt and it will list all the messages that are in your inbox.

2.  Type the number of the email message that was just sent, at the ‘&’ prompt.

3.  Quit from the mail command using by typing ‘q’ at the ‘&’ prompt.

4.  The message just read is stored in a file called ‘mbox’.

5.  Open the file mbox, which should be in your home directory.

6.  It should contain the last message you read along with all the header information. Note the header information is also stored as part of storing this message. Copy the header information into a new file.

Is there any way to determine whether or not a sender really is who they say they are by just examining the full header?

Deliverables:

The file containing the header information and the answer to the above questions.

3.  SMTP AUTH and Base64 Encoding

As an SMTP extension, AUTH allows an MTA to permit certain operations to known users as opposed to allowing them for everyone. An organization’s email server may want to accept all mail destined for its domain, but not allow just anyone to connect and relay mail (open relay). We will look at the AUTH PLAIN authenticator in this exercise.

The server ezra.homelinux.com is configured to allow AUTH without first negotiating underlying encryption (STARTTLS). Why is this almost always a very bad idea? Since we are using SMTP service extensions (ESMTP) in this exercise, the initial HELO command must be replaced with EHLO. This lets both the client and server know that either side may use SMTP extensions during the transaction.

Use the script command or just copy your terminal buffer to a file to turn-in as you complete this exercise.

a.  Telnet to ezra.homelinux.com on port 25. Issue an EHLO [hostname]. What authenticators are being advertised? What is the maximum message size allowed?

b.  Try sending a message as in exercise 2. You will notice that only mail intended for the local domain will be accepted. Any other domains will first require authentication.

The PLAIN authentication mechanism will accept a base64-encoded password in the following format where <NUL> is the US-ASCII NUL character:

<NUL>[auth identity]<NUL>[clear-text password]

ex. <NUL>jim<NUL>mypass

Note: Base64-encoded messages may be suffixed by one or two ‘=’ as padding if the last 24-bit block is not completely filled, e.g. AGV6cmEAYg==. For simplicity, the encoding required below does not need a suffix.

(See Table 20.3 in Forouzan for a Base64-encoding table.)

To allow relaying on ezra.homelinux.com, the MTA will require a valid username and password. You may use username: cis856 and password: smtp for this exercise.

a.  Connect to the server as in part a above.

b.  Before attempting to send a message, first authenticate to the server. You will need to have encoded the username and password from above into a valid base-64 authentication string.

Type AUTH PLAIN [base64-encoded auth string]

e.g. AUTH PLAIN AGV6cmEAYg==

c.  If everything went correctly, you should see a server response that looks like ‘235 Authentication succeeded’.

d.  Now try sending a message to your cis account and CC Ezra.

Deliverables:

The script containing the full SMTP transactions and the base-64 encoded authentication string. Answers to the above questions.

4.  Using IMAP

Use the script command or just copy your terminal buffer to a file to turn-in as you complete this exercise.

a.  In a terminal window, telnet into mail.udel.edu. The port number for IMAP is 143, so make sure you telnet into that port. Also, try telnetting into louie.udel.edu at port 143. What happens and why do you think this happens?

b.  A TCP connection is established between the client and the IMAP server. The IMAP server responds with the first message, a ‘greeting’ once the connection is established.

c.  Login to the server. Type

a01 login <username> <password>

Note: Your password will appear and be transferred in plain text. You may want to change it for the purpose of this exercise

d.  Let’s list your folders. Type

a02 list “” “*”

e.  To select a folder, Type

a03 select “[folder name]”

f.  What is the purpose of a01, a02, etc.? Must they always be the same and are they required?

g.  Find the IMAP command to list message headers. List the headers of two messages within a currently selected folder.

h.  Now modify the above commands so that it returns the text of the two messages. The results of these commands should appear in your output.

Deliverables:

IMAP transaction scripts and the answers to the above questions.