One document matched: draft-gellens-notify-mail-02.txt
Differences from draft-gellens-notify-mail-01.txt
Internet Draft: Notify Mail R. Gellens
Document: draft-gellens-notify-mail-02.txt QUALCOMM
Expires: July 2005 January 2005
Simple New Mail Notification
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of RFC 3668.
By submitting this Internet-Draft, I accept the provisions of
Section 3 of RFC 3667 (BCP 78).
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt The list of
Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Copyright Notice
Copyright (C) The Internet Society (2005). All Rights Reserved.
Abstract
This memo documents a long-standing technique, supported by a large
number of mail servers, which allows users to be notified of new
mail. In addition to server support, there are a number of clients
which support this, ranging from full email clients to specialized
clients whose only purpose is to receive new mail notifications and
Gellens Expires July 2005 [Page 1]
Internet Draft Notify Mail January 2005
alert a mail client.
In brief, the technique is for the server to send the string
"nm_notifyuser" CRLF to the finger port on the IP address (either
configured or last used) for the user who has received new mail.
Gellens Expires July 2005 [Page 2]
Internet Draft Notify Mail January 2005
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Conventions Used in this Document . . . . . . . . . . . . . . 3
3. Simple Mail Notification . . . . . . . . . . . . . . . . . . 3
4. Example . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
5. Security Considerations . . . . . . . . . . . . . . . . . . 4
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5
7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . 5
8. Normative References . . . . . . . . . . . . . . . . . . . . 5
9. Informative References . . . . . . . . . . . . . . . . . . . 5
10. Author's Addresses . . . . . . . . . . . . . . . . . . . . . 5
Intellectual Property Statement . . . . . . . . . . . . . . . 5
Full Copyright Statement . . . . . . . . . . . . . . . . . . . 6
Disclaimer . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1. Introduction
There is a long-standing technique supported by a large number of
mail servers which allows users to be notified of new mail. In
addition to server support, there are a number of clients which
support this, ranging from full email clients to specialized clients
whose only purpose is to receive new mail notifications and alert a
mail client. This technique is sometimes known as "notify mail"
(after a shareware client of the same name), sometimes called
"biff", and sometimes the "finger hack".
2. Conventions Used in this Document
In examples, "C:" is used to indicate lines sent by the client, and
"S:" indicates those sent by the server. Line breaks within a
command example are for editorial purposes only. Line breaks in the
protocol are indicated by "CRLF".
3. Simple Mail Notification
The technique is for the server to send the string "nm_notifyuser"
immediately followed by CRLF to the finger port on the IP address
for the user who has received new mail. The finger port is 79.
(Note that only the port for finger is used; the finger protocol
itself is not used.)
The IP address to use may be configured, or the server may use the
IP address that was last used to check mail by the user. Typically
this is a per-account configuration option.
Gellens Expires July 2005 [Page 3]
Internet Draft Notify Mail January 2005
To be useful, on the client system a process must be listening to
the finger port. When it receives the "nm_notifyuser" string, it
takes a configured action, typically instructing a mail client to
fetch mail.
Normally, a TCP connection to the target computer is opened, the
"nm_notifyuser" string is sent, and the connection is closed without
waiting for any response.
In some cases UDP is used instead of TCP, but the default and
general practice is TCP. Even though one a single message in one
direction is sent (with no reply), TCP is used most often, probably
for reliability.
There is an assumption that the client listening on an IP address
only has responsibility for one email account; if a client can check
multiple accounts and receives the "nm_notifyuser" string, it does
not know which account received the mail.
There is a requirement that a finger daemon is not active on the
client.
4. Example
This example assumes that new mail has arrived at server
mail.isp.example.com for account fastness@example.net. The server
has determined an IP address to which notification should be sent.
C: <listens on TCP port 79>
S: <opens TCP connection to IP address port 79>
C: <accepts inbound connection on port 79>
S: nm_notifyuserCRLF
S: <closes TCP connection>
5. Security Considerations
There is of course no assurance that the "nm_notifyuser" message is
being sent to the correct IP address. Nor does the listening agent
on the client system have any assurance that a "nm_notifyuser"
string was sent by a mail server which has received new mail for the
user.
It is trivial for an attacker to send large numbers of
"nm_notifyuser" messages to any targeted system. Client systems
listening for this message SHOULD implement protections against
being flooded with notifications. Many server systems already
implement protections against users logging in and checking mail too
Gellens Expires July 2005 [Page 4]
Internet Draft Notify Mail January 2005
frequently.
Since use of this protocol requires that a port be open with an
agent listening on it, if that agent contains vulnerabilities it may
create a remotely exploitable attack (for example, buffer overflows
permitting an attacker to execute arbitrary code on the client
system with the permissions of the agent). As usual with a process
listening on a port, the process should execute with the least
possible privelege level and access.
6. IANA Considerations
The notify mail hack (and this document) should be included as an
additional usage for port 79.
7. Acknowledgments
The NotifyMail shareware utility was written by Scott Gruby.
8. Normative References
None.
9. Informative References
None.
10. Author's Addresses
Randall Gellens
QUALCOMM Incorporated
6455 Lusk Blvd.
San Diego, CA 92121-2779
USA
randy@qualcomm.Com
Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed
to pertain to the implementation or use of the technology described
in this document or the extent to which any license under such
rights might or might not be available; nor does it represent that
Gellens Expires July 2005 [Page 5]
Internet Draft Notify Mail January 2005
it has made any independent effort to identify any such rights.
Information on the procedures with respect to rights in RFC
documents can be found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use
of such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository
at http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Full Copyright Statement
Copyright (C) The Internet Society (2005). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.
Disclaimer
This document and the information contained herein are provided on
an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE
REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE
INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Gellens Expires July 2005 [Page 6]
| PAFTECH AB 2003-2026 | 2026-04-24 07:33:59 |